xfs
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: generic/320 triggers "list_add attempted on force-poisoned entry" wa

from [Dan Williams] [Permanent Link][Original]
To: Eryu Guan <eguan@xxxxxxxxxx>
Subject: Re: generic/320 triggers "list_add attempted on force-poisoned entry" warning on XFS
From: Dan Williams <dan.j.williams@xxxxxxxxx>
Date: Sat, 27 Feb 2016 12:10:51 -0800
Cc: XFS Developers <xfs@xxxxxxxxxxx>, Ross Zwisler <ross.zwisler@xxxxxxxxxxxxxxx>
Delivered-to: xfs@xxxxxxxxxxx
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc; bh=UqztYv1MwX6hVe/7z3r8u7btSif3BpcLMN8yyXOowaI=; b=YSgcnrI+smTZQfnUQQjqks6HIcpg8J134DnTdMhnVgEJeS9zZhVaPFplPm5nvz0ubu dvpp8ah6U2OCePn9PZNGngywLVksAJcgqyvCgRmeb1Cs4iESP6D0r/NpMSEB+bzjU5/z VggA5RicGxDxi1LJjqbc1vD8QS33lRQAT26CIjspH1eAUVhY7w8vn8wQyGuQhKLsxG4R yoXOmZ6DnG9gXltMFi4zuD64kkb9XcLyRZX6qAQvCK318Shk/uKC2m+lt5vY1cEBJIR1 U7DTMcD7fwDqsNd2LGwbdRGPifg+UjlIptTwgIVwL8aS11GGUS4fWhysDzG0MXwLqWq2 xrmg==
In-reply-to: <20160227130256.GJ11419@xxxxxxxxxxxxxxxxxxxxxxxx>
References: <20160227130256.GJ11419@xxxxxxxxxxxxxxxxxxxxxxxx> 
On Sat, Feb 27, 2016 at 5:02 AM, Eryu Guan <eguan@xxxxxxxxxx> wrote:
> Hi,
>
> Starting from 4.5-rc1 kernel, I sometimes see generic/320 triggers
> "list_add attempted on force-poisoned entry" warnings on XFS, test hosts
> are arm64/ppc64/ppc64le, haven't seen it on x86_64 hosts.

Hmm, this triggers when a list_head has ->next or ->prev pointing at
the address of force_poison which is only defined in lib/list_debug.c.
The only call site that uses list_force_poison() is in
devm_memremap_pages().  That currently depends on CONFIG_ZONE_DEVICE
which in turn depends on X86_64.

So, this appears to be a false positive and the address of
force_poison is somehow ending up on the stack by accident as that is
the random value being passed in from __down_common:

    struct semaphore_waiter waiter;

    list_add_tail(&waiter.list, &sem->wait_list);

So, I think we need a more unique poison value that should never
appear on the stack:

diff --git a/include/linux/poison.h b/include/linux/poison.h
index 4a27153574e2..0604806c2f52 100644
--- a/include/linux/poison.h
+++ b/include/linux/poison.h
@@ -21,6 +21,7 @@
 */
#define LIST_POISON1  ((void *) 0x100 + POISON_POINTER_DELTA)
#define LIST_POISON2  ((void *) 0x200 + POISON_POINTER_DELTA)
+#define LIST_POISON3  ((void *) 0x500 + POISON_POINTER_DELTA)

/********** include/linux/timer.h **********/
/*
diff --git a/lib/list_debug.c b/lib/list_debug.c
index 3345a089ef7b..318bf1c181b2 100644
--- a/lib/list_debug.c
+++ b/lib/list_debug.c
@@ -12,11 +12,10 @@
#include <linux/kernel.h>
#include <linux/rculist.h>

-static struct list_head force_poison;
void list_force_poison(struct list_head *entry)
{
-       entry->next = &force_poison;
-       entry->prev = &force_poison;
+       entry->next = LIST_POISON3;
+       entry->prev = LIST_POISON3;
}

/*
@@ -30,7 +29,7 @@ void __list_add(struct list_head *new,
                             struct list_head *prev,
                             struct list_head *next)
{
-       WARN(new->next == &force_poison || new->prev == &force_poison,
+       WARN(new->next == LIST_POISON3 || new->prev == LIST_POISON3,
               "list_add attempted on force-poisoned entry\n");
       WARN(next->prev != prev,
               "list_add corruption. next->prev should be "
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  generic/320 triggers "list_add attempted on force-poisoned entry" warning on XFS, Eryu Guan
Next by Date:  Re: generic/320 triggers "list_add attempted on force-poisoned entry" warning on XFS, Eryu Guan
Previous by Thread:  generic/320 triggers "list_add attempted on force-poisoned entry" warning on XFS, Eryu Guan
Next by Thread:  Re: generic/320 triggers "list_add attempted on force-poisoned entry" warning on XFS, Eryu Guan
Indexes:  [Date] [Thread] [Top] [All Lists]