From: Chulmin Kim <cmlaika.kim@samsung.com>
To: Chulmin Kim <cmkim.laika@gmail.com>,
"linux-mm@kvack.org" <linux-mm@kvack.org>,
aarcange@redhat.com
Subject: Re: Question about a pte with PTE_PROT_NONE and !PTE_VALID on !PROT_NONE vma
Date: Sat, 22 Sep 2018 13:38:07 +0900 [thread overview]
Message-ID: <10146a73-4788-ba89-001f-f928bbb314f5@samsung.com> (raw)
In-Reply-To: <CANYKp7ufttxsNkewBqgYDexMAoyVnMxgoy-EydCqmHadxyn+QQ@mail.gmail.com>
Dear Arcangeli,
I think this problem is very much related with
the race condition shown in the below commit.
(e86f15ee64d8, mm: vma_merge: fix vm_page_prot SMP race condition
against rmap_walk)
I checked that
the the thread and its child threads are doing mprotect(PROT_{NONE or
R|W}) things repeatedly
while I didn't reproduce the problem yet.
Do you think this is one of the phenomenon you expected
from the race condition shown in the above commit?
Thanks.
Chulmin Kim
On 09/22/2018 12:01 AM, Chulmin Kim wrote:
> Hi all.
> I am developing an android smartphone.
>
> I am facing a problem that a thread is looping the page fault routine
> forever.
> (The kernel version is around v4.4 though it may differ from the
> mainline slightly
> as the problem occurs in a device being developed in my company.)
>
> The pte corresponding to the fault address is with PTE_PROT_NONE and
> !PTE_VALID.
> (by the way, the pte is mapped to anon page (ashmem))
> The weird thing, in my opinion, is that
> the VMA of the fault address is not withA PROT_NONEA but with PROT_READ
> & PROT_WRITE.
> So, the page fault routine (handle_pte_fault()) returns 0 and fault
> loops forever.
>
> I don't think this is a normal situation.
>
> As I didn't enable NUMA, a pte with PROT_NONE and !PTE_VALID is likely
> set by mprotect().
> 1. mprotect(PROT_NONE) -> vma split & set pte with PROT_NONE
> 2. mprotect(PROT_READ & WRITE) -> vma merge & revert pte
> I suspect that the revert pte in #2 didn't work somehow
> but no clue.
>
> I googled and found a similar situation
> (http://linux-kernel.2935.n7.nabble.com/pipe-page-fault-oddness-td953839.html)
> which is relevant to NUMA and huge pagetable configs
> while my device is nothing to do with those configs.
>
> Am I missing any possible scenario? or is it already known BUG?
> It will be pleasure if you can give any idea about this problem.
>
> Thanks.
> Chulmin Kim
next prev parent reply other threads:[~2018-09-22 4:38 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <CGME20180921150147epcas5p33964436b2e609016311e4f12b715779d@epcas5p3.samsung.com>
2018-09-21 15:01 ` Chulmin Kim
2018-09-22 4:38 ` Chulmin Kim [this message]
2018-09-24 21:08 ` Andrea Arcangeli
2018-09-27 5:10 ` Chulmin Kim
2018-10-05 6:26 ` Chulmin Kim
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=10146a73-4788-ba89-001f-f928bbb314f5@samsung.com \
--to=cmlaika.kim@samsung.com \
--cc=aarcange@redhat.com \
--cc=cmkim.laika@gmail.com \
--cc=linux-mm@kvack.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox