subject:"kernel BUG at .\/include\/linux\/mm.h\:LINE\! \(3\)"

Re: kernel BUG at ./include/linux/mm.h:LINE! (3)

2018-01-08 Thread Pete Zaitcev

On Wed, 3 Jan 2018 12:26:04 +0300 "Kirill A. Shutemov" wrote: > > > - unsigned long offset, chunk_idx; > > > + unsigned long offset, chunk_idx, flags; > > > struct page *pageptr; > > > > > > + mutex_lock(>fetch_lock); > > > + spin_lock_irqsave(>b_lock, flags); > > >

Re: kernel BUG at ./include/linux/mm.h:LINE! (3)

2018-01-07 Thread Pete Zaitcev

On Fri, 29 Dec 2017 16:24:20 +0300 "Kirill A. Shutemov" wrote: > Looks like MON_IOCT_RING_SIZE reallocates ring buffer without any > serialization wrt mon_bin_vma_fault(). By the time of get_page() the page > may be freed. As an update: I tried to make a smaller test for

Re: kernel BUG at ./include/linux/mm.h:LINE! (3)

2018-01-03 Thread Pete Zaitcev

On Wed, 3 Jan 2018 13:08:12 -0800 Matthew Wilcox wrote: > > + mutex_lock(>fetch_lock); > > offset = vmf->pgoff << PAGE_SHIFT; > > if (offset >= rp->b_size) > > + mutex_unlock(>fetch_lock); > > return VM_FAULT_SIGBUS; > > chunk_idx = offset

Re: kernel BUG at ./include/linux/mm.h:LINE! (3)

2018-01-03 Thread Matthew Wilcox

On Wed, Jan 03, 2018 at 03:04:19PM -0600, Pete Zaitcev wrote: > @@ -1231,12 +1233,15 @@ static int mon_bin_vma_fault(struct vm_fault *vmf) > unsigned long offset, chunk_idx; > struct page *pageptr; > > + mutex_lock(>fetch_lock); > offset = vmf->pgoff << PAGE_SHIFT; >

Re: kernel BUG at ./include/linux/mm.h:LINE! (3)

2018-01-03 Thread Pete Zaitcev

On Wed, 3 Jan 2018 12:26:04 +0300 "Kirill A. Shutemov" wrote: > > > +++ b/drivers/usb/mon/mon_bin.c > > > @@ -1228,15 +1228,24 @@ static void mon_bin_vma_close(struct > > > vm_area_struct *vma) > > > static int mon_bin_vma_fault(struct vm_fault *vmf) > > > { > > >

Re: kernel BUG at ./include/linux/mm.h:LINE! (3)

2018-01-03 Thread Kirill A. Shutemov

On Wed, Jan 03, 2018 at 01:02:38AM -0600, Pete Zaitcev wrote: > On Fri, 29 Dec 2017 16:24:20 +0300 > "Kirill A. Shutemov" wrote: > > > Looks like MON_IOCT_RING_SIZE reallocates ring buffer without any > > serialization wrt mon_bin_vma_fault(). By the time of get_page() the

Re: kernel BUG at ./include/linux/mm.h:LINE! (3)

2018-01-02 Thread Pete Zaitcev

On Fri, 29 Dec 2017 16:24:20 +0300 "Kirill A. Shutemov" wrote: > Looks like MON_IOCT_RING_SIZE reallocates ring buffer without any > serialization wrt mon_bin_vma_fault(). By the time of get_page() the page > may be freed. Okay. Who knew that you could fork while holding

Re: Fw: kernel BUG at ./include/linux/mm.h:LINE! (3)

2017-12-29 Thread Kirill A. Shutemov

> gre...@linuxfoundation.org, linux-ker...@vger.kernel.org, > linux-usb@vger.kernel.org, mche...@kernel.org, mi...@kernel.org, > syzkaller-b...@googlegroups.com > Subject: kernel BUG at ./include/linux/mm.h:LINE! (3) > > > Hello, > > syzkaller hit the following crash

Re: kernel BUG at ./include/linux/mm.h:LINE! (3)

Re: kernel BUG at ./include/linux/mm.h:LINE! (3)

Re: kernel BUG at ./include/linux/mm.h:LINE! (3)

Re: kernel BUG at ./include/linux/mm.h:LINE! (3)

Re: kernel BUG at ./include/linux/mm.h:LINE! (3)

Re: kernel BUG at ./include/linux/mm.h:LINE! (3)

Re: kernel BUG at ./include/linux/mm.h:LINE! (3)

Re: Fw: kernel BUG at ./include/linux/mm.h:LINE! (3)

8 matches

Site Navigation

Mail list logo

Footer information