Received: by 2002:a5b:505:0:0:0:0:0 with SMTP id o5csp2282962ybp; Thu, 10 Oct 2019 05:15:22 -0700 (PDT) X-Google-Smtp-Source: APXvYqwo9yky82sWFQEmYpr+tz0hRaO8qEnOr2iZBnGV1TuO8Br6BkY37/RFmeNxPaaoGXuzBEVH X-Received: by 2002:a17:907:20b3:: with SMTP id pw19mr7712725ejb.76.1570709722100; Thu, 10 Oct 2019 05:15:22 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1570709722; cv=none; d=google.com; s=arc-20160816; b=QfvEB1pRmgb6aIAyP6vxU3tr20BIW+I6E63qT46m16iNdB3gNoe9n+o4xuysfJWbfb guPhwoksN5wCi9gmDbhn125nwSBchCOrkNIlcyWhT/bx26jhcKYpp/v1YtL7a1VeW0LE MMmBTE0WCpw8lFiu5KWi4j1bdcqjGkbxfY+jhfpapVNqyM6OgatYSVDDJHWzAkE3/BF7 gcB5/EUZDJ5fPS6jJRcj49PGZwrzECpkPlg6uUrVLJvEIiC2iYtE1KfSJg1lpi9AY9xN FER1bSTLCbrcXC6YNiILlaYmePOXWPcoF93TbGRz3YPOKopUFSHoz8PkdvFJGhj+EsKk pubw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:reply-to:message-id :subject:cc:to:from:date; bh=Ox3b9dkBWrJ/6I7qy4K0k7lwfP0ls05zMVhCpkNHkck=; b=g3+1cJ9eOTZ1xzmKXYyGsPzdUjYbFbgBBTpmomOjfR7KiVupjavWdB3SXSJAeIZN4d 2LTdDzAOoqCFe7CBWibEzwEWpkO22xbpVyH5RnrvSAxS1hKoRpX57hH/ovCbGI1EJk5R /iQs+9qRS8TDQMIRV6G9xw5pdeTjqZEE41FWh6Di+vRfu5Ci37Z9ez3L+hmgs+Y1+OGt Np6bCYl5xyxBkaJIzHjkX7BSIqd2w8GMTSiHELOuWapdwBvNWmGR5nEJdVoBZSj4Zi+h VnFl51tAkyKcxGrUay6tkRXM4dfg2Y5GRz80bo6Yi3zil58ynS+Ll4D1bV+D82Dj6xVn 733g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id b47si3326407edc.45.2019.10.10.05.14.58; Thu, 10 Oct 2019 05:15:22 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1733209AbfJJMOX (ORCPT + 99 others); Thu, 10 Oct 2019 08:14:23 -0400 Received: from mga01.intel.com ([192.55.52.88]:37689 "EHLO mga01.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728030AbfJJMOX (ORCPT ); Thu, 10 Oct 2019 08:14:23 -0400 X-Amp-Result: UNKNOWN X-Amp-Original-Verdict: FILE UNKNOWN X-Amp-File-Uploaded: False Received: from orsmga006.jf.intel.com ([10.7.209.51]) by fmsmga101.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 10 Oct 2019 05:14:22 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.67,280,1566889200"; d="scan'208";a="198330411" Received: from richard.sh.intel.com (HELO localhost) ([10.239.159.54]) by orsmga006.jf.intel.com with ESMTP; 10 Oct 2019 05:14:20 -0700 Date: Thu, 10 Oct 2019 20:14:03 +0800 From: Wei Yang To: Konstantin Khlebnikov Cc: Wei Yang , Shakeel Butt , Qian Cai , Andrew Morton , Rik van Riel , Linux MM , LKML , Heiko Carstens , Vasily Gorbik , Christian Borntraeger , linux-s390@vger.kernel.org Subject: Re: "reuse mergeable anon_vma as parent when fork" causes a crash on s390 Message-ID: <20191010121403.GA13088@richard> Reply-To: Wei Yang References: <1570656570.5937.24.camel@lca.pw> <20191010023601.GA4793@richard> <20191010031516.GA5060@richard> <8e0d9999-9ee3-78e5-2737-5a504243413c@yandex-team.ru> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <8e0d9999-9ee3-78e5-2737-5a504243413c@yandex-team.ru> User-Agent: Mutt/1.9.4 (2018-02-28) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Oct 10, 2019 at 11:29:44AM +0300, Konstantin Khlebnikov wrote: >On 10/10/2019 06.15, Wei Yang wrote: >> On Thu, Oct 10, 2019 at 10:36:01AM +0800, Wei Yang wrote: >> > Hi, Qian, Shakeel >> > >> > Thanks for testing. >> > >> > Sounds I missed some case to handle. anon_vma_clone() now would be called in >> > vma_adjust, which is a different case when it is introduced. >> > >> >> Well, I have to correct my statement. The reason is we may did something more >> in anon_vma_clone(). >> >> Here is a quick fix, while I need to go through all the cases carefully. > >Oops, I've overlooked this case too. > >You have to check src->anon_vma >otherwise in __split_vma or copy_vma dst could pick completely random anon_vma. > >Also checking prev will not hurt, just to be sure. > >So, something like this should work: > >if (!dst->anon_vma && src->anon_vma && > prev && pprev && pprev->anon_vma == src->anon_vma) > dst->anon_vma = prev->anon_vma; > This may not be the root cause, I found another problem of it. Let me prepare a patch to fix it. >> >> diff --git a/mm/rmap.c b/mm/rmap.c >> index 12f6c3d7fd9d..2844f442208d 100644 >> --- a/mm/rmap.c >> +++ b/mm/rmap.c >> @@ -271,7 +271,7 @@ int anon_vma_clone(struct vm_area_struct *dst, struct vm_area_struct *src) >> * 1. Parent has vm_prev, which implies we have vm_prev. >> * 2. Parent and its vm_prev have the same anon_vma. >> */ >> - if (pprev && pprev->anon_vma == src->anon_vma) >> + if (!dst->anon_vma && pprev && pprev->anon_vma == src->anon_vma) >> dst->anon_vma = prev->anon_vma; >> list_for_each_entry_reverse(pavc, &src->anon_vma_chain, same_vma) { >> >> > BTW, do you have the specific test case? So that I could verify my change. The >> > kernel build test doesn't trigger this. >> > >> > Thanks a lot :-) >> > >> > On Wed, Oct 09, 2019 at 03:21:11PM -0700, Shakeel Butt wrote: >> > -- >> > Wei Yang >> > Help you, Help me >> -- Wei Yang Help you, Help me