From patchwork Tue Dec 8 12:06:26 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Catalin Marinas X-Patchwork-Id: 57845 Delivered-To: patch@linaro.org Received: by 10.112.147.194 with SMTP id tm2csp1745673lbb; Tue, 8 Dec 2015 04:08:32 -0800 (PST) X-Received: by 10.66.237.102 with SMTP id vb6mr3855264pac.133.1449576512207; Tue, 08 Dec 2015 04:08:32 -0800 (PST) Return-Path: Received: from bombadil.infradead.org (bombadil.infradead.org. [2001:1868:205::9]) by mx.google.com with ESMTPS id 18si4974417pfc.4.2015.12.08.04.08.31 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 08 Dec 2015 04:08:32 -0800 (PST) Received-SPF: pass (google.com: domain of linux-arm-kernel-bounces+patch=linaro.org@lists.infradead.org designates 2001:1868:205::9 as permitted sender) client-ip=2001:1868:205::9; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-arm-kernel-bounces+patch=linaro.org@lists.infradead.org designates 2001:1868:205::9 as permitted sender) smtp.mailfrom=linux-arm-kernel-bounces+patch=linaro.org@lists.infradead.org Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.80.1 #2 (Red Hat Linux)) id 1a6H2l-0006kT-A8; Tue, 08 Dec 2015 12:06:55 +0000 Received: from foss.arm.com ([217.140.101.70]) by bombadil.infradead.org with esmtp (Exim 4.80.1 #2 (Red Hat Linux)) id 1a6H2i-0006fu-5x for linux-arm-kernel@lists.infradead.org; Tue, 08 Dec 2015 12:06:52 +0000 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id BE2EA49; Tue, 8 Dec 2015 04:06:08 -0800 (PST) Received: from e104818-lin.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id EBECD3F459; Tue, 8 Dec 2015 04:06:28 -0800 (PST) Date: Tue, 8 Dec 2015 12:06:26 +0000 From: Catalin Marinas To: Will Deacon Subject: Re: ARM64: kernel oops in 4.4-rc4+ Message-ID: <20151208120625.GA26759@e104818-lin.cambridge.arm.com> References: <20151208103013.GA19612@arm.com> <20151208105152.GB19612@arm.com> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <20151208105152.GB19612@arm.com> User-Agent: Mutt/1.5.23 (2014-03-12) X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20151208_040652_300840_2B308EE4 X-CRM114-Status: GOOD ( 16.91 ) X-Spam-Score: -6.9 (------) X-Spam-Report: SpamAssassin version 3.4.0 on bombadil.infradead.org summary: Content analysis details: (-6.9 points) pts rule name description ---- ---------------------- -------------------------------------------------- -5.0 RCVD_IN_DNSWL_HI RBL: Sender listed at http://www.dnswl.org/, high trust [217.140.101.70 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record -0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay domain -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Ming Lei , linux-arm-kernel Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patch=linaro.org@lists.infradead.org On Tue, Dec 08, 2015 at 10:51:52AM +0000, Will Deacon wrote: > On Tue, Dec 08, 2015 at 10:30:13AM +0000, Will Deacon wrote: > > On Tue, Dec 08, 2015 at 02:30:33PM +0800, Ming Lei wrote: > > > The attached kernel oops can be triggered immediately after > > > running the following command on APM Mustang: > > > > > > $stress-ng --all 8 -t 10m > > > > > > [1] kernel oops log > > > stress-ng: info: [5220] 5 failures reached, aborting stress process > > > [ 265.782659] kernel BUG at ./arch/arm64/include/asm/pgtable.h:282! > > > > Yikes, this means we're replacing a writable pte with a clean pte, so > > there's a potential race w/ hardware DBM. > > > > Could you dump pte and *ptep please? > > I tried running this on my Juno and pretty quickly saw the OOM killer > coming in. Perhaps, in your case, pte is a swap entry and its confusing > the checks (so pte_dirty/pte_young are looking at random bits of the > file offset)? It could indeed be that the new pte is swap or file and the check misses that. The easiest is to move the check inside the if (pte_valid_user(pte)) block: --------------8<------------------------ --------------8<------------------------ -- Catalin _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel diff --git a/arch/arm64/include/asm/pgtable.h b/arch/arm64/include/asm/pgtable.h index 7e074f93f383..12d89ee5ab7f 100644 --- a/arch/arm64/include/asm/pgtable.h +++ b/arch/arm64/include/asm/pgtable.h @@ -269,17 +269,17 @@ static inline void set_pte_at(struct mm_struct *mm, unsigned long addr, pte_val(pte) &= ~PTE_RDONLY; else pte_val(pte) |= PTE_RDONLY; - } - /* - * If the existing pte is valid, check for potential race with - * hardware updates of the pte (ptep_set_access_flags safely changes - * valid ptes without going through an invalid entry). - */ - if (IS_ENABLED(CONFIG_DEBUG_VM) && IS_ENABLED(CONFIG_ARM64_HW_AFDBM) && - pte_valid(*ptep)) { - BUG_ON(!pte_young(pte)); - BUG_ON(pte_write(*ptep) && !pte_dirty(pte)); + /* + * If the existing pte is valid, check for potential race with + * hardware updates of the pte (ptep_set_access_flags safely + * changes valid ptes without going through an invalid entry). + */ + if (IS_ENABLED(CONFIG_DEBUG_VM) && IS_ENABLED(CONFIG_ARM64_HW_AFDBM) && + pte_valid(*ptep)) { + BUG_ON(!pte_young(pte)); + BUG_ON(pte_write(*ptep) && !pte_dirty(pte)); + } } set_pte(ptep, pte);