[ 19.492487] page dumped because: VM_BUG_ON_PAGE(PageLRU(page) || PageUnevictable(page))
[ 19.500551] page->mem_cgroup:be008c00
[ 19.504226] ------------[ cut here ]------------ //kernel panic here
[ 19.508851] kernel BUG at mm/vmscan.c:1350!
[ 19.513032] Internal error: Oops - BUG: 0 [#1] PREEMPT SMP ARM
Please let me know what does it error message means ?
It means that, The page you requested is locked by some another process.so that is unevictable flag on that page.
For example.
If you reserved the CMA area of 512MB, From CMA area any process can use pages(only MOVABLE PAGES), if the process takes page as movable page from cma area, but locked(VM_LOCKED) that page using mlock() after acquiring page,but when CMA area is requested the contiguous are than it fails to migrate that locked/pinned page.
It is stable kernel bug(4.12+) :
patch-link
Related
I am using vmmap on MacOS. For one region it shows that sharing mode = aliased (ALI):
REGION TYPE START - END [ VSIZE RSDNT DIRTY SWAP] PRT/MAX SHRMOD PURGE REGION DETAIL
mapped file 1008dc000-1008e0000 [ 16K 16K 16K 0K] rw-/rwx SM=ALI /Users/USER/*/data
I wasn't able to find any information what does that mean. This page states that
Aliased (ALI) and shared (SHM) memory are shared between processes.
There is no further information about the difference between ALI and SHM. Can you help me understand what the difference is?
When the memory is shared (SHM) both processes can access is simultaneously.
However, when the memory is aliased (ALI) only one process at the time has the virtual address mapped to the physical memory. When second process tries accessing memory, these steps happen:
Process 2 gets page fault.
Kernel unmaps memory from the Process 1.
Kernel maps the memory to the Process 2.
Now, the process 2 can write/read from the memory.
This is different to how the memory works on linux where there is no aliased (ALI) mode, only shared.
Source.
I have few questions after reading Mel Gorman's book Understanding the Linux Virtual Memory Manager. Section 4.3 Process Address Space Descriptor says kernel threads never page fault or access the user space portion. The only exception is page faulting within the vmalloc space . Following are my questions.
kenrel threads never page fault: Does this mean only user space code triggers page fault? If a kmalloc() or vmalloc() is called, will it not page fault? I believe the kernel has to map these to the anon pages. When a write to this pages is performed, a page fault occurs. Is my understanding correct?
Why can't kernel threads access user space? Aren't copy_to_user() or copy_from_user() do that?
Exception is page faulting within vmalloc space: Does that mean vmalloc() triggers a page fault and kmalloc() doesn't ? Why kmalloc() does not page fault? The physical frames to kernel's virtual address need not to be kept as a page table entry?
kernel threads never page fault: The page fault talked about is when making a virtual page resident, or bringing it back from swap. Kernel pages not only get paged in on kmalloc(), but also remain resident for their lifetime. The same does not hold for user space pages, which A) may be lazy allocated (i.e. just reserved as page table entries on malloc(), but not actually faulted in until a memset() or other dereference) and B) may be swapped out on low memory conditions.
Why can't kernel threads access user space? Aren't copy_to_user() or copy_from_user() do that?
That's a great question, with a hardware-specific reply. It used to be the case that kernel threads were discouraged from accessing user space, exactly because of the possible page fault hit that might occur, if accessing unpaged/paged out memory in user space (recall, that wouldn't happen in kernel space, as above ensures). So copy_to/from would be normal memcpy, but wrapped in a page fault handler. This way, any potential page fault would be handled transparently (i.e. the memory would be paged in) and all would be well. But there were certainly cases where the bad approach of memcpy to/from user memory would just work - worse, it would work more often than not, as page faults very with RAM residency and availability - and thus unhandled faults would cause random panics. Hence the decree of always using the copy_from/to_user.
Recently, however, kernel/user memory isolation became important from a security standpoint. This is due to many exploitation techniques (NULL pointer dereferencing being a very common and powerful one), where fake kernel objects (or code) could be constructed in user space (and thus, easily controlled) memory, and could lead to code execution in kernel.
Most architectures thus have a page table bit which physically prevents a page belonging to user mode from being accessed by kernel. Taking ARM64 as an example, this feature is called PAN/PXN (Privileged Access/Execute Never).
Thus, copy_from/to now not only handles page faults, but also disables PAN/PXN before the operation, and restores it after.
Exception is page faulting within vmalloc space: vmalloc() allocates memory which is swappable, whereas kmalloc does not. The difference is in the implementation (kmalloc uses GFP_KERNEL). This also means that kmalloc is more likely to fail (if there is no RAM available for this), but will not page fault (it would return NULL, which itself would be a problem..)
I think you get counfused because you haven't understand clearly about the start of kernel, process, and virtual memeory.
kenrel threads never page fault: This is because the pages of kernel space and user space use different allocation methods. For the kernel space, we allocate pages when initialization, but for user space, we allocate them when running process and calling funcitons like malloc(), and after mapping, when truly using that virtual memory, we trigger page fault.
Why can't kernel threads access user space? When kenrel start, the process 0 will create process 1 and process 2. The process 1 is used to form the user space process tree, while the process 2 is used to manage the kernel threads. And the functions you mensioned are always used by those user threads to transmit data into/out of kernel to realise some function like open file or socket and so on.
Exception is page faulting within vmalloc space: The vmalloc space is not function vmalloc(), it is an area in kernel memory space for some dynamic memory allocation used as an exception.
I am trying to pin a Linux process page by using get_user_pages() function in kernel. (I am using Ubuntu 16.04, Linux-4.4.0).
But I am not clear, how does get_user_pages() pin the process page, or how does that pin mean in the funtion's description.
I did following test to check if the page is pinned.
1. A process, called aligned_alloc(0x1000, 0x1000) to allocation a 4KB memory.
2. A kernel module, which will receive a virtual address from a process by ioctl().
3. Once the virtual address is received in kernel module, it is used to call get_user_pages() like this,
res = get_user_pages(current, current->mm, vaddr, 1, 1, 1, &page);
4. The process is sleeping for hours, for me to check the status.
With above steps, from /proc/pid/maps, /proc/pid/smaps, and /proc/meminfo, I could NOT find the locking (or pinning) of the process's virtual address.
I also checked the ref_count of the page struct for the process virtual address, before and after call get_user_pages(), the ref_count is the same (3 in my test case), like below.
[ 7159.432196] Before, page flag = ffff800004004c, count=3
[ 7159.432196] Pinned Got mmaped.
[ 7159.432197] After, page flags = ffff800004004c, count = 3
Did I miss something?
And how does get_user_pages() pin the process pages?
I found a similar question in SO, How do "pinned" pages in Linux present (or actually "pin") themselves, but no answers.
I was going through the do_page_fault (x86 arch) routine. Suppose a process tries to write to a shared page which is swapped out. Then as per the execution flow in do_page_fault, if the access is valid and it is a normal page (not huge page) and the execution lets say came till do_swap_page (i.e., no errors). Once do_swap_page is executed, it returns.
1) But will there be a fault again in case swap-in itself was not handled due to some reason?
2) In general, I would like to know more detail about MMU like - does it check pte flags or vm area flags to raise fault on an address? Can anyone point me to the sources where I can understand how MMU does the checks for a memory access.
1) But will there be a fault again in case swap-in itself was not handled due to some reason?
Yes. Fault will be generated again and again (ISR completes successfully), till page is in place. MMU doesn't track whether previous access to this page generated interrupt or not.
However, if page fault is triggered when previous fault is handled, double fault will be triggered.
2) In general, I would like to know more detail about MMU like - does it check pte flags or vm area flags to raise fault on an address? Can anyone point me to the sources where I can understand how MMU does the checks for a memory access.
Yes, it checks.
You may check OSDev for more info.
I am trying to debug a kernel panic.
kernel log says that
[63859.139142] Unable to handle kernel paging request at virtual address c0a0da06
[63859.139236] pgd = ec040000
[63859.139289] [c0a0da06] *pgd=00a1941e(bad)
I am interested in knowing what is pgd?
Thank you.
pgd is short for "page global directory", the kernel's name for the top level of a page table.