mlockall() stops if a page in a VMA is unmappable. As the datastore VMA can
contain holes, mlockall() does not process all data pages correctly.
Replace the mapping error VM_FAULT_SIGBUS with a mapping of the zero page.
The vDSO will not access these pages in any case and for other userspace
these pages have undefined contents.
This will allow mlockall() to process all pages within the VMA.
Signed-off-by: Thomas Weißschuh <thomas.weissschuh@linutronix.de>
---
lib/vdso/datastore.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/lib/vdso/datastore.c b/lib/vdso/datastore.c
index 00714c0cf0b24b813bf5b28ff8a19e5f246fce45..f9e37195c2af43c7b2c4b02d01be492d84223ecd 100644
--- a/lib/vdso/datastore.c
+++ b/lib/vdso/datastore.c
@@ -40,7 +40,7 @@ struct vdso_arch_data *vdso_k_arch_data = &vdso_arch_data_store.data;
static vm_fault_t vvar_fault(const struct vm_special_mapping *sm,
struct vm_area_struct *vma, struct vm_fault *vmf)
{
- struct page *page, *timens_page;
+ struct page *page = ZERO_PAGE(0), *timens_page;
unsigned long addr;
vm_fault_t err;
@@ -52,7 +52,7 @@ static vm_fault_t vvar_fault(const struct vm_special_mapping *sm,
switch (vmf->pgoff) {
case VDSO_TIME_PAGE_OFFSET:
if (!IS_ENABLED(CONFIG_HAVE_GENERIC_VDSO))
- return VM_FAULT_SIGBUS;
+ break;
page = virt_to_page(vdso_k_time_data);
if (timens_page) {
/*
@@ -75,17 +75,17 @@ static vm_fault_t vvar_fault(const struct vm_special_mapping *sm,
* See also the comment near timens_setup_vdso_data().
*/
if (!IS_ENABLED(CONFIG_TIME_NS) || !timens_page)
- return VM_FAULT_SIGBUS;
+ break;
page = virt_to_page(vdso_k_time_data);
break;
case VDSO_RNG_PAGE_OFFSET:
if (!IS_ENABLED(CONFIG_VDSO_GETRANDOM))
- return VM_FAULT_SIGBUS;
+ break;
page = virt_to_page(vdso_k_rng_data);
break;
case VDSO_ARCH_PAGES_START ... VDSO_ARCH_PAGES_END:
if (!IS_ENABLED(CONFIG_ARCH_HAS_VDSO_ARCH_DATA))
- return VM_FAULT_SIGBUS;
+ break;
page = virt_to_page(vdso_k_arch_data) + vmf->pgoff - VDSO_ARCH_PAGES_START;
break;
default:
--
2.51.0
Hello,
kernel test robot noticed "WARNING:at_include/linux/rmap.h:#__folio_rmap_sanity_checks" on:
commit: a2efb5881ffebbc0d9dda8a9751e1d7867d97407 ("[PATCH v2 3/3] vdso/datastore: Map zero page for unavailable data")
url: https://github.com/intel-lab-lkp/linux/commits/Thomas-Wei-schuh/vdso-datastore-Explicitly-prevent-remote-access-to-timens-vvar-page/20250901-204507
patch link: https://lore.kernel.org/all/20250901-vdso-mlockall-v2-3-68f5a6f03345@linutronix.de/
patch subject: [PATCH v2 3/3] vdso/datastore: Map zero page for unavailable data
in testcase: rcutorture
version:
with following parameters:
runtime: 300s
test: cpuhotplug
torture_type: trivial
config: x86_64-randconfig-004-20250902
compiler: gcc-11
test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G
(please refer to attached dmesg/kmsg for entire log/backtrace)
+--------------------------------------------------------------------------------------+------------+------------+
| | c6b2010c61 | a2efb5881f |
+--------------------------------------------------------------------------------------+------------+------------+
| boot_successes | 10 | 0 |
| WARNING:at_include/linux/rmap.h:#__folio_rmap_sanity_checks | 0 | 10 |
| RIP:__folio_rmap_sanity_checks | 0 | 10 |
| WARNING:at_mm/memory.c:#vm_normal_page | 0 | 10 |
| RIP:vm_normal_page | 0 | 10 |
+--------------------------------------------------------------------------------------+------------+------------+
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@intel.com>
| Closes: https://lore.kernel.org/oe-lkp/202509041007.5c891a1-lkp@intel.com
[ 356.804073][ T816] ------------[ cut here ]------------
[ 356.804496][ T816] WARNING: CPU: 0 PID: 816 at include/linux/rmap.h:414 __folio_rmap_sanity_checks+0xa9/0x2ef
[ 356.805346][ T816] Modules linked in: rcutorture torture mousedev tiny_power_button button drm fuse drm_panel_orientation_quirks firmware_class
[ 356.806436][ T816] CPU: 0 UID: 0 PID: 816 Comm: watchdog Not tainted 6.17.0-rc1-00003-ga2efb5881ffe #1 PREEMPT(lazy)
[ 356.807235][ T816] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 356.808073][ T816] RIP: __folio_rmap_sanity_checks+0xa9/0x2ef
[ 356.808648][ T816] Code: 75 43 4c 89 e7 48 c7 c6 6c 3e 99 aa e8 26 12 fe ff b9 01 00 00 00 31 d2 be 01 00 00 00 48 c7 c7 60 14 2b ab e8 20 78 f6 ff 90 <0f> 0b 90 b9 01 00 00 00 31 d2 be 01 00 00 00 48 c7 c7 30 14 2b ab
All code
========
0: 75 43 jne 0x45
2: 4c 89 e7 mov %r12,%rdi
5: 48 c7 c6 6c 3e 99 aa mov $0xffffffffaa993e6c,%rsi
c: e8 26 12 fe ff call 0xfffffffffffe1237
11: b9 01 00 00 00 mov $0x1,%ecx
16: 31 d2 xor %edx,%edx
18: be 01 00 00 00 mov $0x1,%esi
1d: 48 c7 c7 60 14 2b ab mov $0xffffffffab2b1460,%rdi
24: e8 20 78 f6 ff call 0xfffffffffff67849
29: 90 nop
2a:* 0f 0b ud2 <-- trapping instruction
2c: 90 nop
2d: b9 01 00 00 00 mov $0x1,%ecx
32: 31 d2 xor %edx,%edx
34: be 01 00 00 00 mov $0x1,%esi
39: 48 c7 c7 30 14 2b ab mov $0xffffffffab2b1430,%rdi
Code starting with the faulting instruction
===========================================
0: 0f 0b ud2
2: 90 nop
3: b9 01 00 00 00 mov $0x1,%ecx
8: 31 d2 xor %edx,%edx
a: be 01 00 00 00 mov $0x1,%esi
f: 48 c7 c7 30 14 2b ab mov $0xffffffffab2b1430,%rdi
[ 356.810186][ T816] RSP: 0000:ffff888134027ac0 EFLAGS: 00010202
[ 356.810645][ T816] RAX: 0000000000000047 RBX: 0000000000000001 RCX: 0000000000000001
[ 356.811230][ T816] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffffffffab2b1460
[ 356.811812][ T816] RBP: ffff888134027af0 R08: 0000000000000000 R09: 0000000098376116
[ 356.812426][ T816] R10: ffffffffab039418 R11: 6e776f5f65676170 R12: ffffea0008d4e800
[ 356.812956][ T816] R13: ffffea0008d4e800 R14: 00000000002353a0 R15: 0000000000000001
[ 356.813474][ T816] FS: 0000000000000000(0000) GS:0000000000000000(0063) knlGS:00000000f7f5d180
[ 356.814114][ T816] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033
[ 356.814536][ T816] CR2: 00000000f69bf000 CR3: 000000013380e000 CR4: 00000000000406b0
[ 356.815051][ T816] Call Trace:
[ 356.815271][ T816] <TASK>
[ 356.815472][ T816] folio_add_file_rmap_ptes (mm/rmap.c:1256 mm/rmap.c:1620 mm/rmap.c:1642)
[ 356.815828][ T816] set_pte_range (mm/memory.c:5313)
[ 356.816166][ T816] finish_fault (mm/memory.c:5438)
[ 356.816458][ T816] ? mmap_read_trylock (include/linux/mmap_lock.h:42 include/linux/mmap_lock.h:473)
[ 356.816779][ T816] do_read_fault (mm/memory.c:5578)
[ 356.817083][ T816] do_pte_missing (mm/memory.c:5707 mm/memory.c:4234)
[ 356.817405][ T816] handle_pte_fault (mm/memory.c:6052)
[ 356.817800][ T816] __handle_mm_fault (mm/memory.c:6196)
[ 356.818061][ T816] handle_mm_fault (mm/memory.c:6375)
[ 356.818306][ T816] faultin_page (mm/gup.c:1146)
[ 356.818539][ T816] __get_user_pages (mm/gup.c:1448)
[ 356.818788][ T816] ? __rcu_read_unlock (kernel/rcu/tree_plugin.h:445 (discriminator 3))
[ 356.819052][ T816] populate_vma_page_range (mm/gup.c:1880 (discriminator 4))
[ 356.819336][ T816] __mm_populate (mm/gup.c:1984)
[ 356.819571][ T816] __do_sys_mlockall (mm/mlock.c:771)
[ 356.819824][ T816] __ia32_sys_mlockall (mm/mlock.c:745)
[ 356.820108][ T816] ia32_sys_call (kbuild/obj/consumer/x86_64-randconfig-004-20250902/./arch/x86/include/generated/asm/syscalls_32.h:153)
[ 356.820361][ T816] do_int80_emulation (arch/x86/entry/syscall_32.c:83 arch/x86/entry/syscall_32.c:172)
[ 356.820799][ T816] asm_int80_emulation (arch/x86/include/asm/idtentry.h:626)
[ 356.821214][ T816] RIP: 0023:0xf7f64579
[ 356.833927][ T816] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 0f 1f 40 00 cd 80 <5d> 5a 59 c3 90 90 90 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00
All code
========
0: b8 01 10 06 03 mov $0x3061001,%eax
5: 74 b4 je 0xffffffffffffffbb
7: 01 10 add %edx,(%rax)
9: 07 (bad)
a: 03 74 b0 01 add 0x1(%rax,%rsi,4),%esi
e: 10 08 adc %cl,(%rax)
10: 03 74 d8 01 add 0x1(%rax,%rbx,8),%esi
...
20: 00 51 52 add %dl,0x52(%rcx)
23: 55 push %rbp
24: 0f 1f 40 00 nopl 0x0(%rax)
28: cd 80 int $0x80
2a:* 5d pop %rbp <-- trapping instruction
2b: 5a pop %rdx
2c: 59 pop %rcx
2d: c3 ret
2e: 90 nop
2f: 90 nop
30: 90 nop
31: 90 nop
32: 2e 8d b4 26 00 00 00 cs lea 0x0(%rsi,%riz,1),%esi
39: 00
3a: 8d .byte 0x8d
3b: b4 26 mov $0x26,%ah
3d: 00 00 add %al,(%rax)
...
Code starting with the faulting instruction
===========================================
0: 5d pop %rbp
1: 5a pop %rdx
2: 59 pop %rcx
3: c3 ret
4: 90 nop
5: 90 nop
6: 90 nop
7: 90 nop
8: 2e 8d b4 26 00 00 00 cs lea 0x0(%rsi,%riz,1),%esi
f: 00
10: 8d .byte 0x8d
11: b4 26 mov $0x26,%ah
13: 00 00 add %al,(%rax)
...
[ 356.835490][ T816] RSP: 002b:00000000ff91bdbc EFLAGS: 00000296 ORIG_RAX: 0000000000000098
[ 356.836193][ T816] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000000
[ 356.836811][ T816] RDX: 000000005664ddf8 RSI: 0000000000000330 RDI: 000000005664eac4
[ 356.837429][ T816] RBP: 00000000ff91c098 R08: 0000000000000000 R09: 0000000000000000
[ 356.842378][ T816] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[ 356.843073][ T816] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 356.843785][ T816] </TASK>
[ 356.844134][ T816] irq event stamp: 4067
[ 356.844505][ T816] hardirqs last enabled at (4075): __up_console_sem (arch/x86/include/asm/irqflags.h:26 (discriminator 3) arch/x86/include/asm/irqflags.h:109 (discriminator 3) arch/x86/include/asm/irqflags.h:151 (discriminator 3) kernel/printk/printk.c:344 (discriminator 3))
[ 356.845309][ T816] hardirqs last disabled at (4082): __up_console_sem (kernel/printk/printk.c:342 (discriminator 3))
[ 356.846150][ T816] softirqs last enabled at (4064): handle_softirqs (kernel/softirq.c:426 kernel/softirq.c:607)
[ 356.846879][ T816] softirqs last disabled at (4053): __do_softirq (kernel/softirq.c:614)
[ 356.847568][ T816] ---[ end trace 0000000000000000 ]---
[ OK ] Started watchdog daemon.
[ OK ] Reached target Graphical Interface.
The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20250904/202509041007.5c891a1-lkp@intel.com
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
© 2016 - 2025 Red Hat, Inc.