* [PATCH] /dev/kmem : Debug preadv() progress.
@ 2019-08-12 10:51 Tetsuo Handa
2019-08-12 22:23 ` kbuild test robot
2019-08-12 23:59 ` kbuild test robot
0 siblings, 2 replies; 3+ messages in thread
From: Tetsuo Handa @ 2019-08-12 10:51 UTC (permalink / raw)
To: Andrew Morton
Cc: linux-kernel, Tetsuo Handa, Alexander Viro, Arnd Bergmann,
Greg Kroah-Hartman
syzbot is reporting unkillable thread when reading /dev/mem . To check
whether this is merely due to lack of fatal_signal_pending(current) test
or unexpectedly fallen into infinite loop, add debug printk(). This patch
is intended for linux-next only, and will be removed after the cause is
fixed.
INFO: task syz-executor.4:25539 can't die for more than 143 seconds.
syz-executor.4 R running task 28400 25539 25531 0x80004006
Call Trace:
context_switch kernel/sched/core.c:3265 [inline]
__schedule+0x76e/0x17d0 kernel/sched/core.c:3937
preempt_schedule_irq+0xb5/0x160 kernel/sched/core.c:4185
retint_kernel+0x1b/0x2b
RIP: 0010:copy_user_enhanced_fast_string+0xe/0x20 arch/x86/lib/copy_user_64.S:205
Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 <f3> a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4
RSP: 0018:ffff88808d76fb68 EFLAGS: 00010206 ORIG_RAX: ffffffffffffff13
RAX: 0000000000040000 RBX: ffff8880925be2c0 RCX: 0000000000000c00
RDX: 0000000000001000 RSI: ffffc9000fbb2c00 RDI: ffff8880925beec0
RBP: ffff88808d76fb98 R08: ffff888060288440 R09: ffff8880aa402000
R10: 0000000000000000 R11: ffffea0002496f87 R12: 0000000000001000
R13: 00007ffffffff000 R14: ffffc9000fbb8000 R15: ffff888060288440
read_mem+0xfc/0x2c0 drivers/char/mem.c:163
do_loop_readv_writev fs/read_write.c:714 [inline]
do_loop_readv_writev fs/read_write.c:701 [inline]
do_iter_read+0x4a4/0x660 fs/read_write.c:935
vfs_readv+0xf0/0x160 fs/read_write.c:997
do_preadv+0x1c4/0x280 fs/read_write.c:1089
__do_sys_preadv fs/read_write.c:1139 [inline]
__se_sys_preadv fs/read_write.c:1134 [inline]
__x64_sys_preadv+0x9a/0xf0 fs/read_write.c:1134
do_syscall_64+0xfa/0x760 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x49/0xbe
https://syzkaller.appspot.com/text?tag=CrashLog&x=1469b8a6600000
https://syzkaller.appspot.com/text?tag=CrashLog&x=160a00a6600000
https://syzkaller.appspot.com/text?tag=CrashLog&x=16255326600000
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Alexander Viro <viro@zeniv.linux.org.uk>
---
drivers/char/mem.c | 9 +++++++++
fs/read_write.c | 6 ++++++
2 files changed, 15 insertions(+)
diff --git a/drivers/char/mem.c b/drivers/char/mem.c
index b08dc50..4c0225e 100644
--- a/drivers/char/mem.c
+++ b/drivers/char/mem.c
@@ -140,6 +140,9 @@ static ssize_t read_mem(struct file *file, char __user *buf,
int allowed, probe;
sz = size_inside_page(p, count);
+ if (IS_ENABLED(CONFIG_DEBUG_AID_FOR_SYZBOT) &&
+ fatal_signal_pending(current))
+ printk("read_mem: sz=%ld count=%ld\n", sz, count);
err = -EPERM;
allowed = page_is_allowed(p >> PAGE_SHIFT);
@@ -179,9 +182,15 @@ static ssize_t read_mem(struct file *file, char __user *buf,
kfree(bounce);
*ppos += read;
+ if (IS_ENABLED(CONFIG_DEBUG_AID_FOR_SYZBOT) &&
+ fatal_signal_pending(current))
+ printk("read_mem: read=%ld *ppos=%lld\n", read, *ppos);
return read;
failed:
+ if (IS_ENABLED(CONFIG_DEBUG_AID_FOR_SYZBOT) &&
+ fatal_signal_pending(current))
+ printk("read_mem: err=%d\n", err);
kfree(bounce);
return err;
}
diff --git a/fs/read_write.c b/fs/read_write.c
index 1f5088d..f5c7da1 100644
--- a/fs/read_write.c
+++ b/fs/read_write.c
@@ -710,6 +710,9 @@ static ssize_t do_loop_readv_writev(struct file *filp, struct iov_iter *iter,
struct iovec iovec = iov_iter_iovec(iter);
ssize_t nr;
+ if (IS_ENABLED(CONFIG_DEBUG_AID_FOR_SYZBOT) &&
+ fatal_signal_pending(current))
+ printk("do_loop_readv_writev: iter->count=%ld iovec.iov_len=%ld\n", iter->count, iovec.iov_len);
if (type == READ) {
nr = filp->f_op->read(filp, iovec.iov_base,
iovec.iov_len, ppos);
@@ -717,6 +720,9 @@ static ssize_t do_loop_readv_writev(struct file *filp, struct iov_iter *iter,
nr = filp->f_op->write(filp, iovec.iov_base,
iovec.iov_len, ppos);
}
+ if (IS_ENABLED(CONFIG_DEBUG_AID_FOR_SYZBOT) &&
+ fatal_signal_pending(current))
+ printk("do_loop_readv_writev: nr=%ld\n", nr);
if (nr < 0) {
if (!ret)
--
1.8.3.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] /dev/kmem : Debug preadv() progress.
2019-08-12 10:51 [PATCH] /dev/kmem : Debug preadv() progress Tetsuo Handa
@ 2019-08-12 22:23 ` kbuild test robot
2019-08-12 23:59 ` kbuild test robot
1 sibling, 0 replies; 3+ messages in thread
From: kbuild test robot @ 2019-08-12 22:23 UTC (permalink / raw)
To: Tetsuo Handa
Cc: kbuild-all, Andrew Morton, linux-kernel, Tetsuo Handa,
Alexander Viro, Arnd Bergmann, Greg Kroah-Hartman
[-- Attachment #1: Type: text/plain, Size: 3720 bytes --]
Hi Tetsuo,
I love your patch! Perhaps something to improve:
[auto build test WARNING on linus/master]
[cannot apply to v5.3-rc4]
[if your patch is applied to the wrong git tree, please drop us a note to help improve the system]
url: https://github.com/0day-ci/linux/commits/Tetsuo-Handa/dev-kmem-Debug-preadv-progress/20190813-044328
config: sh-allmodconfig (attached as .config)
compiler: sh4-linux-gcc (GCC) 7.4.0
reproduce:
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# save the attached .config to linux build tree
GCC_VERSION=7.4.0 make.cross ARCH=sh
If you fix the issue, kindly add following tag
Reported-by: kbuild test robot <lkp@intel.com>
All warnings (new ones prefixed by >>):
drivers/char/mem.c: In function 'read_mem':
>> drivers/char/mem.c:145:27: warning: format '%ld' expects argument of type 'long int', but argument 2 has type 'ssize_t {aka int}' [-Wformat=]
printk("read_mem: sz=%ld count=%ld\n", sz, count);
~~^
%d
>> drivers/char/mem.c:145:37: warning: format '%ld' expects argument of type 'long int', but argument 3 has type 'size_t {aka unsigned int}' [-Wformat=]
printk("read_mem: sz=%ld count=%ld\n", sz, count);
~~^
%d
drivers/char/mem.c:187:28: warning: format '%ld' expects argument of type 'long int', but argument 2 has type 'ssize_t {aka int}' [-Wformat=]
printk("read_mem: read=%ld *ppos=%lld\n", read, *ppos);
~~^
%d
vim +145 drivers/char/mem.c
133
134 bounce = kmalloc(PAGE_SIZE, GFP_KERNEL);
135 if (!bounce)
136 return -ENOMEM;
137
138 while (count > 0) {
139 unsigned long remaining;
140 int allowed, probe;
141
142 sz = size_inside_page(p, count);
143 if (IS_ENABLED(CONFIG_DEBUG_AID_FOR_SYZBOT) &&
144 fatal_signal_pending(current))
> 145 printk("read_mem: sz=%ld count=%ld\n", sz, count);
146
147 err = -EPERM;
148 allowed = page_is_allowed(p >> PAGE_SHIFT);
149 if (!allowed)
150 goto failed;
151
152 err = -EFAULT;
153 if (allowed == 2) {
154 /* Show zeros for restricted memory. */
155 remaining = clear_user(buf, sz);
156 } else {
157 /*
158 * On ia64 if a page has been mapped somewhere as
159 * uncached, then it must also be accessed uncached
160 * by the kernel or data corruption may occur.
161 */
162 ptr = xlate_dev_mem_ptr(p);
163 if (!ptr)
164 goto failed;
165
166 probe = probe_kernel_read(bounce, ptr, sz);
167 unxlate_dev_mem_ptr(p, ptr);
168 if (probe)
169 goto failed;
170
171 remaining = copy_to_user(buf, bounce, sz);
172 }
173
174 if (remaining)
175 goto failed;
176
177 buf += sz;
178 p += sz;
179 count -= sz;
180 read += sz;
181 }
182 kfree(bounce);
183
184 *ppos += read;
185 if (IS_ENABLED(CONFIG_DEBUG_AID_FOR_SYZBOT) &&
186 fatal_signal_pending(current))
187 printk("read_mem: read=%ld *ppos=%lld\n", read, *ppos);
188 return read;
189
190 failed:
191 if (IS_ENABLED(CONFIG_DEBUG_AID_FOR_SYZBOT) &&
192 fatal_signal_pending(current))
193 printk("read_mem: err=%d\n", err);
194 kfree(bounce);
195 return err;
196 }
197
---
0-DAY kernel test infrastructure Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
[-- Attachment #2: .config.gz --]
[-- Type: application/gzip, Size: 51784 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] /dev/kmem : Debug preadv() progress.
2019-08-12 10:51 [PATCH] /dev/kmem : Debug preadv() progress Tetsuo Handa
2019-08-12 22:23 ` kbuild test robot
@ 2019-08-12 23:59 ` kbuild test robot
1 sibling, 0 replies; 3+ messages in thread
From: kbuild test robot @ 2019-08-12 23:59 UTC (permalink / raw)
To: Tetsuo Handa
Cc: kbuild-all, Andrew Morton, linux-kernel, Tetsuo Handa,
Alexander Viro, Arnd Bergmann, Greg Kroah-Hartman
[-- Attachment #1: Type: text/plain, Size: 3452 bytes --]
Hi Tetsuo,
I love your patch! Perhaps something to improve:
[auto build test WARNING on linus/master]
[cannot apply to v5.3-rc4]
[if your patch is applied to the wrong git tree, please drop us a note to help improve the system]
url: https://github.com/0day-ci/linux/commits/Tetsuo-Handa/dev-kmem-Debug-preadv-progress/20190813-044328
config: sh-allmodconfig (attached as .config)
compiler: sh4-linux-gcc (GCC) 7.4.0
reproduce:
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# save the attached .config to linux build tree
GCC_VERSION=7.4.0 make.cross ARCH=sh
If you fix the issue, kindly add following tag
Reported-by: kbuild test robot <lkp@intel.com>
All warnings (new ones prefixed by >>):
fs/read_write.c: In function 'do_loop_readv_writev':
>> fs/read_write.c:715:48: warning: format '%ld' expects argument of type 'long int', but argument 2 has type 'size_t {aka unsigned int}' [-Wformat=]
printk("do_loop_readv_writev: iter->count=%ld iovec.iov_len=%ld\n", iter->count, iovec.iov_len);
~~^ ~~~~~~~~~~~
%d
>> fs/read_write.c:715:66: warning: format '%ld' expects argument of type 'long int', but argument 3 has type '__kernel_size_t {aka unsigned int}' [-Wformat=]
printk("do_loop_readv_writev: iter->count=%ld iovec.iov_len=%ld\n", iter->count, iovec.iov_len);
~~^ ~~~~~~~~~~~~~
%d
>> fs/read_write.c:725:39: warning: format '%ld' expects argument of type 'long int', but argument 2 has type 'ssize_t {aka int}' [-Wformat=]
printk("do_loop_readv_writev: nr=%ld\n", nr);
~~^
%d
vim +715 fs/read_write.c
699
700 /* Do it by hand, with file-ops */
701 static ssize_t do_loop_readv_writev(struct file *filp, struct iov_iter *iter,
702 loff_t *ppos, int type, rwf_t flags)
703 {
704 ssize_t ret = 0;
705
706 if (flags & ~RWF_HIPRI)
707 return -EOPNOTSUPP;
708
709 while (iov_iter_count(iter)) {
710 struct iovec iovec = iov_iter_iovec(iter);
711 ssize_t nr;
712
713 if (IS_ENABLED(CONFIG_DEBUG_AID_FOR_SYZBOT) &&
714 fatal_signal_pending(current))
> 715 printk("do_loop_readv_writev: iter->count=%ld iovec.iov_len=%ld\n", iter->count, iovec.iov_len);
716 if (type == READ) {
717 nr = filp->f_op->read(filp, iovec.iov_base,
718 iovec.iov_len, ppos);
719 } else {
720 nr = filp->f_op->write(filp, iovec.iov_base,
721 iovec.iov_len, ppos);
722 }
723 if (IS_ENABLED(CONFIG_DEBUG_AID_FOR_SYZBOT) &&
724 fatal_signal_pending(current))
> 725 printk("do_loop_readv_writev: nr=%ld\n", nr);
726
727 if (nr < 0) {
728 if (!ret)
729 ret = nr;
730 break;
731 }
732 ret += nr;
733 if (nr != iovec.iov_len)
734 break;
735 iov_iter_advance(iter, nr);
736 }
737
738 return ret;
739 }
740
---
0-DAY kernel test infrastructure Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
[-- Attachment #2: .config.gz --]
[-- Type: application/gzip, Size: 51784 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2019-08-12 23:59 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-08-12 10:51 [PATCH] /dev/kmem : Debug preadv() progress Tetsuo Handa
2019-08-12 22:23 ` kbuild test robot
2019-08-12 23:59 ` kbuild test robot
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).