Re: [PATCH hotfix 6.12] maple_tree: correct tree corruption on spanning store

linux-mm.kvack.org archive mirror
 help / color / mirror / Atom feed

From: Lorenzo Stoakes <lorenzo.stoakes@oracle.com>
To: Bert Karwatzki <spasswolf@web.de>
Cc: Andrew Morton <akpm@linux-foundation.org>,
	"Liam R . Howlett" <Liam.Howlett@oracle.com>,
	Matthew Wilcox <willy@infradead.org>,
	Vlastimil Babka <vbabka@suse.cz>,
	linux-mm@kvack.org, linux-kernel@vger.kernel.org,
	Sidhartha Kumar <sidhartha.kumar@oracle.com>,
	Mikhail Gavrilov <mikhail.v.gavrilov@gmail.com>
Subject: Re: [PATCH hotfix 6.12] maple_tree: correct tree corruption on spanning store
Date: Sat, 5 Oct 2024 15:13:36 +0100	[thread overview]
Message-ID: <e7d2ad02-c346-4da2-83f5-9857a79fad60@lucifer.local> (raw)
In-Reply-To: <2eefc57370d54b70e082edfe69bb98d17fa1b27f.camel@web.de>

On Sat, Oct 05, 2024 at 03:24:39PM +0200, Bert Karwatzki wrote:
> Am Samstag, dem 05.10.2024 um 12:17 +0100 schrieb Lorenzo Stoakes:
> > On Sat, Oct 05, 2024 at 07:41:14AM +0100, Lorenzo Stoakes wrote:
> > > Writing a data range into a maple tree may involve overwriting a number of
> > > existing entries that span across more than one node. Doing so invokes a
> > > 'spanning' store.
> > >
> >
> > [snip]
> >
> > Andrew - just to note that I have intentionally left stable off this, in
> > order that wre can allow this to stabilise in the 6.12 release candidates.
> >
> > Up until 6.12 this bug seemed much harder to hit, and as far as I'm aware
> > we've never had a bug report for it prior to this.
>
> I still suspect that this could have been the same error:
> https://lkml.org/lkml/2024/8/28/1558
> When compiling the kernel without CONFIG_DEBUG_VM maple tree bug results in an
> unkillable task, and when trying to kill it first produced the rwsem warning
> (and soon after took down the whole system).
> But I couldn't reproduce it with the given reproducer, either.
>
> Bert Karwatzki
>

Thanks for reminding me of that one!

Yeah unfortunately that thread was very unproductive in that the reporter
gave no feedback or further information. They spammed the list with a bunch
of such reports many looking suspect...

So it is possible, and I suspect that this bug may have caused some other
'weird' crashes that were non-repro in the past.

The difference here may be that we (or rather specifically - you! :)
finally found a way to reliable repro this to the point where we could
diagnose it.

As far as I can tell this could happen even with vma_iter_clear_gfp(), so
old unmap/MAP_FIXED behaviour could have hit it.

BUT a difference now is that we essentially combine the MAP_FIXED with a
merge and overwrite everything in between, so this addition of up to 2
extra entries probably pushed it over the edge to make this event
statistically likely enough for you to have hit it.

Note in your case it took unmapping 6 (!) entries and merging another 2 for
a total of an overwrite spanning 8 entries.

Anyway, assuming we so no issues stabilising this in the rc's I will ping
stable to get this backported and fix this everywhere.

     prev parent reply	other threads:[~2024-10-05 14:13 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-10-05  6:41 Lorenzo Stoakes
2024-10-05 11:17 ` Lorenzo Stoakes
2024-10-05 13:24   ` Bert Karwatzki
2024-10-05 14:13     ` Lorenzo Stoakes [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=e7d2ad02-c346-4da2-83f5-9857a79fad60@lucifer.local \
    --to=lorenzo.stoakes@oracle.com \
    --cc=Liam.Howlett@oracle.com \
    --cc=akpm@linux-foundation.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-mm@kvack.org \
    --cc=mikhail.v.gavrilov@gmail.com \
    --cc=sidhartha.kumar@oracle.com \
    --cc=spasswolf@web.de \
    --cc=vbabka@suse.cz \
    --cc=willy@infradead.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox