All of lore.kernel.org
 help / color / mirror / Atom feed
* tty crash due to auto-failing vmalloc
@ 2017-10-03 22:55 ` Johannes Weiner
  0 siblings, 0 replies; 44+ messages in thread
From: Johannes Weiner @ 2017-10-03 22:55 UTC (permalink / raw)
  To: Michal Hocko
  Cc: Alan Cox, Christoph Hellwig, Andrew Morton, linux-mm,
	linux-kernel, kernel-team

On some of our machines, we see this warning:

	/* switch the line discipline */
	tty->ldisc = ld;
	tty_set_termios_ldisc(tty, disc);
	retval = tty_ldisc_open(tty, tty->ldisc);
	if (retval) {
->		if (!WARN_ON(disc == N_TTY)) {
			tty_ldisc_put(tty->ldisc);
			tty->ldisc = NULL;
		}
	}

where the stack is

tty_ldisc_reinit
tty_ldisc_hangup
__tty_hangup
do_exit
do_signal
syscall

This is followed by a NULL pointer deref crash in n_tty_set_termios,
presumably when it tries to deref that unallocated tty->disc_data.

The only way n_tty_open() can fail is if the vmalloc in there fails.
struct n_tty_data isn't terribly big, but ever since the following
patch it doesn't even *try* the allocation:

commit 5d17a73a2ebeb8d1c6924b91e53ab2650fe86ffb
Author: Michal Hocko <mhocko@suse.com>
Date:   Fri Feb 24 14:58:53 2017 -0800

    vmalloc: back off when the current task is killed
    
    __vmalloc_area_node() allocates pages to cover the requested vmalloc
    size.  This can be a lot of memory.  If the current task is killed by
    the OOM killer, and thus has an unlimited access to memory reserves, it
    can consume all the memory theoretically.  Fix this by checking for
    fatal_signal_pending and back off early.
    
    Link: http://lkml.kernel.org/r/20170201092706.9966-4-mhocko@kernel.org
    Signed-off-by: Michal Hocko <mhocko@suse.com>
    Reviewed-by: Christoph Hellwig <hch@lst.de>
    Cc: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
    Cc: Al Viro <viro@zeniv.linux.org.uk>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

This talks about the oom killer and memory exhaustion, but most fatal
signals don't happen due to the OOM killer.

I think this patch should be reverted. If somebody is vmallocing crazy
amounts of memory in the exit path we should probably track them down
individually; the patch doesn't reference any real instances of that.
But we cannot start failing allocations that have never failed before.

That said, maybe we want Alan's N_NULL failover in the hangup path too?

^ permalink raw reply	[flat|nested] 44+ messages in thread

end of thread, other threads:[~2017-10-07  9:57 UTC | newest]

Thread overview: 44+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-10-03 22:55 tty crash due to auto-failing vmalloc Johannes Weiner
2017-10-03 22:55 ` Johannes Weiner
2017-10-03 23:51 ` Alan Cox
2017-10-03 23:51   ` Alan Cox
2017-10-04  8:33 ` Michal Hocko
2017-10-04  8:33   ` Michal Hocko
2017-10-04 18:58 ` Johannes Weiner
2017-10-04 18:58   ` Johannes Weiner
2017-10-04 18:59   ` [PATCH 1/2] Revert "vmalloc: back off when the current task is killed" Johannes Weiner
2017-10-04 18:59     ` Johannes Weiner
2017-10-04 20:49     ` Tetsuo Handa
2017-10-04 20:49       ` Tetsuo Handa
2017-10-04 21:00       ` Johannes Weiner
2017-10-04 21:00         ` Johannes Weiner
2017-10-04 21:42         ` Tetsuo Handa
2017-10-04 21:42           ` Tetsuo Handa
2017-10-04 23:21           ` Johannes Weiner
2017-10-04 23:21             ` Johannes Weiner
2017-10-04 22:32     ` Andrew Morton
2017-10-04 22:32       ` Andrew Morton
2017-10-04 23:18       ` Johannes Weiner
2017-10-04 23:18         ` Johannes Weiner
2017-10-05  7:57         ` Michal Hocko
2017-10-05  7:57           ` Michal Hocko
2017-10-05 10:36           ` Tetsuo Handa
2017-10-05 10:36             ` Tetsuo Handa
2017-10-05 10:49             ` Michal Hocko
2017-10-05 10:49               ` Michal Hocko
2017-10-07  2:21             ` Tetsuo Handa
2017-10-07  2:21               ` Tetsuo Handa
2017-10-07  2:51               ` Johannes Weiner
2017-10-07  2:51                 ` Johannes Weiner
2017-10-07  4:05                 ` Tetsuo Handa
2017-10-07  4:05                   ` Tetsuo Handa
2017-10-07  7:59                   ` Michal Hocko
2017-10-07  7:59                     ` Michal Hocko
2017-10-07  9:57                     ` Tetsuo Handa
2017-10-07  9:57                       ` Tetsuo Handa
2017-10-05  6:49     ` Vlastimil Babka
2017-10-05  6:49       ` Vlastimil Babka
2017-10-05  7:54     ` Michal Hocko
2017-10-05  7:54       ` Michal Hocko
2017-10-04 18:59   ` [PATCH 2/2] tty: fall back to N_NULL if switching to N_TTY fails during hangup Johannes Weiner
2017-10-04 18:59     ` Johannes Weiner

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.