From 7f31259e23a4eb1b95c2f13e816c286a832264dc Mon Sep 17 00:00:00 2001 From: Hugh Dickins Date: Tue, 15 May 2007 22:46:47 +0200 Subject: [PATCH] Jayson Santos has sighted mm/prio_tree.c:78,79 BUGs (kernel bugzilla 8446), and one was sighted a couple of years ago. No reason yet to suppose they're prio_tree bugs, but we can't tell much about them without seeing the vmas. So dump vma and the one it's supposed to resemble: I had expected to use print_hex_dump(), but that's designed for u8 dumps, whereas almost every field of vm_area_struct is either a pointer or an unsigned long - which look nonsense dumped as u8s. Replace the two BUG_ONs by a single WARN_ON; and if it fires, just keep this vma out of the tree (truncation and swapout won't be able to find it). How safe this is depends on what the error really is; but we hold a file's i_mmap_lock here, so it may be impossible to recover from BUG_ON. Signed-off-by: Hugh Dickins Cc: Jayson Santos Signed-off-by: Andrew Morton --- mm/prio_tree.c | 33 ++++++++++++++++++++++++++++----- 1 file changed, 28 insertions(+), 5 deletions(-) diff --git a/mm/prio_tree.c b/mm/prio_tree.c index 603ae98d969..c297a467357 100644 --- a/mm/prio_tree.c +++ b/mm/prio_tree.c @@ -67,6 +67,20 @@ * vma->shared.vm_set.head == NULL ==> a list node */ +static void dump_vma(struct vm_area_struct *vma) +{ + void **ptr = (void **) vma; + int i; + + printk("vm_area_struct at %p:", ptr); + for (i = 0; i < sizeof(*vma)/sizeof(*ptr); i++, ptr++) { + if (!(i & 3)) + printk("\n"); + printk(" %p", *ptr); + } + printk("\n"); +} + /* * Add a new vma known to map the same set of pages as the old vma: * useful for fork's dup_mmap as well as vma_prio_tree_insert below. @@ -74,14 +88,23 @@ */ void vma_prio_tree_add(struct vm_area_struct *vma, struct vm_area_struct *old) { - /* Leave these BUG_ONs till prio_tree patch stabilizes */ - BUG_ON(RADIX_INDEX(vma) != RADIX_INDEX(old)); - BUG_ON(HEAP_INDEX(vma) != HEAP_INDEX(old)); - vma->shared.vm_set.head = NULL; vma->shared.vm_set.parent = NULL; - if (!old->shared.vm_set.parent) + if (WARN_ON(RADIX_INDEX(vma) != RADIX_INDEX(old) || + HEAP_INDEX(vma) != HEAP_INDEX(old))) { + /* + * This should never happen, yet it has been seen a few times: + * we cannot say much about it without seeing the vma contents. + */ + dump_vma(vma); + dump_vma(old); + /* + * Don't try to link this (corrupt?) vma into the (corrupt?) + * prio_tree, but arrange for its removal to succeed later. + */ + INIT_LIST_HEAD(&vma->shared.vm_set.list); + } else if (!old->shared.vm_set.parent) list_add(&vma->shared.vm_set.list, &old->shared.vm_set.list); else if (old->shared.vm_set.head) -- 2.11.4.GIT