Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754995AbYHQBGr (ORCPT ); Sat, 16 Aug 2008 21:06:47 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1754481AbYHQBGj (ORCPT ); Sat, 16 Aug 2008 21:06:39 -0400 Received: from saeurebad.de ([85.214.36.134]:34306 "EHLO saeurebad.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754479AbYHQBGi (ORCPT ); Sat, 16 Aug 2008 21:06:38 -0400 From: Johannes Weiner To: Hugh Dickins Cc: "Rafael J. Wysocki" , Linux Kernel Mailing List , Kernel Testers List , Randy Dunlap Subject: [PATCH] mm: make unmap_vmas() handle non-page-aligned boundary addresses References: Date: Sun, 17 Aug 2008 03:06:12 +0200 In-Reply-To: (Hugh Dickins's message of "Sun, 17 Aug 2008 00:38:35 +0100 (BST)") Message-ID: <87fxp4pi0r.fsf_-_@skyscraper.fehenstaub.lan> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.0.60 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.1.3 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2186 Lines: 58 zap_pte_range() overruns the page tables if the distance between the start and end is not a multiple of the pagesize. Because then, `start' will never be equal to `end' and we will keep looping. To fix this, round the boundary addresses to exclude partial pages from the range completely, we must not unmap them anyway. Signed-off-by: Johannes Weiner --- Hugh Dickins writes: > On Sat, 16 Aug 2008, Rafael J. Wysocki wrote: >> >> Bug-Entry : http://bugzilla.kernel.org/show_bug.cgi?id=11335 >> Subject : 2.6.27-rc2-git5 BUG: unable to handle kernel paging request >> Submitter : Randy Dunlap >> Date : 2008-08-12 4:18 (5 days old) >> References : http://marc.info/?l=linux-kernel&m=121851477201960&w=4 >> Handled-By : Hugh Dickins > > This should still be listed for now, it's interesting, > but I doubt we'll make any progress unless it can be reproduced. I think this patch fixes it. exit_mmap() even calls unmap_vmas() with an ending address of -1UL which is not page-aligned in my book and on my architecture :) It is a similar problem to what we had with gup some weeks ago. diff --git a/mm/memory.c b/mm/memory.c index 1002f47..483c5d0 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -896,11 +896,17 @@ unsigned long unmap_vmas(struct mmu_gather **tlbp, long zap_work = ZAP_BLOCK_SIZE; unsigned long tlb_start = 0; /* For tlb_finish_mmu */ int tlb_start_valid = 0; - unsigned long start = start_addr; + unsigned long start; spinlock_t *i_mmap_lock = details? details->i_mmap_lock: NULL; int fullmm = (*tlbp)->fullmm; struct mm_struct *mm = vma->vm_mm; + /* Preserve partial pages */ + start_addr = PAGE_ALIGN(start_addr); + end_addr &= PAGE_MASK; + + start = start_addr; + mmu_notifier_invalidate_range_start(mm, start_addr, end_addr); for ( ; vma && vma->vm_start < end_addr; vma = vma->vm_next) { unsigned long end; -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/