---------- Forwarded message ---------- From: अनुज <[email protected]> Date: 2009/7/9 Subject: Re: Kernel Panic : Kernel BUG at rmap:479 To: Mulyadi Santosa <[email protected]> Cc: Aniket Agashe <[email protected]>, [email protected]
2009/7/8 Mulyadi Santosa <[email protected]> > 2009/7/8 अनुज <[email protected]>: > > Hi All > > > > I am trying to map a buffer allocated with kmalloc to user space using > > mmap() and immediately unmapping that with munmap() in a loop for some > > testing purpose. > > > > But I get the kernel panic after some time (means after some iterations > of > > the above loop) with message below : > <oops message truncated..> > > Could you please post or upload the code somewhere? So we all here > might have a chance to take a closer look... To post the whole code is not possible for me right now. I can explain the steps what m doing : In kernel space module : 1. A character driver having open,mmap and close fops. 2. In open(), a structure object (say struct test{....} of arround 100 bytes) is kmalloc-ed. 3. In mmap(), remap_page_range() is used to map the that 'struct test' structure object. 4. In close(), deallocated the 'struct test' using kfree(). In user space application : 1. opened the character device file using open(). 2. mmap-ed the struct test object using mmap(). 3. then, unmaped the struct test using munmap(). 4. And, closed the device file using close(). 5. Repeated the above steps in loop. While running the application I have fired multiple instances of that user space application. But after some iterations it is failing with that kernel panic message. > > > Meanwhile, my guess is, since you do munmap(), you actually also do > kfree() on the kmalloc()-ed page. IIRC, do_unmap in kernel space > eventually put the page back to free slab/slub/slob (of its size). In > other word, the page is still there, but the address is no longer > exist. And this leads to the oops, possibly on the next mmap or > munmap. What is the meaning of the '...page is still there, but the address is no longer exist' ? means that memory is freed to slab allocator? and i don't need to explicitly free that memory with kfree().? I tried without freeing the 'struct test' in close() in kernel space. But there was memory leak until the whole RAM is consumed. And i got the same panic message after that. > > > CMIIW people. > > regards, > > Mulyadi > Thanks in advance -- Anuj Aggarwal .''`. : :Ⓐ : # apt-get install hakuna-matata `. `'` `- -- Anuj Aggarwal .''`. : :Ⓐ : # apt-get install hakuna-matata `. `'` `-
