From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751835AbdFUTdo (ORCPT <rfc822;w@1wt.eu>);
        Wed, 21 Jun 2017 15:33:44 -0400
Received: from mx1.redhat.com ([209.132.183.28]:56872 "EHLO mx1.redhat.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1751028AbdFUTdn (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 21 Jun 2017 15:33:43 -0400
DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 8A40D7DCC4
Authentication-Results: ext-mx03.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com
Authentication-Results: ext-mx03.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=oleg@redhat.com
DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 8A40D7DCC4
Date: Wed, 21 Jun 2017 21:33:39 +0200
From: Oleg Nesterov <oleg@redhat.com>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Hugh Dickins <hughd@google.com>,
        kernel test robot <xiaolong.ye@intel.com>,
        Michal Hocko <mhocko@suse.com>, LKML <linux-kernel@vger.kernel.org>,
        LKP <lkp@01.org>
Subject: Re: [lkp-robot] [mm] 1be7107fbe: kernel_BUG_at_mm/mmap.c
Message-ID: <20170621193338.GA29222@redhat.com>
References: <20170621023552.GB32082@yexl-desktop>
 <alpine.LSU.2.11.1706201937340.14450@eggly.anvils>
 <CA+55aFxzdtZ787snPhLhU8+2xUHKd74Som82yRCiFSQVXCNFhA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CA+55aFxzdtZ787snPhLhU8+2xUHKd74Som82yRCiFSQVXCNFhA@mail.gmail.com>
User-Agent: Mutt/1.5.24 (2015-08-30)
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.27]); Wed, 21 Jun 2017 19:33:42 +0000 (UTC)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 06/21, Linus Torvalds wrote:
>
> Hugh, Michal - I also merged Helge's drop-up cleanup, is there
> anything I've missed? I think Oleg had something, but I can't recall
> right now, and I might just have missed it.

Well, I meant, perhaps we need a bit more changes to ensure that a new
GROWSDOWN vma can't come without a gap below. But this is really minor,
we can do this later even if I am right.

However, there is another regression reported by Cyrill. Fixed by the
patch below.

And yes, I think this check should either go away, or we need to make
it more clever.

In short, the vma created by mmap(MAP_GROWSDOWN) does not grow down
automatically, because of this check.

This worked before, because with the stack guard page at ->vm_start
__do_page_fault() hits this expand-stack path only if the stack grows
by more than PAGE_SIZE, now it is called every time. I'll send the
patch tomorrow if nobody else does this before.

Oleg.
---

diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c
index 8ad91a0..edc5d68 100644
--- a/arch/x86/mm/fault.c
+++ b/arch/x86/mm/fault.c
@@ -1416,7 +1416,7 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code,
 		 * and pusha to work. ("enter $65535, $31" pushes
 		 * 32 pointers and then decrements %sp by 65535.)
 		 */
-		if (unlikely(address + 65536 + 32 * sizeof(unsigned long) < regs->sp)) {
+if (0)		if (unlikely(address + 65536 + 32 * sizeof(unsigned long) < regs->sp)) {
 			bad_area(regs, error_code, address);
 			return;
 		}

From mboxrd@z Thu Jan  1 00:00:00 1970
Content-Type: multipart/mixed; boundary="===============0572622834308066847=="
MIME-Version: 1.0
From: Oleg Nesterov <oleg@redhat.com>
To: lkp@lists.01.org
Subject: Re: [lkp-robot] [mm] 1be7107fbe: kernel_BUG_at_mm/mmap.c
Date: Wed, 21 Jun 2017 21:33:39 +0200
Message-ID: <20170621193338.GA29222@redhat.com>
In-Reply-To: <CA+55aFxzdtZ787snPhLhU8+2xUHKd74Som82yRCiFSQVXCNFhA@mail.gmail.com>
List-Id: <oe-lkp.lists.linux.dev>

--===============0572622834308066847==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

On 06/21, Linus Torvalds wrote:
>
> Hugh, Michal - I also merged Helge's drop-up cleanup, is there
> anything I've missed? I think Oleg had something, but I can't recall
> right now, and I might just have missed it.

Well, I meant, perhaps we need a bit more changes to ensure that a new
GROWSDOWN vma can't come without a gap below. But this is really minor,
we can do this later even if I am right.

However, there is another regression reported by Cyrill. Fixed by the
patch below.

And yes, I think this check should either go away, or we need to make
it more clever.

In short, the vma created by mmap(MAP_GROWSDOWN) does not grow down
automatically, because of this check.

This worked before, because with the stack guard page at ->vm_start
__do_page_fault() hits this expand-stack path only if the stack grows
by more than PAGE_SIZE, now it is called every time. I'll send the
patch tomorrow if nobody else does this before.

Oleg.
---

diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c
index 8ad91a0..edc5d68 100644
--- a/arch/x86/mm/fault.c
+++ b/arch/x86/mm/fault.c
@@ -1416,7 +1416,7 @@ __do_page_fault(struct pt_regs *regs, unsigned long e=
rror_code,
 		 * and pusha to work. ("enter $65535, $31" pushes
 		 * 32 pointers and then decrements %sp by 65535.)
 		 */
-		if (unlikely(address + 65536 + 32 * sizeof(unsigned long) < regs->sp)) {
+if (0)		if (unlikely(address + 65536 + 32 * sizeof(unsigned long) < regs->=
sp)) {
 			bad_area(regs, error_code, address);
 			return;
 		}


--===============0572622834308066847==--