From mboxrd@z Thu Jan 1 00:00:00 1970 Subject: Re: Oops in __free_pages_ok (pre7-1) (Long) References: From: "Juan J. Quintela" In-Reply-To: Andrea Arcangeli's message of "Wed, 3 May 2000 00:08:11 +0200 (CEST)" Date: 03 May 2000 01:58:30 +0200 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-linux-mm@kvack.org Return-Path: To: Andrea Arcangeli Cc: linux-mm@kvack.org, Linus Torvalds , Kanoj Sarcar List-ID: >>>>> "andrea" == Andrea Arcangeli writes: Hi Andrea andrea> On 2 May 2000, Juan J. Quintela wrote: >> swap_entry bit, but not agreement in which is the correct one. andrea> My latest one is the correct one but I would also use the atomic operation andrea> in shrink_mmap even if we hold the page lock to be fully safe. I have an andrea> assert that BUG if a page is freed with such bit set and it never triggers andrea> since I noticed the few problematic places thanks to Ben. [...] andrea> Are you sure it solves the problem? Could you try also the other patch I andrea> sent you in the email of 1 minute ago? that should be even more effective. Hi, I have just tested 4 changes against 2.3.99-pre7-1: (I use also Rik semicolon patch and Al Viro mount-7-1-B patch). The test is: while (true); do time ./mmap002; done 1- I tested without any more patches, it Oops in page_alloc.c:__free_pages_ok(): I got a lot of kernel BUG at page_alloc.c:104! and one page_alloc.c:102. This is in the second iteration. See the Oops attached. 2- I tested with Andrea patch, make in acquire_swap_entry to always allocate a new swap_entry, i.e. Don't use the PG_swap_entry information. No problems after 18 iterations. 3- I tested with my patch (never set the PG_swap_entry bit). No problem after 16 iterations. 4- I added a test in __free_pages_ok, checking for the PG_swap_entry bit. --- testing/mm/page_alloc.c Mon May 1 18:34:49 2000 +++ pre7-1plus/mm/page_alloc.c Wed May 3 01:06:26 2000 @@ -110,6 +110,8 @@ BUG(); if (PageDecrAfter(page)) BUG(); + if (PageSwapEntry(page)) + BUG(); zone = page->zone; this kernel BUG() in the first iteration. And it does in this new check. See the attached Oops reports. If you need any more information, some more test, let me know. Later, Juan. PD. There are 4 identicals machines, K6-2 266Mhz, 96MB RAM, headless, and the only proccess running was that one (except system daemons and similars). 1st test. Normal kernel. invalid operand: 0000 CPU: 0 EIP: 0010:[] Using defaults from ksymoops -t elf32-i386 -a i386 EFLAGS: 00010282 eax: 00000020 ebx: c1000128 ecx: 00000017 edx: 00000000 esi: c1000128 edi: c12f8538 ebp: 00000000 esp: c5fd7ed4 ds: 0018 es: 0018 ss: 0018 Process kswapd (pid: 2, stackpage=c5fd7000) Stack: c01d02a4 c01d05b2 00000068 c5f96c20 c1000128 c12f8538 c545e240 40c00000 41000000 00000004 00000018 00000018 c0126645 4c14f000 c12f8538 4c0b3000 4c400000 00043e00 c0126894 c5f96c20 c545e240 4c14e000 c12f8538 00000004 Call Trace: [] [] [] [] [] [] [] [] [] Code: 0f 0b 83 c4 0c 89 f6 89 d8 2b 05 6c b9 20 c0 69 c0 39 8e e3 >>EIP; c0127029 <__free_pages_ok+49/298> <===== Trace; c01d02a4 Trace; c01d05b2 Trace; c0126645 Trace; c0126894 Trace; c012695c Trace; c0126af5 Trace; c0126bca Trace; c0126c7a Trace; c0108cc4 Code; c0127029 <__free_pages_ok+49/298> 00000000 <_EIP>: Code; c0127029 <__free_pages_ok+49/298> <===== 0: 0f 0b ud2a <===== Code; c012702b <__free_pages_ok+4b/298> 2: 83 c4 0c addl $0xc,%esp Code; c012702e <__free_pages_ok+4e/298> 5: 89 f6 movl %esi,%esi Code; c0127030 <__free_pages_ok+50/298> 7: 89 d8 movl %ebx,%eax Code; c0127032 <__free_pages_ok+52/298> 9: 2b 05 6c b9 20 subl 0xc020b96c,%eax Code; c0127037 <__free_pages_ok+57/298> e: c0 Code; c0127038 <__free_pages_ok+58/298> f: 69 c0 39 8e e3 imull $0xe38e39,%eax,%eax Code; c012703d <__free_pages_ok+5d/298> 14: 00 For the next Oops I put only the traces, if you need more information, let me know. >>EIP; c0127029 <__free_pages_ok+49/298> <===== Trace; c01d02a4 Trace; c01d05b2 Trace; c011f7ec Trace; c0126b7b Trace; c0126d20 Trace; c01274f0 Trace; c01275d1 <__alloc_pages+ad/e0> Trace; c011dbec Trace; c011dc98 Trace; c011de00 Trace; c01108b7 Trace; c01185e4 Trace; c011bc27 Trace; c011bd02 Trace; c0119133 Trace; c0119087 Trace; c0118f82 Trace; c010bd2a Trace; c010ae4d Other: >>EIP; c0127029 <__free_pages_ok+49/298> <===== Trace; c01d02a4 Trace; c01d05b2 Trace; c01265de Trace; c0126645 Trace; c0126894 Trace; c012695c Trace; c0126af5 Trace; c0126bca Trace; c0126d20 Trace; c01274f0 Trace; c01275d1 <__alloc_pages+ad/e0> Trace; c0125334 Trace; c012580d Trace; c012c7dd Trace; c012c8dc Trace; c012cda7 Trace; c012d26f Trace; c011fc1b Trace; c0143c9e Trace; c0143600 Trace; c011fd70 Trace; c0121247 Trace; c011dcb5 Trace; c011de00 Trace; c01108b7 Trace; c011bc27 Trace; c011bd02 Trace; c0119133 Trace; c0119087 Trace; c011296a Trace; c010ae4d Now the Oops for the 4th test: kernel BUG at page_alloc.c:114! invalid operand: 0000 CPU: 0 EIP: 0010:[] EFLAGS: 00010286 invalid operand: 0000 CPU: 0 EIP: 0010:[] Using defaults from ksymoops -t elf32-i386 -a i386 EFLAGS: 00010286 eax: 00000020 ebx: c1137c48 ecx: 0000003b edx: c5f96c20 esi: c1137c48 edi: c541dd74 ebp: 00000000 esp: c541dd1c ds: 0018 es: 0018 ss: 0018 Process mmap002 (pid: 264, stackpage=c541d000) Stack: c01d02c4 c01d05d2 00000072 c1137c64 c1137c48 c541dd74 00000570 c1137c70 c1137c70 00000286 00000023 00000570 c011f859 0000001e 00000002 00000003 c020bd4c c541dd7c c541dd74 00000000 c541dd6c c541dd6c c11a9c04 c11ae8cc Call Trace: [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] Code: 0f 0b 83 c4 0c 89 f6 8b 73 44 8b 15 8c b9 20 c0 c7 44 24 1c >>EIP; c01270d9 <__free_pages_ok+f9/2b8> <===== Trace; c01d02c4 Trace; c01d05d2 Trace; c011f859 Trace; c0126b7b Trace; c0126d20 Trace; c0127510 Trace; c01275f1 <__alloc_pages+ad/e0> Trace; c0125334 Trace; c012c403 Trace; c012580d Trace; c012c7fd Trace; c012c8fc Trace; c012cdc7 Trace; c012cea1 <__block_write_full_page+4d/110> Trace; c012d795 Trace; c0143620 Trace; c0143caa Trace; c0143620 Trace; c0121458 Trace; c0121710 Trace; c012187a Trace; c012199f Trace; c010ad14 Code; c01270d9 <__free_pages_ok+f9/2b8> 00000000 <_EIP>: Code; c01270d9 <__free_pages_ok+f9/2b8> <===== 0: 0f 0b ud2a <===== Code; c01270db <__free_pages_ok+fb/2b8> 2: 83 c4 0c addl $0xc,%esp Code; c01270de <__free_pages_ok+fe/2b8> 5: 89 f6 movl %esi,%esi Code; c01270e0 <__free_pages_ok+100/2b8> 7: 8b 73 44 movl 0x44(%ebx),%esi Code; c01270e3 <__free_pages_ok+103/2b8> a: 8b 15 8c b9 20 movl 0xc020b98c,%edx Code; c01270e8 <__free_pages_ok+108/2b8> f: c0 Code; c01270e9 <__free_pages_ok+109/2b8> 10: c7 44 24 1c 00 movl $0x0,0x1c(%esp,1) Code; c01270ee <__free_pages_ok+10e/2b8> 15: 00 00 00 For the nexts Oops, only the traces also: >>EIP; c01270d9 <__free_pages_ok+f9/2b8> <===== Trace; c01d02c4 Trace; c01d05d2 Trace; c011f859 Trace; c0126b7b Trace; c0126d20 Trace; c0127510 Trace; c01275f1 <__alloc_pages+ad/e0> Trace; c013924c Trace; c01396a1 Trace; c0139c22 Trace; c010ad14 and another one: >>EIP; c01270d9 <__free_pages_ok+f9/2b8> <===== Trace; c01d02c4 Trace; c01d05d2 Trace; c011f859 Trace; c0126b7b Trace; c0126c7a Trace; c0108cc4 -- In theory, practice and theory are the same, but in practice they are different -- Larry McVoy -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux.eu.org/Linux-MM/