Message ID | 1533057424-25933-1-git-send-email-john.stultz@linaro.org (mailing list archive) |
---|---|
State | New, archived |
Headers | show
Return-Path: <owner-linux-mm@kvack.org> Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 0CE2F15E2 for <patchwork-linux-mm@patchwork.kernel.org>; Tue, 31 Jul 2018 17:17:21 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E53312AF4B for <patchwork-linux-mm@patchwork.kernel.org>; Tue, 31 Jul 2018 17:17:20 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id D04CB2AD48; Tue, 31 Jul 2018 17:17:20 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id DD7D22AF3B for <patchwork-linux-mm@patchwork.kernel.org>; Tue, 31 Jul 2018 17:17:18 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id EC01C6B0005; Tue, 31 Jul 2018 13:17:17 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id E48FF6B0006; Tue, 31 Jul 2018 13:17:17 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id CEE0F6B000A; Tue, 31 Jul 2018 13:17:17 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pl0-f72.google.com (mail-pl0-f72.google.com [209.85.160.72]) by kanga.kvack.org (Postfix) with ESMTP id 8C4156B0005 for <linux-mm@kvack.org>; Tue, 31 Jul 2018 13:17:17 -0400 (EDT) Received: by mail-pl0-f72.google.com with SMTP id 2-v6so2666882plc.11 for <linux-mm@kvack.org>; Tue, 31 Jul 2018 10:17:17 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:dkim-signature:from:to:cc:subject:date :message-id:in-reply-to:references; bh=Mr8SlKMMKOWqMOG5/RqK9f9XGsYcnxSMuRGnJK/CucU=; b=GrtbBJo6I6ZxTjKlKOiTBHAOI21zrWPYU44MouH+RZRe8hYVe5Hn82TBzZEfBeqBih FXCkx4q7EpuAzw2ULYujgWYklzmTcvPvZEkJtoBivOxuNQAhkCXe4B6Eqp5A/UV8FTmS mSUuubJA+nhLaDALlTgKR1gNsXNV0HmWuEvqX4ly6cUVLi7EW0N1EMY1Hxpyi8aXldKg UycsMn30CinxOKwS8tHObUtMWmRgZlaZNqR0vQaPNJB+E45iicgHopRT8dUPsHGcNZCK LfEtTuRdmQSuVOchDPGoMepB8ys02+nTGq+YQH8UZlqY99PtCyGdSXokxT0j6EPGpRQP helw== X-Gm-Message-State: AOUpUlG1sNXJx/po700BmGfUTRJbBuZD9Qg6GIwbF6hXKPRtJIbSdecH h/XZoqLkk5jrJ+bRfYnNa3cmjOh9Ye9z0BuBA4dwIPqay4yOAksSSfVBbTPJY23ob0VYwpfADrI PV7ZsBt/WEm4RWd16OP77Gx2CEqKuJ0NA9ZDAsEyUMYh6UpVhioH68taH1/ovH38Mn2ri0Asbwy IAd+JDD18m08woOwzrgYeIDPmTf6D3xCwOqur2ZV2IDCebTozx6KCCm4tD/vS1AtLr5e4041+b+ c6Ayqi+HOCbAykySxsV1rvmfkcs6UiRAMnhjv9sAmonC3incQu+5OLbx1z65LsvLwvqFZ3Wo4D2 i4VL52w5SnF5ZrT0C1GVvF0BFtjHcLSOMFyc8MZ6vqA1bau7NYM0vcJk3EGK35ar4jEV5oBqgKQ E X-Received: by 2002:a63:5143:: with SMTP id r3-v6mr21851839pgl.11.1533057437237; Tue, 31 Jul 2018 10:17:17 -0700 (PDT) X-Received: by 2002:a63:5143:: with SMTP id r3-v6mr21851800pgl.11.1533057436539; Tue, 31 Jul 2018 10:17:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1533057436; cv=none; d=google.com; s=arc-20160816; b=tSRPtwxEObCeu9hGAIM0tMWK5cC3vs0UhzVRcReLzUnTZYUVADmSp6bp70fC6AJUVj b3M8eR7ELbsMbVPsDnWgku02NVhCQh4VAixQE8suolAbWauKAgoHn2RybA+gAsFf3bBQ KpSszdx9g7aiSZHAp1Lhw5kSx+VszX7tGvnzRbNKw8z8ItYI8HnRi/ibHgkyCFzEqLPZ KFw5SBuZe0B3DkU8BtMB+KWAXW1+EaEGwEttVNGFVnitgluURg/dcls2/lcMIM6I0kyK FrLwGxMN2z4Ag3ImtKzw+SLNbo+peV2D88ypkdDKydtFS0FNGI/ziqGrCDFDeougviIx cf+w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature:arc-authentication-results; bh=Mr8SlKMMKOWqMOG5/RqK9f9XGsYcnxSMuRGnJK/CucU=; b=o5m+3VYADZxYY9sbpwQdEAnzxCls1GWiVg53BEy9IY5Ko0Prx38F0hFNShrnOPJOGd TZnIfYZ6DdCFx26fsVsGomlm7rDlQcxuULniQVbj87ORT9cSzCTymMVrldPCtz3ZlfgA LYD8HXDwjcKjueebJae3emT+B5PP0Y6AI14oJSfOkzk57Pi1MYo8T0Nw4qdOg8MOCsWw 8xm0hqCOpxZacUrdFLRy5p7CemhsjXzvMoTgmsyWLBO850WldaQUtJ5PVVKyJj2KWWjn i+kqM0v520HfCJ90zHOLX2h2Ziy07WKO/Pa5u8QFjNSBDENwO4yqlM8edeB+PXJVwS1w iA5w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=JLyAhVhG; spf=pass (google.com: domain of john.stultz@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=john.stultz@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id q23-v6sor4151810pfh.16.2018.07.31.10.17.16 for <linux-mm@kvack.org> (Google Transport Security); Tue, 31 Jul 2018 10:17:16 -0700 (PDT) Received-SPF: pass (google.com: domain of john.stultz@linaro.org designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=JLyAhVhG; spf=pass (google.com: domain of john.stultz@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=john.stultz@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=Mr8SlKMMKOWqMOG5/RqK9f9XGsYcnxSMuRGnJK/CucU=; b=JLyAhVhGcAiy3rzm8sLZ7tPCODrsWKfLyDUpfHHgubx+5um96Xn4BBXWCzu4cLGaj8 H+AVeHGJlw0jpCalPaScnRtvio97Af1j3O19YyYL8O18GF1v9LVE0DhWxOSMZ5Rl3Sko Y+B2Aayqk0hTWycVr3a1xWLR8ITWqNbKlk7JA= X-Google-Smtp-Source: AAOMgpflYEO42li9iH5OxkY8mQuwLpEiSJXf3JUSCGAGhd5tb5739YZEvpyj3m1NyCogKdDHw6/Ukg== X-Received: by 2002:aa7:850b:: with SMTP id v11-v6mr22763790pfn.165.1533057436022; Tue, 31 Jul 2018 10:17:16 -0700 (PDT) Received: from localhost.localdomain ([2601:1c2:680:1319:4e72:b9ff:fe99:466a]) by smtp.gmail.com with ESMTPSA id y3-v6sm43577938pfi.24.2018.07.31.10.17.14 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 31 Jul 2018 10:17:14 -0700 (PDT) From: John Stultz <john.stultz@linaro.org> To: Linux Kernel Mailing List <linux-kernel@vger.kernel.org> Cc: John Stultz <john.stultz@linaro.org>, Amit Pundir <amit.pundir@linaro.org>, "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>, "Kirill A. Shutemov" <kirill@shutemov.name>, Andrew Morton <akpm@linux-foundation.org>, Dmitry Vyukov <dvyukov@google.com>, Oleg Nesterov <oleg@redhat.com>, aarcange@redhat.com, Linus Torvalds <torvalds@linux-foundation.org>, Greg Kroah-Hartman <gregkh@linuxfoundation.org>, Hugh Dickins <hughd@google.com>, Joel Fernandes <joelaf@google.com>, Colin Cross <ccross@google.com>, Matthew Wilcox <willy@infradead.org>, linux-mm@kvack.org, youling 257 <youling257@gmail.com> Subject: [PATCH] staging: ashmem: Fix SIGBUS crash when traversing mmaped ashmem pages Date: Tue, 31 Jul 2018 10:17:04 -0700 Message-Id: <1533057424-25933-1-git-send-email-john.stultz@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <CA+55aFx=-tHXjv3gv4W=xYwM+VOHJQE5q5VyihkPK7s560x-vQ@mail.gmail.com> References: <CA+55aFx=-tHXjv3gv4W=xYwM+VOHJQE5q5VyihkPK7s560x-vQ@mail.gmail.com> X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: <linux-mm.kvack.org> X-Virus-Scanned: ClamAV using ClamSMTP |
Series |
staging: ashmem: Fix SIGBUS crash when traversing mmaped ashmem pages
|
expand
|
diff --git a/drivers/staging/android/ashmem.c b/drivers/staging/android/ashmem.c index a1a0025..d5d33e1 100644 --- a/drivers/staging/android/ashmem.c +++ b/drivers/staging/android/ashmem.c @@ -402,6 +402,8 @@ static int ashmem_mmap(struct file *file, struct vm_area_struct *vma) fput(asma->file); goto out; } + } else { + vma_set_anonymous(vma); } if (vma->vm_file)
Amit Pundir and Youling in parallel reported crashes with recent mainline kernels running Android: F DEBUG : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** F DEBUG : Build fingerprint: 'Android/db410c32_only/db410c32_only:Q/OC-MR1/102:userdebug/test-key F DEBUG : Revision: '0' F DEBUG : ABI: 'arm' F DEBUG : pid: 2261, tid: 2261, name: zygote >>> zygote <<< F DEBUG : signal 7 (SIGBUS), code 2 (BUS_ADRERR), fault addr 0xec00008 ... <snip> ... F DEBUG : backtrace: F DEBUG : #00 pc 00001c04 /system/lib/libc.so (memset+48) F DEBUG : #01 pc 0010c513 /system/lib/libart.so (create_mspace_with_base+82) F DEBUG : #02 pc 0015c601 /system/lib/libart.so (art::gc::space::DlMallocSpace::CreateMspace(void*, unsigned int, unsigned int)+40) F DEBUG : #03 pc 0015c3ed /system/lib/libart.so (art::gc::space::DlMallocSpace::CreateFromMemMap(art::MemMap*, std::__1::basic_string<char, std::__ 1::char_traits<char>, std::__1::allocator<char>> const&, unsigned int, unsigned int, unsigned int, unsigned int, bool)+36) ... This was bisected back to commit bfd40eaff5ab ("mm: fix vma_is_anonymous() false-positives"). create_mspace_with_base() in the trace above, utilizes ashmem, and with ashmem, for shared mappings we use shmem_zero_setup(), which sets the vma->vm_ops to &shmem_vm_ops. But for private ashmem mappings nothing sets the vma->vm_ops. Looking at the problematic patch, it seems to add a requirement that one call vma_set_anonymous() on a vma, otherwise the dummy_vm_ops will be used. Using the dummy_vm_ops seem to triggger SIGBUS when traversing unmapped pages. Thus, this patch adds a call to vma_set_anonymous() for ashmem private mappings and seems to avoid the reported problem. Cc: Amit Pundir <amit.pundir@linaro.org> Cc: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com> Cc: "Kirill A. Shutemov" <kirill@shutemov.name> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: Dmitry Vyukov <dvyukov@google.com> Cc: Oleg Nesterov <oleg@redhat.com> Cc: aarcange@redhat.com Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Cc: Hugh Dickins <hughd@google.com> Cc: Joel Fernandes <joelaf@google.com> Cc: Colin Cross <ccross@google.com> Cc: Matthew Wilcox <willy@infradead.org> Cc: linux-mm@kvack.org Cc: youling 257 <youling257@gmail.com> Fixes: bfd40eaff5ab ("mm: fix vma_is_anonymous() false-positives") Reported-by: Amit Pundir <amit.pundir@linaro.org> Reported-by: Youling 257 <youling257@gmail.com> Signed-off-by: John Stultz <john.stultz@linaro.org> --- Hopefully my explanation make sense here. Please let me know if it needs corrections. thanks -john --- drivers/staging/android/ashmem.c | 2 ++ 1 file changed, 2 insertions(+)