linux-mm.kvack.org archive mirror
 help / color / mirror / Atom feed
From: Naresh Kamboju <naresh.kamboju@linaro.org>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: linux- stable <stable@vger.kernel.org>,
	open list <linux-kernel@vger.kernel.org>,
	 linux-mm <linux-mm@kvack.org>, Arnd Bergmann <arnd@arndb.de>,
	 Andrew Morton <akpm@linux-foundation.org>,
	Roman Gushchin <guro@fb.com>,  Michal Hocko <mhocko@kernel.org>,
	lkft-triage@lists.linaro.org,  Chris Down <chris@chrisdown.name>,
	Michel Lespinasse <walken@google.com>,
	 Fan Yang <Fan_Yang@sjtu.edu.cn>,
	Brian Geffon <bgeffon@google.com>,
	 Anshuman Khandual <anshuman.khandual@arm.com>,
	Will Deacon <will@kernel.org>,
	 Catalin Marinas <catalin.marinas@arm.com>,
	pugaowei@gmail.com,  Jerome Glisse <jglisse@redhat.com>,
	Joel Fernandes <joel@joelfernandes.org>,
	 Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	Mel Gorman <mgorman@techsingularity.net>,
	 Hugh Dickins <hughd@google.com>,
	Al Viro <viro@zeniv.linux.org.uk>, Tejun Heo <tj@kernel.org>,
	 Sasha Levin <sashal@kernel.org>
Subject: Re: WARNING: at mm/mremap.c:211 move_page_tables in i386
Date: Fri, 10 Jul 2020 23:18:03 +0530	[thread overview]
Message-ID: <CA+G9fYudT63yZrkWG+mfKHTcn5mP+Ay6hraEQy3G_4jufztrrA@mail.gmail.com> (raw)
In-Reply-To: <CAHk-=wgB6Ds6yqbZZmscKNuAiNR2J0Pf3a8UrbdfewYxHE7SbA@mail.gmail.com>

On Fri, 10 Jul 2020 at 10:55, Linus Torvalds
<torvalds@linux-foundation.org> wrote:
>
> On Thu, Jul 9, 2020 at 9:29 PM Naresh Kamboju <naresh.kamboju@linaro.org> wrote:
> >
> > Your patch applied and re-tested.
> > warning triggered 10 times.
> >
> > old: bfe00000-c0000000 new: bfa00000 (val: 7d530067)
>
> Hmm.. It's not even the overlapping case, it's literally just "move
> exactly 2MB of page tables exactly one pmd down". Which should be the
> nice efficient case where we can do it without modifying the lower
> page tables at all, we just move the PMD entry.
>
> There shouldn't be anything in the new address space from bfa00000-bfdfffff.
>
> That PMD value obviously says differently, but it looks like a nice
> normal PMD value, nothing bad there.
>
> I'm starting to think that the issue might be that this is because the
> stack segment is special. Not only does it have the growsdown flag,
> but that whole thing has the magic guard page logic.
>
> So I wonder if we have installed a guard page _just_ below the old
> stack, so that we have populated that pmd because of that.
>
> We used to have an _actual_ guard page and then play nasty games with
> vm_start logic. We've gotten rid of that, though, and now we have that
> "stack_guard_gap" logic that _should_ mean that vm_start is always
> exact and proper (and that pgtbales_free() should have emptied it, but
> maybe we have some case we forgot about.
>
> > [  741.511684] WARNING: CPU: 1 PID: 15173 at mm/mremap.c:211 move_page_tables.cold+0x0/0x2b
> > [  741.598159] Call Trace:
> > [  741.600694]  setup_arg_pages+0x22b/0x310
> > [  741.621687]  load_elf_binary+0x31e/0x10f0
> > [  741.633839]  __do_execve_file+0x5a8/0xbf0
> > [  741.637893]  __ia32_sys_execve+0x2a/0x40
> > [  741.641875]  do_syscall_32_irqs_on+0x3d/0x2c0
> > [  741.657660]  do_fast_syscall_32+0x60/0xf0
> > [  741.661691]  do_SYSENTER_32+0x15/0x20
> > [  741.665373]  entry_SYSENTER_32+0x9f/0xf2
> > [  741.734151]  old: bfe00000-c0000000 new: bfa00000 (val: 7d530067)
>
> Nothing looks bad, and the ELF loading phase memory map should be
> really quite simple.
>
> The only half-way unusual thing is that you have basically exactly 2MB
> of stack at execve time (easy enough to tune by just setting argv/env
> right), and it's moved down by exactly 2MB.
>
> And that latter thing is just due to randomization, see
> arch_align_stack() in arch/x86/kernel/process.c.
>
> So that would explain why it doesn't happen every time.
>
> What happens if you apply the attached patch to *always* force the 2MB
> shift (rather than moving the stack by a random amount), and then run
> the other program (t.c -> compiled to "a.out").

I have applied your patch and test started in a loop for a million times
but the test ran for 35 times. Seems like the test got a timeout after 1 hour.
kernel messages printed while testing a.out

a.out (480) used greatest stack depth: 4872 bytes left

On other device
kworker/dying (172) used greatest stack depth: 5044 bytes left

Re-running test with long timeouts 4 hours and will share findings.

ref:
https://lkft.validation.linaro.org/scheduler/job/1555132#L1515

- Naresh


  reply	other threads:[~2020-07-10 17:48 UTC|newest]

Thread overview: 25+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-07-09  5:28 WARNING: at mm/mremap.c:211 move_page_tables in i386 Naresh Kamboju
2020-07-09  8:25 ` Arnd Bergmann
2020-07-10  4:17   ` Naresh Kamboju
2020-07-09 19:12 ` Linus Torvalds
2020-07-10  4:28   ` Naresh Kamboju
2020-07-10  5:22     ` Linus Torvalds
2020-07-10 17:48       ` Naresh Kamboju [this message]
2020-07-10 20:05         ` Linus Torvalds
2020-07-11 17:27           ` Naresh Kamboju
2020-07-11 18:12             ` Linus Torvalds
2020-07-11 18:21               ` Linus Torvalds
2020-07-11 23:33               ` Joel Fernandes
2020-07-12 17:30               ` Matthew Wilcox
2020-07-12 20:38                 ` Linus Torvalds
2020-07-12 21:50       ` Joel Fernandes
2020-07-12 22:58         ` Linus Torvalds
2020-07-13  2:53           ` Joel Fernandes
2020-07-13  3:51             ` Linus Torvalds
2020-07-13 12:12               ` Joel Fernandes
2020-07-14  7:33           ` Kirill A. Shutemov
2020-07-14 11:27             ` Naresh Kamboju
2020-07-14 16:08             ` Joel Fernandes
2020-07-14 16:10               ` Linus Torvalds
2020-07-14 18:12                 ` Joel Fernandes
2020-07-14 18:49                   ` Linus Torvalds

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CA+G9fYudT63yZrkWG+mfKHTcn5mP+Ay6hraEQy3G_4jufztrrA@mail.gmail.com \
    --to=naresh.kamboju@linaro.org \
    --cc=Fan_Yang@sjtu.edu.cn \
    --cc=akpm@linux-foundation.org \
    --cc=anshuman.khandual@arm.com \
    --cc=arnd@arndb.de \
    --cc=bgeffon@google.com \
    --cc=catalin.marinas@arm.com \
    --cc=chris@chrisdown.name \
    --cc=gregkh@linuxfoundation.org \
    --cc=guro@fb.com \
    --cc=hughd@google.com \
    --cc=jglisse@redhat.com \
    --cc=joel@joelfernandes.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-mm@kvack.org \
    --cc=lkft-triage@lists.linaro.org \
    --cc=mgorman@techsingularity.net \
    --cc=mhocko@kernel.org \
    --cc=pugaowei@gmail.com \
    --cc=sashal@kernel.org \
    --cc=stable@vger.kernel.org \
    --cc=tj@kernel.org \
    --cc=torvalds@linux-foundation.org \
    --cc=viro@zeniv.linux.org.uk \
    --cc=walken@google.com \
    --cc=will@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).