On Tue, Aug 11, 2015 at 04:39:08PM +0530, Ankit Jindal wrote: > Hi, > > We have observed an issue where kmalloc of a small sized memory causes > an occasional trace when unmapping the mmaped memory via UIO framework > This trace is coming when kernel sees a negative value in > page->_mapcount. Trace is pasted at the end of the mail. > > After debugging this issue further, we realized following sequence > occurs when kmalloc is used to allocate small memory using slub > allocator: > 1. Frozen bit (msb) of the page from which memory has been allocated > is set (which is an union with _mapcount). > 2. If there are free objects in the the same page then this frozen bit > remains set even after kernel boots completely. > 3. When user space calls unmap of this memory, vma_unmap_single() > treats the _mapcount as a negative (as frozen bit is set), causing a > trace. > > We are not sure whether exposing kernel memory of size > less than PAGE_SIZE via UIO is a valid use case ? In case this is an invalid > use case then shouldn't the UIO framework restrict mapping of non > PAGE_SIZE aligned memory and size not in order of PAGE_SIZE.
We've had a few discussions about this in the past, and one proposed patch which had to be reverted because it broke some working systems, so it's a messy thing. What UIO driver are you using that causes this behavior? thanks, greg k-h -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
