| Message ID | 1533057424-25933-1-git-send-email-john.stultz@linaro.org (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show
Return-Path: <owner-linux-mm@kvack.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
[172.30.200.125])
by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 0CE2F15E2
for <patchwork-linux-mm@patchwork.kernel.org>;
Tue, 31 Jul 2018 17:17:21 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E53312AF4B
for <patchwork-linux-mm@patchwork.kernel.org>;
Tue, 31 Jul 2018 17:17:20 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
id D04CB2AD48; Tue, 31 Jul 2018 17:17:20 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
pdx-wl-mail.web.codeaurora.org
X-Spam-Level:
X-Spam-Status: No, score=-3.0 required=2.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE autolearn=ham
version=3.3.1
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
by mail.wl.linuxfoundation.org (Postfix) with ESMTP id DD7D22AF3B
for <patchwork-linux-mm@patchwork.kernel.org>;
Tue, 31 Jul 2018 17:17:18 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
id EC01C6B0005; Tue, 31 Jul 2018 13:17:17 -0400 (EDT)
Delivered-To: linux-mm-outgoing@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 40)
id E48FF6B0006; Tue, 31 Jul 2018 13:17:17 -0400 (EDT)
X-Original-To: int-list-linux-mm@kvack.org
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
id CEE0F6B000A; Tue, 31 Jul 2018 13:17:17 -0400 (EDT)
X-Original-To: linux-mm@kvack.org
X-Delivered-To: linux-mm@kvack.org
Received: from mail-pl0-f72.google.com (mail-pl0-f72.google.com
[209.85.160.72])
by kanga.kvack.org (Postfix) with ESMTP id 8C4156B0005
for <linux-mm@kvack.org>; Tue, 31 Jul 2018 13:17:17 -0400 (EDT)
Received: by mail-pl0-f72.google.com with SMTP id 2-v6so2666882plc.11
for <linux-mm@kvack.org>; Tue, 31 Jul 2018 10:17:17 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:dkim-signature:from:to:cc:subject:date
:message-id:in-reply-to:references;
bh=Mr8SlKMMKOWqMOG5/RqK9f9XGsYcnxSMuRGnJK/CucU=;
b=GrtbBJo6I6ZxTjKlKOiTBHAOI21zrWPYU44MouH+RZRe8hYVe5Hn82TBzZEfBeqBih
FXCkx4q7EpuAzw2ULYujgWYklzmTcvPvZEkJtoBivOxuNQAhkCXe4B6Eqp5A/UV8FTmS
mSUuubJA+nhLaDALlTgKR1gNsXNV0HmWuEvqX4ly6cUVLi7EW0N1EMY1Hxpyi8aXldKg
UycsMn30CinxOKwS8tHObUtMWmRgZlaZNqR0vQaPNJB+E45iicgHopRT8dUPsHGcNZCK
LfEtTuRdmQSuVOchDPGoMepB8ys02+nTGq+YQH8UZlqY99PtCyGdSXokxT0j6EPGpRQP
helw==
X-Gm-Message-State: AOUpUlG1sNXJx/po700BmGfUTRJbBuZD9Qg6GIwbF6hXKPRtJIbSdecH
h/XZoqLkk5jrJ+bRfYnNa3cmjOh9Ye9z0BuBA4dwIPqay4yOAksSSfVBbTPJY23ob0VYwpfADrI
PV7ZsBt/WEm4RWd16OP77Gx2CEqKuJ0NA9ZDAsEyUMYh6UpVhioH68taH1/ovH38Mn2ri0Asbwy
IAd+JDD18m08woOwzrgYeIDPmTf6D3xCwOqur2ZV2IDCebTozx6KCCm4tD/vS1AtLr5e4041+b+
c6Ayqi+HOCbAykySxsV1rvmfkcs6UiRAMnhjv9sAmonC3incQu+5OLbx1z65LsvLwvqFZ3Wo4D2
i4VL52w5SnF5ZrT0C1GVvF0BFtjHcLSOMFyc8MZ6vqA1bau7NYM0vcJk3EGK35ar4jEV5oBqgKQ
E
X-Received: by 2002:a63:5143:: with SMTP id
r3-v6mr21851839pgl.11.1533057437237;
Tue, 31 Jul 2018 10:17:17 -0700 (PDT)
X-Received: by 2002:a63:5143:: with SMTP id
r3-v6mr21851800pgl.11.1533057436539;
Tue, 31 Jul 2018 10:17:16 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1533057436; cv=none;
d=google.com; s=arc-20160816;
b=tSRPtwxEObCeu9hGAIM0tMWK5cC3vs0UhzVRcReLzUnTZYUVADmSp6bp70fC6AJUVj
b3M8eR7ELbsMbVPsDnWgku02NVhCQh4VAixQE8suolAbWauKAgoHn2RybA+gAsFf3bBQ
KpSszdx9g7aiSZHAp1Lhw5kSx+VszX7tGvnzRbNKw8z8ItYI8HnRi/ibHgkyCFzEqLPZ
KFw5SBuZe0B3DkU8BtMB+KWAXW1+EaEGwEttVNGFVnitgluURg/dcls2/lcMIM6I0kyK
FrLwGxMN2z4Ag3ImtKzw+SLNbo+peV2D88ypkdDKydtFS0FNGI/ziqGrCDFDeougviIx
cf+w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=references:in-reply-to:message-id:date:subject:cc:to:from
:dkim-signature:arc-authentication-results;
bh=Mr8SlKMMKOWqMOG5/RqK9f9XGsYcnxSMuRGnJK/CucU=;
b=o5m+3VYADZxYY9sbpwQdEAnzxCls1GWiVg53BEy9IY5Ko0Prx38F0hFNShrnOPJOGd
TZnIfYZ6DdCFx26fsVsGomlm7rDlQcxuULniQVbj87ORT9cSzCTymMVrldPCtz3ZlfgA
LYD8HXDwjcKjueebJae3emT+B5PP0Y6AI14oJSfOkzk57Pi1MYo8T0Nw4qdOg8MOCsWw
8xm0hqCOpxZacUrdFLRy5p7CemhsjXzvMoTgmsyWLBO850WldaQUtJ5PVVKyJj2KWWjn
i+kqM0v520HfCJ90zHOLX2h2Ziy07WKO/Pa5u8QFjNSBDENwO4yqlM8edeB+PXJVwS1w
iA5w==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@linaro.org header.s=google header.b=JLyAhVhG;
spf=pass (google.com: domain of john.stultz@linaro.org designates
209.85.220.65 as permitted sender) smtp.mailfrom=john.stultz@linaro.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: from mail-sor-f65.google.com (mail-sor-f65.google.com.
[209.85.220.65])
by mx.google.com with SMTPS id
q23-v6sor4151810pfh.16.2018.07.31.10.17.16
for <linux-mm@kvack.org>
(Google Transport Security);
Tue, 31 Jul 2018 10:17:16 -0700 (PDT)
Received-SPF: pass (google.com: domain of john.stultz@linaro.org designates
209.85.220.65 as permitted sender) client-ip=209.85.220.65;
Authentication-Results: mx.google.com;
dkim=pass header.i=@linaro.org header.s=google header.b=JLyAhVhG;
spf=pass (google.com: domain of john.stultz@linaro.org designates
209.85.220.65 as permitted sender) smtp.mailfrom=john.stultz@linaro.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=linaro.org; s=google;
h=from:to:cc:subject:date:message-id:in-reply-to:references;
bh=Mr8SlKMMKOWqMOG5/RqK9f9XGsYcnxSMuRGnJK/CucU=;
b=JLyAhVhGcAiy3rzm8sLZ7tPCODrsWKfLyDUpfHHgubx+5um96Xn4BBXWCzu4cLGaj8
H+AVeHGJlw0jpCalPaScnRtvio97Af1j3O19YyYL8O18GF1v9LVE0DhWxOSMZ5Rl3Sko
Y+B2Aayqk0hTWycVr3a1xWLR8ITWqNbKlk7JA=
X-Google-Smtp-Source:
AAOMgpflYEO42li9iH5OxkY8mQuwLpEiSJXf3JUSCGAGhd5tb5739YZEvpyj3m1NyCogKdDHw6/Ukg==
X-Received: by 2002:aa7:850b:: with SMTP id
v11-v6mr22763790pfn.165.1533057436022;
Tue, 31 Jul 2018 10:17:16 -0700 (PDT)
Received: from localhost.localdomain ([2601:1c2:680:1319:4e72:b9ff:fe99:466a])
by smtp.gmail.com with ESMTPSA id
y3-v6sm43577938pfi.24.2018.07.31.10.17.14
(version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
Tue, 31 Jul 2018 10:17:14 -0700 (PDT)
From: John Stultz <john.stultz@linaro.org>
To: Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Cc: John Stultz <john.stultz@linaro.org>,
Amit Pundir <amit.pundir@linaro.org>,
"Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
"Kirill A. Shutemov" <kirill@shutemov.name>,
Andrew Morton <akpm@linux-foundation.org>,
Dmitry Vyukov <dvyukov@google.com>,
Oleg Nesterov <oleg@redhat.com>,
aarcange@redhat.com,
Linus Torvalds <torvalds@linux-foundation.org>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Hugh Dickins <hughd@google.com>,
Joel Fernandes <joelaf@google.com>,
Colin Cross <ccross@google.com>,
Matthew Wilcox <willy@infradead.org>,
linux-mm@kvack.org,
youling 257 <youling257@gmail.com>
Subject: [PATCH] staging: ashmem: Fix SIGBUS crash when traversing mmaped
ashmem pages
Date: Tue, 31 Jul 2018 10:17:04 -0700
Message-Id: <1533057424-25933-1-git-send-email-john.stultz@linaro.org>
X-Mailer: git-send-email 2.7.4
In-Reply-To:
<CA+55aFx=-tHXjv3gv4W=xYwM+VOHJQE5q5VyihkPK7s560x-vQ@mail.gmail.com>
References:
<CA+55aFx=-tHXjv3gv4W=xYwM+VOHJQE5q5VyihkPK7s560x-vQ@mail.gmail.com>
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
X-Virus-Scanned: ClamAV using ClamSMTP
|
| Series |
staging: ashmem: Fix SIGBUS crash when traversing mmaped ashmem pages
|
expand
|
diff --git a/drivers/staging/android/ashmem.c b/drivers/staging/android/ashmem.c index a1a0025..d5d33e1 100644 --- a/drivers/staging/android/ashmem.c +++ b/drivers/staging/android/ashmem.c @@ -402,6 +402,8 @@ static int ashmem_mmap(struct file *file, struct vm_area_struct *vma) fput(asma->file); goto out; } + } else { + vma_set_anonymous(vma); } if (vma->vm_file)
Amit Pundir and Youling in parallel reported crashes with recent mainline kernels running Android: F DEBUG : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** F DEBUG : Build fingerprint: 'Android/db410c32_only/db410c32_only:Q/OC-MR1/102:userdebug/test-key F DEBUG : Revision: '0' F DEBUG : ABI: 'arm' F DEBUG : pid: 2261, tid: 2261, name: zygote >>> zygote <<< F DEBUG : signal 7 (SIGBUS), code 2 (BUS_ADRERR), fault addr 0xec00008 ... <snip> ... F DEBUG : backtrace: F DEBUG : #00 pc 00001c04 /system/lib/libc.so (memset+48) F DEBUG : #01 pc 0010c513 /system/lib/libart.so (create_mspace_with_base+82) F DEBUG : #02 pc 0015c601 /system/lib/libart.so (art::gc::space::DlMallocSpace::CreateMspace(void*, unsigned int, unsigned int)+40) F DEBUG : #03 pc 0015c3ed /system/lib/libart.so (art::gc::space::DlMallocSpace::CreateFromMemMap(art::MemMap*, std::__1::basic_string<char, std::__ 1::char_traits<char>, std::__1::allocator<char>> const&, unsigned int, unsigned int, unsigned int, unsigned int, bool)+36) ... This was bisected back to commit bfd40eaff5ab ("mm: fix vma_is_anonymous() false-positives"). create_mspace_with_base() in the trace above, utilizes ashmem, and with ashmem, for shared mappings we use shmem_zero_setup(), which sets the vma->vm_ops to &shmem_vm_ops. But for private ashmem mappings nothing sets the vma->vm_ops. Looking at the problematic patch, it seems to add a requirement that one call vma_set_anonymous() on a vma, otherwise the dummy_vm_ops will be used. Using the dummy_vm_ops seem to triggger SIGBUS when traversing unmapped pages. Thus, this patch adds a call to vma_set_anonymous() for ashmem private mappings and seems to avoid the reported problem. Cc: Amit Pundir <amit.pundir@linaro.org> Cc: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com> Cc: "Kirill A. Shutemov" <kirill@shutemov.name> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: Dmitry Vyukov <dvyukov@google.com> Cc: Oleg Nesterov <oleg@redhat.com> Cc: aarcange@redhat.com Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Cc: Hugh Dickins <hughd@google.com> Cc: Joel Fernandes <joelaf@google.com> Cc: Colin Cross <ccross@google.com> Cc: Matthew Wilcox <willy@infradead.org> Cc: linux-mm@kvack.org Cc: youling 257 <youling257@gmail.com> Fixes: bfd40eaff5ab ("mm: fix vma_is_anonymous() false-positives") Reported-by: Amit Pundir <amit.pundir@linaro.org> Reported-by: Youling 257 <youling257@gmail.com> Signed-off-by: John Stultz <john.stultz@linaro.org> --- Hopefully my explanation make sense here. Please let me know if it needs corrections. thanks -john --- drivers/staging/android/ashmem.c | 2 ++ 1 file changed, 2 insertions(+)