3.11-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Fengguang Wu <fengguang...@intel.com>

commit e3b6c655b91e01a1dade056cfa358581b47a5351 upstream.

Toralf runs trinity on UML/i386.  After some time it hangs and the last
message line is

        BUG: soft lockup - CPU#0 stuck for 22s! [trinity-child0:1521]

It's found that pages_dirtied becomes very large.  More than 1000000000
pages in this case:

        period = HZ * pages_dirtied / task_ratelimit;
        BUG_ON(pages_dirtied > 2000000000);
        BUG_ON(pages_dirtied > 1000000000);      <---------

UML debug printf shows that we got negative pause here:

        ick: pause : -984
        ick: pages_dirtied : 0
        ick: task_ratelimit: 0

         pause:
        +       if (pause < 0)  {
        +               extern int printf(char *, ...);
        +               printf("ick : pause : %li\n", pause);
        +               printf("ick: pages_dirtied : %lu\n", pages_dirtied);
        +               printf("ick: task_ratelimit: %lu\n", task_ratelimit);
        +               BUG_ON(1);
        +       }
                trace_balance_dirty_pages(bdi,

Since pause is bounded by [min_pause, max_pause] where min_pause is also
bounded by max_pause.  It's suspected and demonstrated that the
max_pause calculation goes wrong:

        ick: pause : -717
        ick: min_pause : -177
        ick: max_pause : -717
        ick: pages_dirtied : 14
        ick: task_ratelimit: 0

The problem lies in the two "long = unsigned long" assignments in
bdi_max_pause() which might go negative if the highest bit is 1, and the
min_t(long, ...) check failed to protect it falling under 0.  Fix all of
them by using "unsigned long" throughout the function.

Signed-off-by: Fengguang Wu <fengguang...@intel.com>
Reported-by: Toralf Förster <toralf.foers...@gmx.de>
Tested-by: Toralf Förster <toralf.foers...@gmx.de>
Reviewed-by: Jan Kara <j...@suse.cz>
Cc: Richard Weinberger <rich...@nod.at>
Cc: Geert Uytterhoeven <ge...@linux-m68k.org>
Signed-off-by: Andrew Morton <a...@linux-foundation.org>
Signed-off-by: Linus Torvalds <torva...@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gre...@linuxfoundation.org>

---
 mm/page-writeback.c |   10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

--- a/mm/page-writeback.c
+++ b/mm/page-writeback.c
@@ -1104,11 +1104,11 @@ static unsigned long dirty_poll_interval
        return 1;
 }
 
-static long bdi_max_pause(struct backing_dev_info *bdi,
-                         unsigned long bdi_dirty)
+static unsigned long bdi_max_pause(struct backing_dev_info *bdi,
+                                  unsigned long bdi_dirty)
 {
-       long bw = bdi->avg_write_bandwidth;
-       long t;
+       unsigned long bw = bdi->avg_write_bandwidth;
+       unsigned long t;
 
        /*
         * Limit pause time for small memory systems. If sleeping for too long
@@ -1120,7 +1120,7 @@ static long bdi_max_pause(struct backing
        t = bdi_dirty / (1 + bw / roundup_pow_of_two(1 + HZ / 8));
        t++;
 
-       return min_t(long, t, MAX_PAUSE);
+       return min_t(unsigned long, t, MAX_PAUSE);
 }
 
 static long bdi_min_pause(struct backing_dev_info *bdi,


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Reply via email to