From: Linus Torvalds <torvalds@linux-foundation.org>
To: Suresh Siddha <suresh.b.siddha@intel.com>
Cc: Sasha Levin <levinsasha928@gmail.com>,
Andrew Morton <akpm@linux-foundation.org>,
dwmw2@infradead.org,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
linux-mtd@lists.infradead.org, linux-mm <linux-mm@kvack.org>,
Dave Jones <davej@redhat.com>
Subject: Re: mtd: kernel BUG at arch/x86/mm/pat.c:279!
Date: Fri, 7 Sep 2012 16:09:59 -0700 [thread overview]
Message-ID: <CA+55aFwW9Q+DM2gZy7r3JQJbrbMNR6sN+jewc2CY0i1wD_X=Tw@mail.gmail.com> (raw)
In-Reply-To: <1347057778.26695.68.camel@sbsiddha-desk.sc.intel.com>
On Fri, Sep 7, 2012 at 3:42 PM, Suresh Siddha <suresh.b.siddha@intel.com> wrote:
> - unsigned long start;
> - unsigned long off;
> - u32 len;
> + resource_size_t start, off;
> + unsigned long len;
So since the oops is on x86-64, I don't think it's the "unsigned long"
-> "resource_size_t" part (which can be an issue on 32-bit
architectures, though).
The "u32 len" -> "unsigned long len" thing *might* make a difference, though.
I also think your patch is incomplete even on 32-bit, because this:
> if (mtd->type == MTD_RAM || mtd->type == MTD_ROM) {
> off = vma->vm_pgoff << PAGE_SHIFT;
is still wrong. It probably should be
off = vma->vm_pgoff;
off <<= PAGE_SHIFT;
because vm_pgoff may be a 32-bit type, while "resource_size_t" may be
64-bit. Shifting the 32-bit type without a cast (implicit or explicit)
isn't going to help.
That said, we have absolutely *tons* of bugs with this particular
pattern. Just do
git grep 'vm_pgoff.*<<.*PAGE_SHIFT'
and there are distressingly few casts in there (there's a few, mainly
in fs/proc).
Now, I suspect many of them are fine just because most users probably
are size-limited anyway, but it's a bit distressing stuff. And I
suspect it means we might want to introduce a helper function like
static inline u64 vm_offset(struct vm_area_struct *vma)
{
return (u64)vma->vm_pgoff << PAGE_SHIFT;
}
or something. Maybe add the "vm_length()" helper while at it too,
since the whole "vma->vm_end - vma->vm_start" thing is so common.
Anyway, since Sasha's oops is clearly not 32-bit, the above issues
don't matter, and it would be interesting to hear if it's the 32-bit
'len' thing that triggers this problem. Still, I can't see how it
would - as far as I can tell, a truncated 'len' would at most result
in spurious early "return -EINVAL", not any real problem.
What are we missing?
Sasha, since you can apparently reproduce it, can you replace the
"BUG_ON()" with just a
if (start >= end) {
printf("bogus range %llx - %llx\n", start, end);
return -EINVAL;
}
or something.
I'm starting to suspect that maybe it's actually that the length is
*zero*, and start == end, and that we should just return zero for that
case. But let's see what Sasha finds..
Linus
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next prev parent reply other threads:[~2012-09-07 23:10 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-06-29 8:48 Sasha Levin
2012-07-30 11:00 ` Sasha Levin
2012-09-07 16:55 ` Sasha Levin
2012-09-07 18:14 ` Linus Torvalds
2012-09-07 22:42 ` Suresh Siddha
2012-09-07 23:09 ` Linus Torvalds [this message]
2012-09-07 23:54 ` Suresh Siddha
2012-09-08 19:57 ` Linus Torvalds
2012-09-09 14:56 ` Suresh Siddha
2012-09-09 15:31 ` Linus Torvalds
2012-09-09 17:01 ` H. Peter Anvin
2012-09-12 10:50 ` Sasha Levin
2012-09-12 10:56 ` Sasha Levin
2012-09-28 9:00 ` Sasha Levin
2012-09-28 16:44 ` Linus Torvalds
2012-09-28 18:05 ` Artem Bityutskiy
2012-09-28 19:13 ` Linus Torvalds
2012-09-28 19:44 ` Sasha Levin
2012-09-28 19:04 ` David Woodhouse
2012-09-28 19:15 ` richard -rw- weinberger
2012-09-28 19:18 ` richard -rw- weinberger
2012-09-29 16:11 ` David Woodhouse
2012-09-29 16:34 ` David Woodhouse
2012-09-09 16:56 ` H. Peter Anvin
2012-09-09 19:04 ` David Woodhouse
2012-09-09 20:33 ` H. Peter Anvin
2012-09-10 5:17 ` Sasha Levin
2012-09-08 8:10 ` Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CA+55aFwW9Q+DM2gZy7r3JQJbrbMNR6sN+jewc2CY0i1wD_X=Tw@mail.gmail.com' \
--to=torvalds@linux-foundation.org \
--cc=akpm@linux-foundation.org \
--cc=davej@redhat.com \
--cc=dwmw2@infradead.org \
--cc=levinsasha928@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-mtd@lists.infradead.org \
--cc=suresh.b.siddha@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox