Adding a second swap with CONFIG_SWAP_NOTIFIERS crashes kernel (on Nokia N810 - ARM)

[GoogleCodeExporter]

What steps will reproduce the problem?

Compiling compcache in scratchbox (codesourcery gcc 3.4.4 for ARM) against 
kernel 2.6.21 (omap branch), patch_swap_notifier_generic applied with no 
problems (except having to change pr_err with printk). Modules compilation 
needs some tweaking of config.h to work (see issue 30).
Once modules are built, with CONFIG_SWAP_NOTIFIERS enabled, I push them to the 
device.
insmod works fine, dmesg reports normal output
swapon /dev/ramzswap0 works, paging in and out works as expected.
swapon and swapoff /swapfile segfaults kernel
If modules are built with CONFIG_SWAP_NOTIFIERS disabled, everything works.

dmesg output after the crash:
[ 2268.773437] Adding 31684k swap on /dev/ramzswap0.  Priority:-11 extents:1 
across:31684k
[ 2291.515625] Unable to handle kernel NULL pointer dereference at virtual 
address 0000003c
[ 2291.515625] pgd = c49ac000
[ 2291.515625] [0000003c] *pgd=85a30031, *pte=00000000, *ppte=00000000
[ 2291.515625] Internal error: Oops: 17 [#1]
[ 2291.515625] Modules linked in: ramzswap xvmalloc g_file_storage fuse cx3110x 
umac(P) ext2 ext3 jbd mbcache omap_rng rng_core
[ 2291.515625] CPU: 0
[ 2291.515625] PC is at ramzswap_swapoff_notify+0x24/0x54 [ramzswap]
[ 2291.515625] LR is at ramzswap_swapoff_notify+0x20/0x54 [ramzswap]
[ 2291.515625] pc : [<bf0a6784>]    lr : [<bf0a6780>]    Tainted: P      
[ 2291.515625] sp : c3c89eb8  ip : c3c89eb8  fp : c3c89ecc
[ 2291.515625] r10: 00000000  r9 : c0326ea8  r8 : c0028d88
[ 2291.515625] r7 : 00000000  r6 : 00000001  r5 : c71e4ca0  r4 : 00000001
[ 2291.515625] r3 : 00000000  r2 : c71e4ca0  r1 : 00000001  r0 : c4c17420
[ 2291.515625] Flags: NzCv  IRQs on  FIQs on  Mode SVC_32  Segment user
[ 2291.515625] Control: E5387F
[ 2291.515625] Table: 849AC000  DAC: 00000015
[ 2291.515625] Process swapoff (pid: 1969, stack limit = 0xc3c88250)
[ 2291.515625] Stack: (0xc3c89eb8 to 0xc3c8a000)
[ 2291.515625] 9ea0:                                                       
00000000 00000000 
[ 2291.515625] 9ec0: c3c89eec c3c89ed0 c006b008 bf0a676c c3c89eec c030514c 
00000001 c71e4ca0 
[ 2291.515625] 9ee0: c3c89f0c c3c89ef0 c006b190 c006afd4 c88d5000 ffffffff 
c71e4ca0 00000073 
[ 2291.515625] 9f00: c3c89fa4 c3c89f10 c0098e40 c006b160 00000000 00000002 
bec1b508 ffffffeb 
[ 2291.515625] 9f20: 00000002 00000000 00000000 00000000 c02fb430 c0326ea8 
c3c88000 00000001 
[ 2291.515625] 9f40: c4c17520 c5267840 0fe0000a 000081a4 00000000 00000000 
00000000 00001000 
[ 2291.515625] 9f60: bec1b708 00000002 0005d94c 0005d944 00000000 40176000 
c3c89f9c bec1b898 
[ 2291.515625] 9f80: bec1b708 00000002 00000073 c0028d88 c3c88000 00000000 
00000000 c3c89fa8 
[ 2291.515625] 9fa0: c0028be0 c0098598 bec1b898 bec1b708 bec1b898 00000000 
00000000 00000066 
[ 2291.515625] 9fc0: bec1b898 bec1b708 00000002 00000073 0005d944 00000000 
40176000 00000000 
[ 2291.515625] 9fe0: 0005d94c bec1b508 00046550 4011794c 60000010 bec1b898 
00200000 0000b5b6 
[ 2291.515625] Backtrace: 
[ 2291.515625] [<bf0a6760>] (ramzswap_swapoff_notify+0x0/0x54 [ramzswap]) from 
[<c006b008>] (notifier_call_chain+0x40/0x58)
[ 2291.515625]  r4 = 00000000 
[ 2291.515625] [<c006afc8>] (notifier_call_chain+0x0/0x58) from [<c006b190>] 
(blocking_notifier_call_chain+0x3c/0x50)
[ 2291.515625]  r6 = C71E4CA0  r5 = 00000001  r4 = C030514C 
[ 2291.515625] [<c006b154>] (blocking_notifier_call_chain+0x0/0x50) from 
[<c0098e40>] (sys_swapoff+0x8b4/0x990)
[ 2291.515625]  r7 = 00000073  r6 = C71E4CA0  r5 = FFFFFFFF  r4 = C88D5000
[ 2291.515625] [<c009858c>] (sys_swapoff+0x0/0x990) from [<c0028be0>] 
(ret_fast_syscall+0x0/0x2c)
[ 2291.515625] Code: e5930000 e1a04001 eb408891 e5903054 (e593203c) 

Original issue reported on code.google.com by maac...@gmail.com on 4 Jan 2011 at 12:02

[GoogleCodeExporter]

The version of compcache (called zram) as included in mainline does not require 
these notifiers and is quite stable.  It would be difficult for me to do the 
backport due to time constraints but if you have resources and attempt the 
same, I would be glad to help out with any problems you might face.

Original comment by nitingupta910@gmail.com on 5 Jan 2011 at 9:59

[GoogleCodeExporter]

Unfortunately, I'm not a kernel hacker and trying to backport zram and 
understand what I'm doing would be a very time consuming effort for me, so to 
say.

I finally have had a closer look at it, and I have found the cause:
In the swapon and swapoff notify functions it's assumed that the inode of the 
swap device belongs to a block device, when in fact it can be a (swap) file, 
and dereferencing a non existing bd_disk->private_data pointer causes the crash.

The attached patch fixes all the issues I've found with compcache-0.5.4:
- pr_err undefined in the kernel patch
- undefined types make build fail
- kernel crash adding/removing a second swap file with CONFIG_SWAP_NOTIFIERS

Please, apply it to 0.5.4 so people forced to use old kernels don't have the 
same issues.

Original comment by maac...@gmail.com on 5 Jan 2011 at 11:31

Attachments:

• compcache-0.5.4.patch

[GoogleCodeExporter]

Thanks for the patch. Over next few weeks, I'm planning to update all download 
packages, webpages to reflect current state of the project (mainline status 
etc.)

I will try to backport the current mainline version for older kernels. If that 
does not happen, I will integrate your patch and add the fixed version to 
Downloads.

Original comment by nitingupta910@gmail.com on 6 Jan 2011 at 12:24

[GoogleCodeExporter]

no longer supporting ancient compcache versions

Original comment by nitingupta910@gmail.com on 2 Oct 2012 at 10:13

• Changed state: WontFix