Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751927AbdFUU14 (ORCPT ); Wed, 21 Jun 2017 16:27:56 -0400 Received: from mx1.redhat.com ([209.132.183.28]:56722 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751106AbdFUU1z (ORCPT ); Wed, 21 Jun 2017 16:27:55 -0400 DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com A9AE67F3F7 Authentication-Results: ext-mx01.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx01.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=oleg@redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com A9AE67F3F7 Date: Wed, 21 Jun 2017 22:27:51 +0200 From: Oleg Nesterov To: Linus Torvalds Cc: Hugh Dickins , kernel test robot , Michal Hocko , LKML , LKP Subject: Re: [lkp-robot] [mm] 1be7107fbe: kernel_BUG_at_mm/mmap.c Message-ID: <20170621202751.GA29638@redhat.com> References: <20170621023552.GB32082@yexl-desktop> <20170621193338.GA29222@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.24 (2015-08-30) X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]); Wed, 21 Jun 2017 20:27:54 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1046 Lines: 34 On 06/21, Linus Torvalds wrote: > > On Wed, Jun 21, 2017 at 12:33 PM, Oleg Nesterov wrote: > > - if (unlikely(address + 65536 + 32 * sizeof(unsigned long) < regs->sp)) { > > +if (0) if (unlikely(address + 65536 + 32 * sizeof(unsigned long) < regs->sp)) { > > This smells bad. Yes. > That test is not about grow-down or even the guard page. That test is > that it's always wrong to grow down the stack below %esp. Sure. but let me repeat that this test was essentially dismissed when the stack guard page was introduced. Simply because do_page_pault() never hits (before the recent patch) this need-to-grow-VM_GROWSDOWN-vma path if the stack grows by less than PAGE_SIZE. IOP. Suppose that an application does char * p = mmap(MAP_GROWSDOWN); for (;;) *p-- = 'x'; before the "larger stack guard gap, between vmas" change the stack was enlarged by do_anonymous_page(), __do_page_fault() didn't hit this path. Now __do_page_fault() tries to expand the stack itself, and this check fails. Oleg.