<div dir="ltr"><div><div>Check for two things:<br></div>1. Handle error from mmap() call in user space, it seems munmap is called unconditionally.<br><pre>while(1) {
str = mmap(vma); //always map the same address and offset
(they are set to zero), logger will handle this
fwrite(str, 4096, fd);
munmap(str);
}<br><br></pre>2. Debug more why logger_vma_fault is failing? Is there a window where you might have buffer list empty while you arrange for new page?<br><br></div>-Rajat<br></div><div class="gmail_extra"><br><br><div class="gmail_quote">
On Wed, Feb 26, 2014 at 5:31 PM, Le Tan <span dir="ltr"><<a href="mailto:tamlokveer@gmail.com" target="_blank">tamlokveer@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">OK, I will look into this. Is it OK to block vm_fault?<div> I have another question. In my userspace program, I mmap() my device, then read something, then munmap() my device() and then mmap() my device again. The program do this in a loop. Everytime it mmap() the same address and offset.<div>
My device maintains a list of pages. In vm_operations fault, I just map the address to the head of the list. And in vm_operations close, I just delete the head from the list and free the page.</div></div><div>Everything seems to be OK except that after I call the munmap() in the program, there is an error message. The error seems to happens between the call of vm_operations fault and vm_operations close. I have posted this question before ( <a href="http://www.spinics.net/lists/newbies/msg51339.html" target="_blank">See this</a> ).</div>
<div><br></div>[42522.596689] logger_mmap():start:7f8ff57be000, end:7f8ff57bf000<br>//this is the mmap() function of my device module<br>[42522.596694] logger_vma_fault():vmf->pgoff:0d,start:7f8ff57be000,pgoff:0,offset:0<br>
//this is the fault function of struct vm_operations_struct<br>[42522.596729] BUG: Bad page map in process logger_pro<br>pte:8000000612a30025 pmd:314175067 //this is the error<br>[42522.596740] page:ffffea00184a8c00 count:2 mapcount:-<a href="tel:2146959356" value="+12146959356" target="_blank">2146959356</a><br>
mapping: (null) index:0xffff880612a36000<br>[42522.596747] page flags: 0x200000000004080(slab|head)<br>[42522.596811] addr:00007f8ff57be000 vm_flags:04040071 anon_vma:<br>(null) mapping:ffff880613b25f08 index:0<br>[42522.596824] vma->vm_ops->fault: logger_vma_fault+0x0/0x140 [logger]<br>
[42522.596834] vma->vm_file->f_op->mmap: logger_mmap+0x0/0xd50 [logger]<br>[42522.596842] CPU: 1 PID: 21571 Comm: logger_pro Tainted: G B<br>IO 3.11.0+ #1<br>[42522.596844] Hardware name: Dell Inc. PowerEdge M610/000HYJ, BIOS<br>
2.0.13 04/06/2010<br>[42522.596846] 00007f8ff57be000 ffff880314199c98 ffffffff816ad166<br>0000000000006959<br>[42522.596851] ffff880314539a98 ffff880314199ce8 ffffffff8114e270<br>ffffea00184a8c00<br>[42522.596854] 0000000000000000 ffff880314199cc8 00007f8ff57be000<br>
ffff880314199e18<br>[42522.596858] Call Trace:<br>[42522.596867] [<ffffffff816ad166>] dump_stack+0x46/0x58<br>[42522.596872] [<ffffffff8114e270>] print_bad_pte+0x190/0x250<br>[42522.596877] [<ffffffff8115027b>] unmap_single_vma+0x6cb/0x7a0<br>
[42522.596880] [<ffffffff81150bd4>] unmap_vmas+0x54/0xa0<br>[42522.596885] [<ffffffff81155aa7>] unmap_region+0xa7/0x110<br>[42522.596888] [<ffffffff81157f97>] do_munmap+0x1f7/0x3e0<br>[42522.596891] [<ffffffff811581ce>] vm_munmap+0x4e/0x70<br>
[42522.596904] [<ffffffff811591bb>] SyS_munmap+0x2b/0x40<br>[42522.596915] [<ffffffff816bc9c2>] system_call_fastpath+0x16/0x1b<br>[42522.596920] logger_vma_close():start:7f8ff57be000,<br>end:7f8ff57bf000, vmas:0 //this is the close function of struct vm_operations_struct<div>
<br>So do you have any idea about this error?<br>Thanks very much!</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">2014-02-27 9:04 GMT+08:00 Rajat Sharma <span dir="ltr"><<a href="mailto:fs.rajat@gmail.com" target="_blank">fs.rajat@gmail.com</a>></span>:<div>
<div class="h5"><br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Why do you need to block in mmap()? mmap is supposed to create a mapping area in virtual address space for the process. Actual transfer happens later through page fault handlers on demand basis. look at vm_operations fault/readpage etc methods, these might be the places you want to wait for the data.<br>
</div><div><div><div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, Feb 26, 2014 at 4:14 PM, Le Tan <span dir="ltr"><<a href="mailto:tamlokveer@gmail.com" target="_blank">tamlokveer@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">So what should I do if I want the mmap() not to return right now? Is<br>
it strange to block in mmap() and few people will do this? Thanks for<br>
your help!<br>
<br>
2014-02-27 4:45 GMT+08:00 Rajat Sharma <<a href="mailto:fs.rajat@gmail.com" target="_blank">fs.rajat@gmail.com</a>>:<br>
<div><div>> It seems this task "landscape-sysin" is trying to peek into virtual memory<br>
> of your processes and the process within mmap call is holding its<br>
> mm->mmap_sem semaphore which grants access to its address space.<br>
> landscape-sysin is trying to grab this semaphore to poke into address space<br>
> of your mmap process address space. As from your description, it might be<br>
> invoked everytime you are opening a new shell. Not sure why this process<br>
> bother's about other process address space. Little googling shows this as<br>
> relevant to your case:<br>
><br>
> <a href="http://www.techques.com/question/2-66765/Disable-usage-of-console-kit-daemon-in-Ubuntu" target="_blank">http://www.techques.com/question/2-66765/Disable-usage-of-console-kit-daemon-in-Ubuntu</a><br>
><br>
> Your read process is innocent and not involved in this deadlock.<br>
><br>
> -Rajat<br>
><br>
><br>
> On Wed, Feb 26, 2014 at 4:13 AM, Le Tan <<a href="mailto:tamlokveer@gmail.com" target="_blank">tamlokveer@gmail.com</a>> wrote:<br>
>><br>
>> Hi, I am writing a driver module. Now I have some questions about blocked<br>
>> I/O.<br>
>> my_read() is the read function in the file_operations struct in my<br>
>> module. my_read() is just as simple as this:<br>
>> ssize_t my_read(....)<br>
>> {<br>
>> if(wait_event_interruptible(dev->queue, a == b))<br>
>> return -ERESTARTSYS;<br>
>> return count;<br>
>> }<br>
>> Then I write a simple program to open and read the device. Obviously<br>
>> the program will be blocked. Now I still can open a new shell window<br>
>> and log in ( I use xshell).<br>
>><br>
>> However, then I implement my_mmap(), the mmap function in the<br>
>> file_operations struct in my module, like this:<br>
>> int my_mmap(....)<br>
>> {<br>
>> if(wait_event_interruptible(dev->queue, a == b))<br>
>> return -ERESTARTSYS;<br>
>> return 0;<br>
>> }<br>
>> Then I write a simple program to open and mmap() the device. Obviously<br>
>> the program will be blocked again. However, when I open a new shell<br>
>> window in xshell and try to connect to the linux, it displays like<br>
>> this:<br>
>><br>
>> Connecting to 192.168.146.118:22...<br>
>> Connection established.<br>
>> To escape to local shell, press 'Ctrl+Alt+]'.<br>
>><br>
>> And I can't log in! Then after a while, in the syslog, there is one<br>
>> message like this:<br>
>> [38306.614103] INFO: task landscape-sysin:17616 blocked for more than<br>
>> 120 seconds.<br>
>> [38306.614114] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs"<br>
>> disables this message.<br>
>> [38306.614120] landscape-sysin D ffffffff8180fb60 0 17616 17609<br>
>> 0x00000000<br>
>> [38306.614125] ffff88031d609c90 0000000000000082 ffff88032fffdb08<br>
>> 0000000000000000<br>
>> [38306.614130] ffff8803130bdc40 ffff88031d609fd8 ffff88031d609fd8<br>
>> ffff88031d609fd8<br>
>> [38306.614133] ffff88062150c530 ffff8803130bdc40 0000004100000000<br>
>> ffff8803130bdc40<br>
>> [38306.614137] Call Trace:<br>
>> [38306.614147] [<ffffffff816b2c49>] schedule+0x29/0x70<br>
>> [38306.614151] [<ffffffff816b3acd>] rwsem_down_read_failed+0x9d/0xf0<br>
>> [38306.614157] [<ffffffff81341824>] call_rwsem_down_read_failed+0x14/0x30<br>
>> [38306.614160] [<ffffffff816b1644>] ? down_read+0x24/0x2b<br>
>> [38306.614166] [<ffffffff81153661>] __access_remote_vm+0x41/0x1f0<br>
>> [38306.614170] [<ffffffff81153ddb>] access_process_vm+0x5b/0x80<br>
>> [38306.614175] [<ffffffff811ea423>] proc_pid_cmdline+0x93/0x120<br>
>> [38306.614178] [<ffffffff811eb425>] proc_info_read+0xa5/0xf0<br>
>> [38306.614182] [<ffffffff81186e84>] vfs_read+0xb4/0x180<br>
>> [38306.614185] [<ffffffff81187102>] SyS_read+0x52/0xa0<br>
>> [38306.614189] [<ffffffff816bc8c2>] system_call_fastpath+0x16/0x1b<br>
>><br>
>> If I terminate the program by force, then I can log in right now.<br>
>> So, are there any differences between the read and the mmap function<br>
>> to the wait_event_interruptible()? Why? If I want to block mmap() just<br>
>> like blocking read(), what should I do? Or it is impossible?<br>
>> Thanks!<br>
>><br>
>> _______________________________________________<br>
>> Kernelnewbies mailing list<br>
>> <a href="mailto:Kernelnewbies@kernelnewbies.org" target="_blank">Kernelnewbies@kernelnewbies.org</a><br>
>> <a href="http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies" target="_blank">http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies</a><br>
><br>
><br>
</div></div></blockquote></div><br></div>
</div></div></blockquote></div></div></div><br></div>
</blockquote></div><br></div>