CC: [email protected] TO: Chinwen Chang <[email protected]> CC: Andrew Morton <[email protected]> CC: Linux Memory Management List <[email protected]>
tree: https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git master head: 605cbf3d5f20470ec303b79feda3202935f4a142 commit: 7fc98b2f13a03e5d1b0584d9e41516c990e6bdac [2399/2546] mm: proc: smaps_rollup: do not stall write attempts on mmap_lock :::::: branch date: 6 hours ago :::::: commit date: 12 hours ago config: x86_64-randconfig-m001-20200818 (attached as .config) compiler: gcc-9 (Debian 9.3.0-15) 9.3.0 If you fix the issue, kindly add following tag as appropriate Reported-by: kernel test robot <[email protected]> Reported-by: Dan Carpenter <[email protected]> smatch warnings: fs/proc/task_mmu.c:947 show_smaps_rollup() error: double unlocked 'mm->mmap_lock' (orig line 879) # https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=7fc98b2f13a03e5d1b0584d9e41516c990e6bdac git remote add linux-next https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git git fetch --no-tags linux-next master git checkout 7fc98b2f13a03e5d1b0584d9e41516c990e6bdac vim +947 fs/proc/task_mmu.c 258f669e7e88c18 Vlastimil Babka 2018-08-21 842 258f669e7e88c18 Vlastimil Babka 2018-08-21 843 static int show_smaps_rollup(struct seq_file *m, void *v) 258f669e7e88c18 Vlastimil Babka 2018-08-21 844 { 258f669e7e88c18 Vlastimil Babka 2018-08-21 845 struct proc_maps_private *priv = m->private; 258f669e7e88c18 Vlastimil Babka 2018-08-21 846 struct mem_size_stats mss; 258f669e7e88c18 Vlastimil Babka 2018-08-21 847 struct mm_struct *mm; 258f669e7e88c18 Vlastimil Babka 2018-08-21 848 struct vm_area_struct *vma; 258f669e7e88c18 Vlastimil Babka 2018-08-21 849 unsigned long last_vma_end = 0; 258f669e7e88c18 Vlastimil Babka 2018-08-21 850 int ret = 0; 258f669e7e88c18 Vlastimil Babka 2018-08-21 851 258f669e7e88c18 Vlastimil Babka 2018-08-21 852 priv->task = get_proc_task(priv->inode); 258f669e7e88c18 Vlastimil Babka 2018-08-21 853 if (!priv->task) 258f669e7e88c18 Vlastimil Babka 2018-08-21 854 return -ESRCH; 258f669e7e88c18 Vlastimil Babka 2018-08-21 855 258f669e7e88c18 Vlastimil Babka 2018-08-21 856 mm = priv->mm; 258f669e7e88c18 Vlastimil Babka 2018-08-21 857 if (!mm || !mmget_not_zero(mm)) { 258f669e7e88c18 Vlastimil Babka 2018-08-21 858 ret = -ESRCH; 258f669e7e88c18 Vlastimil Babka 2018-08-21 859 goto out_put_task; 258f669e7e88c18 Vlastimil Babka 2018-08-21 860 } 258f669e7e88c18 Vlastimil Babka 2018-08-21 861 258f669e7e88c18 Vlastimil Babka 2018-08-21 862 memset(&mss, 0, sizeof(mss)); 258f669e7e88c18 Vlastimil Babka 2018-08-21 863 d8ed45c5dcd455f Michel Lespinasse 2020-06-08 864 ret = mmap_read_lock_killable(mm); a26a97815548574 Konstantin Khlebnikov 2019-07-11 865 if (ret) a26a97815548574 Konstantin Khlebnikov 2019-07-11 866 goto out_put_mm; a26a97815548574 Konstantin Khlebnikov 2019-07-11 867 258f669e7e88c18 Vlastimil Babka 2018-08-21 868 hold_task_mempolicy(priv); 258f669e7e88c18 Vlastimil Babka 2018-08-21 869 7fc98b2f13a03e5 Chinwen Chang 2020-08-20 870 for (vma = priv->mm->mmap; vma;) { 441b9e013a2687e Chinwen Chang 2020-08-20 871 smap_gather_stats(vma, &mss, 0); 258f669e7e88c18 Vlastimil Babka 2018-08-21 872 last_vma_end = vma->vm_end; 7fc98b2f13a03e5 Chinwen Chang 2020-08-20 873 7fc98b2f13a03e5 Chinwen Chang 2020-08-20 874 /* 7fc98b2f13a03e5 Chinwen Chang 2020-08-20 875 * Release mmap_lock temporarily if someone wants to 7fc98b2f13a03e5 Chinwen Chang 2020-08-20 876 * access it for write request. 7fc98b2f13a03e5 Chinwen Chang 2020-08-20 877 */ 7fc98b2f13a03e5 Chinwen Chang 2020-08-20 878 if (mmap_lock_is_contended(mm)) { 7fc98b2f13a03e5 Chinwen Chang 2020-08-20 @879 mmap_read_unlock(mm); 7fc98b2f13a03e5 Chinwen Chang 2020-08-20 880 ret = mmap_read_lock_killable(mm); 7fc98b2f13a03e5 Chinwen Chang 2020-08-20 881 if (ret) { 7fc98b2f13a03e5 Chinwen Chang 2020-08-20 882 release_task_mempolicy(priv); 7fc98b2f13a03e5 Chinwen Chang 2020-08-20 883 goto out_put_mm; 7fc98b2f13a03e5 Chinwen Chang 2020-08-20 884 } 7fc98b2f13a03e5 Chinwen Chang 2020-08-20 885 7fc98b2f13a03e5 Chinwen Chang 2020-08-20 886 /* 7fc98b2f13a03e5 Chinwen Chang 2020-08-20 887 * After dropping the lock, there are four cases to 7fc98b2f13a03e5 Chinwen Chang 2020-08-20 888 * consider. See the following example for explanation. 7fc98b2f13a03e5 Chinwen Chang 2020-08-20 889 * 7fc98b2f13a03e5 Chinwen Chang 2020-08-20 890 * +------+------+-----------+ 7fc98b2f13a03e5 Chinwen Chang 2020-08-20 891 * | VMA1 | VMA2 | VMA3 | 7fc98b2f13a03e5 Chinwen Chang 2020-08-20 892 * +------+------+-----------+ 7fc98b2f13a03e5 Chinwen Chang 2020-08-20 893 * | | | | 7fc98b2f13a03e5 Chinwen Chang 2020-08-20 894 * 4k 8k 16k 400k 7fc98b2f13a03e5 Chinwen Chang 2020-08-20 895 * 7fc98b2f13a03e5 Chinwen Chang 2020-08-20 896 * Suppose we drop the lock after reading VMA2 due to 7fc98b2f13a03e5 Chinwen Chang 2020-08-20 897 * contention, then we get: 7fc98b2f13a03e5 Chinwen Chang 2020-08-20 898 * 7fc98b2f13a03e5 Chinwen Chang 2020-08-20 899 * last_vma_end = 16k 7fc98b2f13a03e5 Chinwen Chang 2020-08-20 900 * 7fc98b2f13a03e5 Chinwen Chang 2020-08-20 901 * 1) VMA2 is freed, but VMA3 exists: 7fc98b2f13a03e5 Chinwen Chang 2020-08-20 902 * 7fc98b2f13a03e5 Chinwen Chang 2020-08-20 903 * find_vma(mm, 16k - 1) will return VMA3. 7fc98b2f13a03e5 Chinwen Chang 2020-08-20 904 * In this case, just continue from VMA3. 7fc98b2f13a03e5 Chinwen Chang 2020-08-20 905 * 7fc98b2f13a03e5 Chinwen Chang 2020-08-20 906 * 2) VMA2 still exists: 7fc98b2f13a03e5 Chinwen Chang 2020-08-20 907 * 7fc98b2f13a03e5 Chinwen Chang 2020-08-20 908 * find_vma(mm, 16k - 1) will return VMA2. 7fc98b2f13a03e5 Chinwen Chang 2020-08-20 909 * Iterate the loop like the original one. 7fc98b2f13a03e5 Chinwen Chang 2020-08-20 910 * 7fc98b2f13a03e5 Chinwen Chang 2020-08-20 911 * 3) No more VMAs can be found: 7fc98b2f13a03e5 Chinwen Chang 2020-08-20 912 * 7fc98b2f13a03e5 Chinwen Chang 2020-08-20 913 * find_vma(mm, 16k - 1) will return NULL. 7fc98b2f13a03e5 Chinwen Chang 2020-08-20 914 * No more things to do, just break. 7fc98b2f13a03e5 Chinwen Chang 2020-08-20 915 * 7fc98b2f13a03e5 Chinwen Chang 2020-08-20 916 * 4) (last_vma_end - 1) is the middle of a vma (VMA'): 7fc98b2f13a03e5 Chinwen Chang 2020-08-20 917 * 7fc98b2f13a03e5 Chinwen Chang 2020-08-20 918 * find_vma(mm, 16k - 1) will return VMA' whose range 7fc98b2f13a03e5 Chinwen Chang 2020-08-20 919 * contains last_vma_end. 7fc98b2f13a03e5 Chinwen Chang 2020-08-20 920 * Iterate VMA' from last_vma_end. 7fc98b2f13a03e5 Chinwen Chang 2020-08-20 921 */ 7fc98b2f13a03e5 Chinwen Chang 2020-08-20 922 vma = find_vma(mm, last_vma_end - 1); 7fc98b2f13a03e5 Chinwen Chang 2020-08-20 923 /* Case 3 above */ 7fc98b2f13a03e5 Chinwen Chang 2020-08-20 924 if (!vma) 7fc98b2f13a03e5 Chinwen Chang 2020-08-20 925 break; 7fc98b2f13a03e5 Chinwen Chang 2020-08-20 926 7fc98b2f13a03e5 Chinwen Chang 2020-08-20 927 /* Case 1 above */ 7fc98b2f13a03e5 Chinwen Chang 2020-08-20 928 if (vma->vm_start >= last_vma_end) 7fc98b2f13a03e5 Chinwen Chang 2020-08-20 929 continue; 7fc98b2f13a03e5 Chinwen Chang 2020-08-20 930 7fc98b2f13a03e5 Chinwen Chang 2020-08-20 931 /* Case 4 above */ 7fc98b2f13a03e5 Chinwen Chang 2020-08-20 932 if (vma->vm_end > last_vma_end) 7fc98b2f13a03e5 Chinwen Chang 2020-08-20 933 smap_gather_stats(vma, &mss, last_vma_end); 7fc98b2f13a03e5 Chinwen Chang 2020-08-20 934 } 7fc98b2f13a03e5 Chinwen Chang 2020-08-20 935 /* Case 2 above */ 7fc98b2f13a03e5 Chinwen Chang 2020-08-20 936 vma = vma->vm_next; 258f669e7e88c18 Vlastimil Babka 2018-08-21 937 } 258f669e7e88c18 Vlastimil Babka 2018-08-21 938 258f669e7e88c18 Vlastimil Babka 2018-08-21 939 show_vma_header_prefix(m, priv->mm->mmap->vm_start, 258f669e7e88c18 Vlastimil Babka 2018-08-21 940 last_vma_end, 0, 0, 0, 0); 258f669e7e88c18 Vlastimil Babka 2018-08-21 941 seq_pad(m, ' '); 258f669e7e88c18 Vlastimil Babka 2018-08-21 942 seq_puts(m, "[rollup]\n"); 258f669e7e88c18 Vlastimil Babka 2018-08-21 943 ee2ad71b0756e99 Luigi Semenzato 2019-07-11 944 __show_smap(m, &mss, true); 258f669e7e88c18 Vlastimil Babka 2018-08-21 945 258f669e7e88c18 Vlastimil Babka 2018-08-21 946 release_task_mempolicy(priv); d8ed45c5dcd455f Michel Lespinasse 2020-06-08 @947 mmap_read_unlock(mm); 258f669e7e88c18 Vlastimil Babka 2018-08-21 948 a26a97815548574 Konstantin Khlebnikov 2019-07-11 949 out_put_mm: a26a97815548574 Konstantin Khlebnikov 2019-07-11 950 mmput(mm); 258f669e7e88c18 Vlastimil Babka 2018-08-21 951 out_put_task: 258f669e7e88c18 Vlastimil Babka 2018-08-21 952 put_task_struct(priv->task); 258f669e7e88c18 Vlastimil Babka 2018-08-21 953 priv->task = NULL; 258f669e7e88c18 Vlastimil Babka 2018-08-21 954 493b0e9d945fa9d Daniel Colascione 2017-09-06 955 return ret; e070ad49f31155d Mauricio Lin 2005-09-03 956 } d1be35cb6f96975 Andrei Vagin 2018-04-10 957 #undef SEQ_PUT_DEC e070ad49f31155d Mauricio Lin 2005-09-03 958 :::::: The code at line 947 was first introduced by commit :::::: d8ed45c5dcd455fc5848d47f86883a1b872ac0d0 mmap locking API: use coccinelle to convert mmap_sem rwsem call sites :::::: TO: Michel Lespinasse <[email protected]> :::::: CC: Linus Torvalds <[email protected]> --- 0-DAY CI Kernel Test Service, Intel Corporation https://lists.01.org/hyperkitty/list/[email protected]
.config.gz
Description: application/gzip
_______________________________________________ kbuild mailing list -- [email protected] To unsubscribe send an email to [email protected]
