Bug 643426

Summary: Stack size mapping is decreased through mlock/munlock call
Product: Red Hat Enterprise Linux 5 Reporter: Zdenek Kabelac <zkabelac>
Component: kernelAssignee: Larry Woodman <lwoodman>
Status: CLOSED ERRATA QA Contact: Zhouping Liu <zliu>
Severity: medium Docs Contact:
Priority: urgent    
Version: 5.6CC: arozansk, coughlan, dhoward, jkortus, jpirko, kzhang, lwoodman, mbroz, msnitzer, nobody+295318, pmatouse, qcai, riel, security-response-team
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 638525
: 668982 (view as bug list) Environment:
Last Closed: 2011-01-13 21:57:09 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 668982    

Description Zdenek Kabelac 2010-10-15 15:07:06 UTC 
+++ This bug was initially created as a clone of Bug #638525 +++

This bugzilla is clone for RHEL 5.6 - seems like some patch from this bugzilla is missing in kernel-2.6.18-226.el5


Created attachment 450416 [details]
Demo code

Description of problem:

It seems like 32bit kernel has a problem with shortening [stack] mapping through several loops of  mlock/munlock of /proc/self/maps

I think it is related to backport of stack protection patch, but it's missing some further updates - as 2.6.36-rc5 kernel is not giving me this error - while 2.6.36-rc2 does.

I'm providing simple test program to check how the [stack] mapping is decreased and amount of zero sized mapping is raising up.

(This issue cause at least certain problems to lvm2 code)
64bit kernel doesn't seem to be affected.

Version-Release number of selected component (if applicable):
2.6.32-71.el6.i686

How reproducible:


Steps to Reproduce:
1. make test.c
2. test
3.
  
Actual results:


FROM:

munlock   1556KiB 0020e000-00393000 r-xp 00000000 fd:00 786457     /lib/libc-2.12.so
munlock      4KiB 00393000-00394000 ---p 00185000 fd:00 786457     /lib/libc-2.12.so
munlock      8KiB 00394000-00396000 r--p 00185000 fd:00 786457     /lib/libc-2.12.so
munlock      4KiB 00396000-00397000 rw-p 00187000 fd:00 786457     /lib/libc-2.12.so
munlock     12KiB 00397000-0039a000 rw-p 00000000 00:00 0 
munlock      4KiB 009e6000-009e7000 r-xp 00000000 00:00 0          [vdso]
munlock    120KiB 00c8b000-00ca9000 r-xp 00000000 fd:00 786471     /lib/ld-2.12.so
munlock      4KiB 00ca9000-00caa000 r--p 0001d000 fd:00 786471     /lib/ld-2.12.so
munlock      4KiB 00caa000-00cab000 rw-p 0001e000 fd:00 786471     /lib/ld-2.12.so
munlock      4KiB 08048000-08049000 r-xp 00000000 fd:00 1967527    /root/test
munlock      4KiB 08049000-0804a000 rw-p 00000000 fd:00 1967527    /root/test
munlock    132KiB 08f83000-08fa4000 rw-p 00000000 00:00 0          [heap]
munlock      4KiB b78ae000-b78af000 rw-p 00000000 00:00 0 
munlock      8KiB b78b3000-b78b5000 rw-p 00000000 00:00 0 
munlock      4KiB b78b5000-b78b6000 rw-p 00000000 00:00 0 
munlock      0KiB bfef0000-bfef0000 rw-p 00000000 00:00 0 
munlock      0KiB bfef1000-bfef1000 rw-p 00000000 00:00 0 
munlock     76KiB bfef2000-bff05000 rw-p 00000000 00:00 0          [stack]


TO:


munlock   1556KiB 0020e000-00393000 r-xp 00000000 fd:00 786457     /lib/libc-2.12.so
munlock      4KiB 00393000-00394000 ---p 00185000 fd:00 786457     /lib/libc-2.12.so
munlock      8KiB 00394000-00396000 r--p 00185000 fd:00 786457     /lib/libc-2.12.so
munlock      4KiB 00396000-00397000 rw-p 00187000 fd:00 786457     /lib/libc-2.12.so
munlock     12KiB 00397000-0039a000 rw-p 00000000 00:00 0 
munlock      4KiB 009e6000-009e7000 r-xp 00000000 00:00 0          [vdso]
munlock    120KiB 00c8b000-00ca9000 r-xp 00000000 fd:00 786471     /lib/ld-2.12.so
munlock      4KiB 00ca9000-00caa000 r--p 0001d000 fd:00 786471     /lib/ld-2.12.so
munlock      4KiB 00caa000-00cab000 rw-p 0001e000 fd:00 786471     /lib/ld-2.12.so
munlock      4KiB 08048000-08049000 r-xp 00000000 fd:00 1967527    /root/test
munlock      4KiB 08049000-0804a000 rw-p 00000000 fd:00 1967527    /root/test
munlock    132KiB 08f83000-08fa4000 rw-p 00000000 00:00 0          [heap]
munlock      4KiB b78ae000-b78af000 rw-p 00000000 00:00 0 
munlock      8KiB b78b3000-b78b5000 rw-p 00000000 00:00 0 
munlock      4KiB b78b5000-b78b6000 rw-p 00000000 00:00 0 
munlock      0KiB bfef0000-bfef0000 rw-p 00000000 00:00 0 
munlock      0KiB bfef1000-bfef1000 rw-p 00000000 00:00 0 
munlock      0KiB bfef2000-bfef2000 rw-p 00000000 00:00 0 
munlock      0KiB bfef3000-bfef3000 rw-p 00000000 00:00 0 
munlock      0KiB bfef4000-bfef4000 rw-p 00000000 00:00 0 
munlock      0KiB bfef5000-bfef5000 rw-p 00000000 00:00 0 
munlock      0KiB bfef6000-bfef6000 rw-p 00000000 00:00 0 
munlock      0KiB bfef7000-bfef7000 rw-p 00000000 00:00 0 
munlock      0KiB bfef8000-bfef8000 rw-p 00000000 00:00 0 
munlock      0KiB bfef9000-bfef9000 rw-p 00000000 00:00 0 
munlock     44KiB bfefa000-bff05000 rw-p 00000000 00:00 0          [stack]

With more iterations - could drop to 0KiB

Expected results:

Additional info:
Comment 1 Mike Snitzer 2010-11-16 16:11:36 UTC 
(In reply to comment #0)
> +++ This bug was initially created as a clone of Bug #638525 +++
> 
> This bugzilla is clone for RHEL 5.6 - seems like some patch from this bugzilla
> is missing in kernel-2.6.18-226.el5

Pretty sure it is this patch (from bug #638525):
http://patchwork.usersys.redhat.com/patch/28577/
Comment 2 RHEL Program Management 2010-11-16 22:10:19 UTC 
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.
Comment 4 Jiri Pirko 2010-11-18 09:28:53 UTC 
The problem in rhel5 is that we don't have the list of vma's double linked so we cannot easily take the mentioned patch. Larry would you mind to take care of this?
Comment 6 Jarod Wilson 2010-12-07 19:16:36 UTC 
in kernel-2.6.18-236.el5
You can download this test kernel (or newer) from http://people.redhat.com/jwilson/el5

Detailed testing feedback is always welcomed.
Comment 9 Jaroslav Kortus 2011-01-06 19:51:38 UTC 
The issue is still present on ia64:

+ lvextend -l+10%FREE grow/grow0
  Extending logical volume grow0 to 112.39 GB
  Internal error: Maps lock 17874944 < unlock 17891328
  Logical volume grow0 successfully resized


(13:48:54) [root@z3:~]$ uname -a
Linux z3 2.6.18-238.el5 #1 SMP Sun Dec 19 14:23:48 EST 2010 ia64 ia64 ia64 GNU/Linux

Resetting the state back to ON_QA.
(see bug 575967 to find out how these are related)
Comment 12 errata-xmlrpc 2011-01-13 21:57:09 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2011-0017.html