Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S262641AbUKELLx (ORCPT ); Fri, 5 Nov 2004 06:11:53 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S261579AbUKELLw (ORCPT ); Fri, 5 Nov 2004 06:11:52 -0500 Received: from mx1.elte.hu ([157.181.1.137]:14488 "EHLO mx1.elte.hu") by vger.kernel.org with ESMTP id S262641AbUKELLn (ORCPT ); Fri, 5 Nov 2004 06:11:43 -0500 Date: Fri, 5 Nov 2004 12:09:51 +0100 From: Ingo Molnar To: Lorenzo Allegrucci Cc: Andrew Morton , linux-kernel@vger.kernel.org, Andi Kleen Subject: Re: 2.6.10-rc1-mm3 Message-ID: <20041105110951.GA29702@elte.hu> References: <20041105001328.3ba97e08.akpm@osdl.org> <200411051041.17940.l_allegrucci@yahoo.it> <20041105102204.GA4730@elte.hu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20041105102204.GA4730@elte.hu> User-Agent: Mutt/1.4.1i X-ELTE-SpamVersion: MailScanner 4.31.6-itk1 (ELTE 1.2) SpamAssassin 2.63 ClamAV 0.73 X-ELTE-VirusStatus: clean X-ELTE-SpamCheck: no X-ELTE-SpamCheck-Details: score=-4.9, required 5.9, autolearn=not spam, BAYES_00 -4.90 X-ELTE-SpamLevel: X-ELTE-SpamScore: -4 Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1705 Lines: 46 * Ingo Molnar wrote: > > ------------[ cut here ]------------ > > kernel BUG at mm/memory.c:156! > > > Process shmt04 (pid: 4854, threadinfo=dca51000 task=de374510) > > reproducible here too, just running LTP's shmt04 directly triggers it > immediately. Looks like there's interaction of 4-level pagetables with > ipc/shm.c or mm/shmem.c. due to the PML4 feature, the clear_page_tables() function changed to clear_page_range(), changing its (first,size) argument to (first,last). Normally it's called with (0,TASK_SIZE) which normally is PML4-aligned, but in the (relatively rare) do_munmap() use this is not the case. We correctly calculate the range that could be cleared, but it's not PML4_SIZE aligned. The solution is to clip both 'first' and 'last' to PML4_SIZE boundary. Since when we calculate 'first' we add at least +PML4_SIZE to the value, it is safe to clip 'first'. It is obviously safe to clip 'last'. The patch below implements this fix - it boots & works fine and shmt04 doesnt crash anymore. Andi, do you agree with this fix? Ingo Signed-off-by: Ingo Molnar --- linux/mm/mmap.c.orig +++ linux/mm/mmap.c @@ -1545,7 +1545,7 @@ no_mmaps: } if (pml4_index(last) > start_pml4_index || pgd_index(last) > start_pgd_index) { - clear_page_range(tlb, first, last); + clear_page_range(tlb, first & PML4_MASK, last & PML4_MASK); flush_tlb_pgtables(mm, first & PML4_MASK, last & PML4_MASK); } } - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/