Re: [PATCH] mm: Fix wrong kunmap_atomic() pointer

From: Steven Rostedt
Date: Fri Jun 03 2011 - 23:55:00 EST


On Fri, 2011-06-03 at 23:37 -0400, Steven Rostedt wrote:

> The problem came in d16dfc55 where it introduced a "break;" from the
> while loop. This alone did not seem to easily trigger the bug. But the
> modifications made by e303297e6 caused that "break;" to be hit on the
> first iteration, before the pte++.
>
> The pte not being incremented will now cause pte_unmap_unlock(pte - 1)
> to be pointing to the previous page. This will cause the wrong page to
> be unmapped, and also trigger the warning above.

Note, just to prove this was the case, by adding a few trace_printks()
and a tracing_off() when the bug hit, I found the following:

<...>-93 [000] 65.630994: unmap_vmas: enter addr=0xa00000 end=0xa53000
<...>-93 [000] 65.630995: unmap_vmas: pte=fffb9000
<...>-93 [000] 65.630996: unmap_vmas: loop pte=fffb9000 addr=0xa00000
<...>-93 [000] 65.630996: unmap_vmas: force flush!
<...>-93 [000] 65.630997: unmap_vmas: end loop pte=fffb9000
<...>-93 [000] 65.630997: unmap_vmas: unlock pte-1=fffb8ff8

-- Steve

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/