• Michal Hocko's avatar
    mm: fix double mmap_sem unlock on MMF_UNSTABLE enforced SIGBUS · 76e8fe02
    Michal Hocko authored
    commit 5b53a6ea upstream.
    
    Tetsuo Handa has noticed that MMF_UNSTABLE SIGBUS path in
    handle_mm_fault causes a lockdep splat
    
      Out of memory: Kill process 1056 (a.out) score 603 or sacrifice child
      Killed process 1056 (a.out) total-vm:4268108kB, anon-rss:2246048kB, file-rss:0kB, shmem-rss:0kB
      a.out (1169) used greatest stack depth: 11664 bytes left
      DEBUG_LOCKS_WARN_ON(depth <= 0)
      ------------[ cut here ]------------
      WARNING: CPU: 6 PID: 1339 at kernel/locking/lockdep.c:3617 lock_release+0x172/0x1e0
      CPU: 6 PID: 1339 Comm: a.out Not tainted 4.13.0-rc3-next-20170803+ #142
      Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 07/02/2015
      RIP: 0010:lock_release+0x172/0x1e0
      Call Trace:
         up_read+0x1a/0x40
         __do_page_fault+0x28e/0x4c0
         do_page_fault+0x30/0x80
         page_fault+0x28/0x30
    
    The reason is that the page fault path might have dropped the mmap_sem
    and returned with VM_FAULT_RETRY.  MMF_UNSTABLE check however rewrites
    the error path to VM_FAULT_SIGBUS and we always expect mmap_sem taken in
    that path.  Fix this by taking mmap_sem when VM_FAULT_RETRY is held in
    the MMF_UNSTABLE path.
    
    We cannot simply add VM_FAULT_SIGBUS to the existing error code because
    all arch specific page fault handlers and g-u-p would have to learn a
    new error code combination.
    
    Link: http://lkml.kernel.org/r/20170807113839.16695-2-mhocko@kernel.org
    Fixes: 3f70dc38 ("mm: make sure that kthreads will not refault oom reaped memory")
    Reported-by: default avatarTetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
    Signed-off-by: default avatarMichal Hocko <mhocko@suse.com>
    Acked-by: default avatarDavid Rientjes <rientjes@google.com>
    Cc: Andrea Argangeli <andrea@kernel.org>
    Cc: "Kirill A. Shutemov" <kirill@shutemov.name>
    Cc: Oleg Nesterov <oleg@redhat.com>
    Cc: Wenwei Tao <wenwei.tww@alibaba-inc.com>
    Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
    Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    76e8fe02
memory.c 118 KB