Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751927AbdFUU14 (ORCPT <rfc822;w@1wt.eu>);
        Wed, 21 Jun 2017 16:27:56 -0400
Received: from mx1.redhat.com ([209.132.183.28]:56722 "EHLO mx1.redhat.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1751106AbdFUU1z (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 21 Jun 2017 16:27:55 -0400
DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com A9AE67F3F7
Authentication-Results: ext-mx01.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com
Authentication-Results: ext-mx01.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=oleg@redhat.com
DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com A9AE67F3F7
Date: Wed, 21 Jun 2017 22:27:51 +0200
From: Oleg Nesterov <oleg@redhat.com>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Hugh Dickins <hughd@google.com>,
        kernel test robot <xiaolong.ye@intel.com>,
        Michal Hocko <mhocko@suse.com>, LKML <linux-kernel@vger.kernel.org>,
        LKP <lkp@01.org>
Subject: Re: [lkp-robot] [mm] 1be7107fbe: kernel_BUG_at_mm/mmap.c
Message-ID: <20170621202751.GA29638@redhat.com>
References: <20170621023552.GB32082@yexl-desktop>
 <alpine.LSU.2.11.1706201937340.14450@eggly.anvils>
 <CA+55aFxzdtZ787snPhLhU8+2xUHKd74Som82yRCiFSQVXCNFhA@mail.gmail.com>
 <20170621193338.GA29222@redhat.com>
 <CA+55aFyTRPOuzo2-Q0xM4+D6naGxFtaE_7dbxXOOdwQ4QGPfpw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CA+55aFyTRPOuzo2-Q0xM4+D6naGxFtaE_7dbxXOOdwQ4QGPfpw@mail.gmail.com>
User-Agent: Mutt/1.5.24 (2015-08-30)
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]); Wed, 21 Jun 2017 20:27:54 +0000 (UTC)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1046
Lines: 34

On 06/21, Linus Torvalds wrote:
>
> On Wed, Jun 21, 2017 at 12:33 PM, Oleg Nesterov <oleg@redhat.com> wrote:
> > -               if (unlikely(address + 65536 + 32 * sizeof(unsigned long) < regs->sp)) {
> > +if (0)         if (unlikely(address + 65536 + 32 * sizeof(unsigned long) < regs->sp)) {
>
> This smells bad.

Yes.

> That test is not about grow-down or even the guard page. That test is
> that it's always wrong to grow down the stack below %esp.

Sure.

but let me repeat that this test was essentially dismissed when the stack
guard page was introduced. Simply because do_page_pault() never hits (before
the recent patch) this need-to-grow-VM_GROWSDOWN-vma path if the stack grows
by less than PAGE_SIZE.

IOP. Suppose that an application does

	char * p = mmap(MAP_GROWSDOWN);
	for (;;)
		*p-- = 'x';
		

before the "larger stack guard gap, between vmas" change the stack was
enlarged by do_anonymous_page(), __do_page_fault() didn't hit this path.

Now __do_page_fault() tries to expand the stack itself, and this check
fails.

Oleg.