Received: by 10.223.176.5 with SMTP id f5csp2866846wra; Mon, 29 Jan 2018 05:23:20 -0800 (PST) X-Google-Smtp-Source: AH8x224Cl8KCYWXZWC8ScEG8VSrNcDTivJdSNMd2cdNhT1TVaO6rLSWiDVR3Mswm6k89QT8b/PlI X-Received: by 2002:a17:902:4:: with SMTP id 4-v6mr21697667pla.187.1517232200696; Mon, 29 Jan 2018 05:23:20 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1517232200; cv=none; d=google.com; s=arc-20160816; b=RV114V3koRBz33bClx0fD56eD5N9oiTxsul12xS5M2PxBeV4+MgZWQmm9amHjVxdEr SVVZ+vZLncT5ZsY2C33q/qUC6VERPB7DMBkw+4BrXqj8sE/g5I3frE9+SYp9VUV1kLbu QZgXuZ45R7k7A2aXMDqMgMJbpyQWBYJ9I+oiCxgQXXY8eFXxIQFlB4TA6ca+oVvYbhQ4 gVfMi9lxr7qLBwD/xQ1YwnuxbsfE/a5zVyTdSaQNEo6MnWx69MhwNhXiUjRzYZmmfkAX GA6UR3LdPatlauu8KYauSyOZiW5DD5mgfyLVbMUb4fmK0EdF1Jy73K4lDNaIgFFApb3J HsIQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:arc-authentication-results; bh=mystS+dOuCZ/5VSiO8W4MIDdHreAoUrAOobBCA7Ozhg=; b=DHeI1Rir9V+pyVh59n9AhOa1sC2Rz5CLYMfO1OMjh1Ix2u5qjb+1gsXgjbawJPnRLd pURa929SxOGwERahUEvdtJQOWxEA/jcoHFXaucwUpUdsycFE079ARSj8zdiJkGnKUN2J CrH71p4Vlp/BYO9XOkCESmfnV6Bhc9YTyZCQtr89aYg3NJLb43SqrTp3RwnwgDCB4+5w 6c9u0m9cVGiS4EtJCqRenPcifsLJxA6dNnppPwzzqOXAopsLo1fReOXxROLCFMq7sEdz 1oyleqAPCMDOtpfQ50mIUZATuXPCNaRrktlWGapBBTkUV4RgwIYrm9GiCpPNgQvfegRg Kskg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 2-v6si9388944ple.739.2018.01.29.05.23.05; Mon, 29 Jan 2018 05:23:20 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751966AbeA2NWn (ORCPT + 99 others); Mon, 29 Jan 2018 08:22:43 -0500 Received: from mx2.suse.de ([195.135.220.15]:60157 "EHLO mx2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751893AbeA2NWj (ORCPT ); Mon, 29 Jan 2018 08:22:39 -0500 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay1.suse.de (charybdis-ext.suse.de [195.135.220.254]) by mx2.suse.de (Postfix) with ESMTP id 97BEAAAB5; Mon, 29 Jan 2018 13:22:36 +0000 (UTC) Date: Mon, 29 Jan 2018 14:22:35 +0100 From: Michal Hocko To: Anshuman Khandual Cc: Michael Ellerman , akpm@linux-foundation.org, mm-commits@vger.kernel.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, linux-next@vger.kernel.org, sfr@canb.auug.org.au, broonie@kernel.org Subject: Re: ppc elf_map breakage with MAP_FIXED_NOREPLACE Message-ID: <20180129132235.GE21609@dhcp22.suse.cz> References: <082aa008-c56a-681d-0949-107245603a97@linux.vnet.ibm.com> <20180123124545.GL1526@dhcp22.suse.cz> <20180123160653.GU1526@dhcp22.suse.cz> <2a05eaf2-20fd-57a8-d4bd-5a1fbf57686c@linux.vnet.ibm.com> <20180124090539.GH1526@dhcp22.suse.cz> <5acba3c2-754d-e449-24ff-a72a0ad0d895@linux.vnet.ibm.com> <20180126140415.GD5027@dhcp22.suse.cz> <15da8c87-e6db-13aa-01c8-a913656bfdb6@linux.vnet.ibm.com> <6db9b33d-fd46-c529-b357-3397926f0733@linux.vnet.ibm.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <6db9b33d-fd46-c529-b357-3397926f0733@linux.vnet.ibm.com> User-Agent: Mutt/1.9.2 (2017-12-15) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon 29-01-18 11:02:09, Anshuman Khandual wrote: > On 01/29/2018 08:17 AM, Anshuman Khandual wrote: > > On 01/26/2018 07:34 PM, Michal Hocko wrote: > >> On Fri 26-01-18 18:04:27, Anshuman Khandual wrote: > >> [...] > >>> I tried to instrument mmap_region() for a single instance of 'sed' > >>> binary and traced all it's VMA creation. But there is no trace when > >>> that 'anon' VMA got created which suddenly shows up during subsequent > >>> elf_map() call eventually failing it. Please note that the following > >>> VMA was never created through call into map_region() in the process > >>> which is strange. > >> > >> Could you share your debugging patch? > > > > Please find the debug patch at the end. > > > >> > >>> ================================================================= > >>> [ 9.076867] Details for VMA[3] c000001fce42b7c0 > >>> [ 9.076925] vma c000001fce42b7c0 start 0000000010030000 end 0000000010040000 > >>> next c000001fce42b580 prev c000001fce42b880 mm c000001fce40fa00 > >>> prot 8000000000000104 anon_vma (null) vm_ops (null) > >>> pgoff 1003 file (null) private_data (null) > >>> flags: 0x100073(read|write|mayread|maywrite|mayexec|account) > >>> ================================================================= > >> > >> Isn't this vdso or some other special mapping? It is not really an > >> anonymous vma. Please hook into __install_special_mapping > > > > Yeah, will do. Its not an anon mapping as it does not have a anon_vma > > structure ? > > Okay, this colliding VMA seems to be getting loaded from load_elf_binary() > function as well. > > [ 9.422410] vma c000001fceedbc40 start 0000000010030000 end 0000000010040000 > next c000001fceedbe80 prev c000001fceedb700 mm c000001fceea8200 > prot 8000000000000104 anon_vma (null) vm_ops (null) > pgoff 1003 file (null) private_data (null) > flags: 0x100073(read|write|mayread|maywrite|mayexec|account) > [ 9.422576] CPU: 46 PID: 7457 Comm: sed Not tainted 4.14.0-dirty #158 > [ 9.422610] Call Trace: > [ 9.422623] [c000001fdc4f79b0] [c000000000b17ac0] dump_stack+0xb0/0xf0 (unreliable) > [ 9.422670] [c000001fdc4f79f0] [c0000000002dafb8] do_brk_flags+0x2d8/0x440 > [ 9.422708] [c000001fdc4f7ac0] [c0000000002db3d0] vm_brk_flags+0x80/0x130 > [ 9.422747] [c000001fdc4f7b20] [c0000000003d23a4] set_brk+0x80/0xdc > [ 9.422785] [c000001fdc4f7b60] [c0000000003d1f24] load_elf_binary+0x1304/0x158c > [ 9.422830] [c000001fdc4f7c80] [c00000000035d3e0] search_binary_handler+0xd0/0x270 > [ 9.422881] [c000001fdc4f7d10] [c00000000035f338] do_execveat_common.isra.31+0x658/0x890 > [ 9.422926] [c000001fdc4f7df0] [c00000000035f980] SyS_execve+0x40/0x50 > [ 9.423588] [c000001fdc4f7e30] [c00000000000b220] system_call+0x58/0x6c > > which is getting hit after adding some more debug. Voila! So your binary simply overrides brk by elf segments. That sounds like the exactly the thing that the patch is supposed to protect from. Why this is the case I dunno. It is just clear that either brk or elf base are not put to the proper place. Something to get fixed. You are probably just lucky that brk allocations do not spil over to elf mappings. > @@ -2949,6 +2997,13 @@ static int do_brk_flags(unsigned long addr, unsigned long request, unsigned long > if (flags & VM_LOCKED) > mm->locked_vm += (len >> PAGE_SHIFT); > vma->vm_flags |= VM_SOFTDIRTY; > + > + if (!strcmp(current->comm, "sed")) { > + if (just_init && (mm_ptr == vma->vm_mm)) { > + dump_vma(vma); > + dump_stack(); > + } > + } > return 0; > } > > -- > To unsubscribe, send a message with 'unsubscribe linux-mm' in > the body to majordomo@kvack.org. For more info on Linux MM, > see: http://www.linux-mm.org/ . > Don't email: email@kvack.org -- Michal Hocko SUSE Labs