From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751869AbdKXCZ2 (ORCPT ); Thu, 23 Nov 2017 21:25:28 -0500 Received: from szxga04-in.huawei.com ([45.249.212.190]:11414 "EHLO szxga04-in.huawei.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751472AbdKXCZ1 (ORCPT ); Thu, 23 Nov 2017 21:25:27 -0500 From: guoxuenan To: , , , , CC: , , , , , , , , Subject: [PATCH] mm,madvise: bugfix of madvise systemcall infinite loop under special circumstances. Date: Fri, 24 Nov 2017 10:27:57 +0800 Message-ID: <20171124022757.4991-1-guoxuenan@huawei.com> X-Mailer: git-send-email 2.9.5 MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 8bit X-Originating-IP: [10.175.124.28] X-CFilter-Loop: Reflected X-Mirapoint-Virus-RAPID-Raw: score=unknown(0), refid=str=0001.0A090204.5A178228.007A,ss=1,re=0.000,recu=0.000,reip=0.000,cl=1,cld=1,fgs=0, ip=0.0.0.0, so=2014-11-16 11:51:01, dmn=2013-03-21 17:37:32 X-Mirapoint-Loop-Id: bf19a28ea7e01edfc01fe0ba2729501d Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: chenjie The madvise() system call supported a set of "conventional" advice values, the MADV_WILLNEED parameter will trigger an infinite loop under direct access mode(DAX). In DAX mode, the function madvise_vma() will return directly without updating the pointer [prev]. For example: Special circumstances: 1、init [ start < vam->vm_start < vam->vm_end < end ] 2、madvise_vma() using MADV_WILLNEED parameter ; madvise_vma() -> madvise_willneed() -> return 0 && without updating [prev] ======================================================================= in Function SYSCALL_DEFINE3(madvise,...) for (;;) { //[first loop: start = vam->vm_start < vam->vm_end vm_start | end ] con0: if (start >= end) //false always; goto out; tmp = vma->vm_end; //do not update [prev] and always return 0; error = madvise_willneed(); con1: if (error) //false always; goto out; //[ vam->vm_start < start = vam->vm_end = end) //false always ; goto out; //because of pointer [prev] did not change,[vma] keep as it was; update [ vma = prev->vm_next ] } ======================================================================= After the first cycle ;it will always keep [ vam->vm_start < start = vam->vm_end < end ]. since Circulation exit conditions (con{0,1,2}) will never meet ,the program stuck in infinite loop. Signed-off-by: chenjie Signed-off-by: guoxuenan --- mm/madvise.c | 1 + 1 file changed, 1 insertion(+) diff --git a/mm/madvise.c b/mm/madvise.c index 21261ff..c355fee 100644 --- a/mm/madvise.c +++ b/mm/madvise.c @@ -294,6 +294,7 @@ static long madvise_willneed(struct vm_area_struct *vma, #endif if (IS_DAX(file_inode(file))) { + *prev = vma; /* no bad return value, but ignore advice */ return 0; } -- 2.9.5