Re: ppc elf_map breakage with MAP_FIXED_NOREPLACE

From: Michal Hocko <mhocko@kernel.org>
To: Anshuman Khandual <khandual@linux.vnet.ibm.com>
Cc: Michael Ellerman <mpe@ellerman.id.au>,
	akpm@linux-foundation.org, mm-commits@vger.kernel.org,
	linux-kernel@vger.kernel.org, linux-mm@kvack.org,
	linux-fsdevel@vger.kernel.org, linux-next@vger.kernel.org,
	sfr@canb.auug.org.au, broonie@kernel.org
Subject: Re: ppc elf_map breakage with MAP_FIXED_NOREPLACE
Date: Wed, 24 Jan 2018 10:05:39 +0100	[thread overview]
Message-ID: <20180124090539.GH1526@dhcp22.suse.cz> (raw)
In-Reply-To: <2a05eaf2-20fd-57a8-d4bd-5a1fbf57686c@linux.vnet.ibm.com>

On Wed 24-01-18 10:39:41, Anshuman Khandual wrote:
> On 01/23/2018 09:36 PM, Michal Hocko wrote:
> > On Tue 23-01-18 21:28:28, Anshuman Khandual wrote:
> >> On 01/23/2018 06:15 PM, Michal Hocko wrote:
> >>> On Tue 23-01-18 16:55:18, Anshuman Khandual wrote:
> >>>> On 01/17/2018 01:37 PM, Michal Hocko wrote:
> >>>>> On Thu 11-01-18 15:38:37, Anshuman Khandual wrote:
> >>>>>> On 01/09/2018 09:43 PM, Michal Hocko wrote:
> >>>>> [...]
> >>>>>>> Did you manage to catch _who_ is requesting that anonymous mapping? Do
> >>>>>>> you need a help with the debugging patch?
> >>>>>>
> >>>>>> Not yet, will get back on this.
> >>>>>
> >>>>> ping?
> >>>>
> >>>> Hey Michal,
> >>>>
> >>>> Missed this thread, my apologies. This problem is happening only with
> >>>> certain binaries like 'sed', 'tmux', 'hostname', 'pkg-config' etc. As
> >>>> you had mentioned before the map request collision is happening on
> >>>> [10030000, 10040000] and [10030000, 10040000] ranges only which is
> >>>> just a single PAGE_SIZE. You asked previously that who might have
> >>>> requested the anon mapping which is already present in there ? Would
> >>>> not that be the same process itself ? I am bit confused.
> >>>
> >>> We are early in the ELF loading. If we are mapping over an existing
> >>> mapping then we are effectivelly corrupting it. In other words exactly
> >>> what this patch tries to prevent. I fail to see what would be a relevant
> >>> anon mapping this early and why it would be colliding with elf
> >>> segements.
> >>>
> >>>> Would it be
> >>>> helpful to trap all the mmap() requests from any of the binaries
> >>>> and see where we might have created that anon mapping ?
> >>>
> >>> Yeah, that is exactly what I was suggesting. Sorry for not being clear
> >>> about that.
> >>>
> >>
> >> Tried to instrument just for the 'sed' binary and dont see any where
> >> it actually requests the anon VMA which got hit when loading the ELF
> >> section which is strange. All these requested flags here already has
> >> MAP_FIXED_NOREPLACE (0x100000). Wondering from where the anon VMA
> >> actually came from.
> > 
> > Could you try to dump backtrace?
> 
> This is when it fails inside elf_map() function due to collision with
> existing anon VMA mapping.

This is not the interesting one. This is the ELF loader. And we know it
fails. We are really interested in the one _who_ installs the original
VMA. Because nothing should be really there.

It would be also very helpful to translate the backtrace with faddr2line
to get line numbers.

> [c000201c9ad07880] [c000000000b0b4c0] dump_stack+0xb0/0xf0 (unreliable)
> [c000201c9ad078c0] [c0000000003c4550] elf_map+0x2d0/0x310
> [c000201c9ad07b60] [c0000000003c6258] load_elf_binary+0x6f8/0x158c
> [c000201c9ad07c80] [c000000000352900] search_binary_handler+0xd0/0x270
> [c000201c9ad07d10] [c000000000354838] do_execveat_common.isra.31+0x658/0x890
> [c000201c9ad07df0] [c000000000354e80] SyS_execve+0x40/0x50
> [c000201c9ad07e30] [c00000000000b220] system_call+0x58/0x6c

-- 
Michal Hocko
SUSE Labs