From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id DEF88C0219E for ; Tue, 11 Feb 2025 03:45:32 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 79502280004; Mon, 10 Feb 2025 22:45:32 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 74340280003; Mon, 10 Feb 2025 22:45:32 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 60BD0280004; Mon, 10 Feb 2025 22:45:32 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 427DE280003 for ; Mon, 10 Feb 2025 22:45:32 -0500 (EST) Received: from smtpin02.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id 04B3580C0F for ; Tue, 11 Feb 2025 03:45:31 +0000 (UTC) X-FDA: 83106274104.02.858CA8D Received: from mail-pl1-f177.google.com (mail-pl1-f177.google.com [209.85.214.177]) by imf25.hostedemail.com (Postfix) with ESMTP id 5005BA0006 for ; Tue, 11 Feb 2025 03:45:29 +0000 (UTC) Authentication-Results: imf25.hostedemail.com; dkim=pass header.d=bytedance.com header.s=google header.b=DA1tFk2i; spf=none (imf25.hostedemail.com: domain of zhengqi.arch@bytedance.com has no SPF policy when checking 209.85.214.177) smtp.mailfrom=zhengqi.arch@bytedance.com; dmarc=pass (policy=quarantine) header.from=bytedance.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1739245530; a=rsa-sha256; cv=none; b=YHrIeksQvAFOiVSkOE/G1Fj3gClIv7pBWi5W5rBI8j/fHmemNL4uuE3k+QbdDeXDHgMEoZ t2JcoV6M0v8MNcGtM07z8UTci7vAG+KEc2cnC/KJDBhgZ4vAW+u/Oo2EBKYIziPx7Vz3Gf KMXi7zN9BAnkA5R7LMgWqvVVMHHwsos= ARC-Authentication-Results: i=1; imf25.hostedemail.com; dkim=pass header.d=bytedance.com header.s=google header.b=DA1tFk2i; spf=none (imf25.hostedemail.com: domain of zhengqi.arch@bytedance.com has no SPF policy when checking 209.85.214.177) smtp.mailfrom=zhengqi.arch@bytedance.com; dmarc=pass (policy=quarantine) header.from=bytedance.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1739245530; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=kZuCVGHj2siA1FeN0jM50/1UWhVlGr3BCjxNx1sMgmQ=; b=zRBiG7mZq5xopNe6ueLhPEXHFsr8rD16AYylKzAn42i8oRisyUk+YCtX9/IBxhWPGv1IuH UnsCM8BQZyuncrkj8ej57GCGuJ0JClzpoTqCXSXSRUSmFy9xfJfVBCfIO8HSegThuyHwW0 6DRrc5Y/fQUQDoKU3HuPp83oSrBMDl0= Received: by mail-pl1-f177.google.com with SMTP id d9443c01a7336-21f61b01630so51087925ad.1 for ; Mon, 10 Feb 2025 19:45:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bytedance.com; s=google; t=1739245528; x=1739850328; darn=kvack.org; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:user-agent:mime-version:date:message-id :from:to:cc:subject:date:message-id:reply-to; bh=kZuCVGHj2siA1FeN0jM50/1UWhVlGr3BCjxNx1sMgmQ=; b=DA1tFk2iPC39DJbuA1CZbo7b6soYfAD7x+ZeNXF1nVWu3YJrInQFeleNfAkOMKkarq h2hAHKCrRmZERerOC5Gof6OAzbkKxs5aB2bm/hq9kkJrbTz/wgNf53Y1GuawKC2Hma3c M1xo7jn+JdX7pYNuBh/Ut6Lg1wP0JW8ew/+ORr61K3oHLeQ5LSRXCRHg7tWUyiGUccxV oflfvz4MDVkanmmuthTaoPkXVf3tQI9DdoAx3R0deDKFxc81OY1vH3JLsLXTD9xG51GM /s5mWezOCWqNzRvluGfzDPBOmpzOczxBr/nkdCBgMUVFK55An3Zr9pTgmYgx+jHIyWlD Mqbw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1739245528; x=1739850328; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=kZuCVGHj2siA1FeN0jM50/1UWhVlGr3BCjxNx1sMgmQ=; b=YM9MDifMQyntMLjOTrC1ddIOl6y8QtPsT1iTllw7IhBoutNwL2ZP18iwmfPtfLXeUD HIGBs+ofkBYOmNy6Vely8ey/Mb3htmp/W2EWEmzsnVEbZ6vvciLXU2gXGdOxCHFirRc0 SxwdQAM4PpVx8nN0OOF7Ie+cgO2+HOFfKZK1bq+YLGVbfEaxPbSIwaHH5vOxNlpcHh1P t+9zIH82YeIZ0u21MLKdMXlA6jt8KJ8gZNc2gpToAK6CslvZq0qIFJhlc5TXDknFufjC ZwR27T3C+SICj6TVa5i4dP4A4tPh1czMgCXGvArC2SW7q84ET5RwVwWqvGfiBWpZoTQo l8VA== X-Forwarded-Encrypted: i=1; AJvYcCUpAC62TeV7pS6jDV23/GqY8AoJoY3/LPMbFxWCIy2IrgRZTH0EGK/AK5/FtPzuczxtci5sE1CYkQ==@kvack.org X-Gm-Message-State: AOJu0Yx8Bde26s+I91o/8dA1HBVcNVcUHIXmuMsb+09iYCe7m3euDkaK TFuQw0cFUxAzyc3KmyZxNdkyb5+Ox7kIrbMB5Dy8pjaNKDJ5Lr2rZPKWEuJvMno= X-Gm-Gg: ASbGncu4cPCTVtnHZ7s0zkaWXs6rri7uoPrl1ArhjMv+vxuUitarfgjJx51jzvaQ6XE gzjhxMBhzbBviLqaM0PQ9IjylAZuGI8RU+xxRGvpPeF3ZQ1gwZtlWPDgPk1E47bzMoWb+wGSkWp jQ64poZJxtwix1eB6dUhREWWsK297WuEwboppsxPnTJVicqBTZjwdSkcfMF8h4heAFV/zkwvdmN /GMCErjEBUa0fyaiRIXlaB2f5XOIfWHOYWNs0csMx9oYQBX14UZG2R64R684xjV8vtFON1kxq7K ePhMXbx5IISAiB5mbS1fd5jYxYCl7BOGX9nXXkO6Mw== X-Google-Smtp-Source: AGHT+IHDT5ZHgM+82fxxyVFS+emJuJ8X1+3KqM06GzB5RQUXgFH/rG4FkcHvF8IbgaPTrjU21R58hQ== X-Received: by 2002:a05:6300:6713:b0:1ea:f941:8d8e with SMTP id adf61e73a8af0-1ee4b7260e5mr2764148637.16.1739245528143; Mon, 10 Feb 2025 19:45:28 -0800 (PST) Received: from [10.84.150.121] ([203.208.167.150]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7307b967019sm4702806b3a.109.2025.02.10.19.45.21 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 10 Feb 2025 19:45:27 -0800 (PST) Message-ID: <5d50d714-197f-44c0-94e0-ff70ee51e866@bytedance.com> Date: Tue, 11 Feb 2025 11:45:19 +0800 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [REGRESSION] NULL pointer dereference on ARM (AT91SAM9G25) during compaction Content-Language: en-US To: "Russell King (Oracle)" Cc: Ezra Buehler , linux-mm@kvack.org, Andrew Morton , David Hildenbrand , "Mike Rapoport (Microsoft)" , Muchun Song , Vlastimil Babka , Ryan Roberts , "Vishal Moola (Oracle)" , Hugh Dickins , Matthew Wilcox , Peter Xu , Nicolas Ferre , Alexandre Belloni , Claudiu Beznea , open list , linux-arm-kernel@lists.infradead.org References: From: Qi Zheng In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 5005BA0006 X-Stat-Signature: zzr18ip4sbuaxmw39p67i9h5kk5sfusb X-Rspam-User: X-Rspamd-Server: rspam10 X-HE-Tag: 1739245529-451327 X-HE-Meta: U2FsdGVkX1//gWGHUFb3YXI9jalq3+qBgrQ0YVMefvDkX2ewrd4F3Sl+5b5IHwfWlpe4lz+Gtc3se4Lk0sTeKbgBfaR2GKvfPm+GFHlReEBAiasCMftDuYxDjmyrE9vGhDLMUaEPl2oqE1g4xeYg8rELg4Mvo17lglaknzZGCBYmUDe49n48qPFRmv5yLvOYoYGwQmSU5F5+kjpKeyDWNDtVjGFicIGUK9TVaVoCOzYoHLUQI4I0ql1Rpml7IFDe0dpqlLJiMuwlqzHXl19lwZL4FjeHwx+EXZz+ToGSxHOSCNVNFVylr2dhMgSxnT4XyuxtUevm3bJBr087yTW+D4kOg3dheXOvX9iAO1rZw5Aef5ztEqcf77T5SS36o7C4sZXfHHN8LDho+yVrmkmOKO2hcy6KFpJBEHJj7B61egSDNa2Cp/1ll3+k99yORh9LFFwvNF/ccpxieKonzFGXZJasVVzAIPZWR+nY5NyM45Ah2eHe/KVDdkfvCykXqC9/1T34+QhoeDSQZuWF9omPftLBkq1f3t8G7rFg7s4yC30Z1dvAkTeKB3q/Kbtolh66w5W9dNaw46uiyn+vg+J0J0MAcIxNbiMTH8QadfYylif7t2TcIbRVnjKskhc9AKDWj6a0yjjSTl8gOUMEVskZq7gEDES7hJ/YHGqlo+AwPlf7FhIljkioiLBm83nD9gXFdGTCyAjW2yUPWFbeVxDdPjnncL0MquOJh+uAbrSABa85F7La3Kw1PPpgthSTrYKkyP1WRzstxjP87Za0A+OWEq50sJEdtkYSBNjv14uGZIassBqRyA3JmMLmFJ9D+rtMf1FibegEwoX4rRkz1V8Ub30eFNjsMlneN4Xo6KSNjMk+yJHmaZI0G7NIAI+Vc1M+dHrCWK2E2Y+8rOMtr9QvZYL2MDHTdU/KDL+mINp/4jES/9BVh2QLte44FRPntXDQqO0qKSoK5+J+tuvtsSX xRWQ/1au bBCPYIqWZWR9A4YT4f8rRkbf1B+uQMi/bOyEp/lrcJKtHEotHRmb9PeMPXcCdnpZSlzCDcLEijD592o/ez+6olRTffzfb5V5fepJkBqiLbS3EjvgUJlVkLLz5HON+RG/CA11eLGtiznj+WgdpyOCiSEaVmrI8sSd+FVxJnzNYbKc02jW2dx5cM8QqsUb3zSX3N0yyki8uoI5Z02kBwDCAu2+DH3Z8qXQlZg1YvLsxrzlKs2xRYTZe6X65fWaebYM+xE2xnuRAjlo249xsEZ2rfy8IXFV5Msk4Li4LcQ0hoFGHO1AAUKweYRTc7sYwXd6GkjzoAZIiJPH3SVbywUFASjzlH/fFxR4dVWux/vUjHEeAIIUEMZqinZmiA0xZs8GwCxf5Fjd8176jWdo= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Hi Russell, On 2025/2/11 01:03, Russell King (Oracle) wrote: > On Mon, Feb 10, 2025 at 05:49:38PM +0100, Ezra Buehler wrote: >> When running vanilla Linux 6.13 or newer (6.14-rc2) on the >> AT91SAM9G25-based GARDENA smart Gateway, we are seeing a NULL pointer >> dereference resulting in a kernel panic. The culprit seems to be commit >> fc9c45b71f43 ("arm: adjust_pte() usepte_offset_map_rw_nolock()"). >> Reverting the commit apparently fixes the issue. > > The blamed commit is buggy: > > arch/arm/include/asm/tlbflush.h: > #define update_mmu_cache(vma, addr, ptep) \ > update_mmu_cache_range(NULL, vma, addr, ptep, 1) > > So vmf can be NULL. This didn't used to matter before this commit, > because vmf was not used by ARM's update_mmu_cache_range(). However, > the commit introduced a dereference of it, which now causes a NULL > point dereference. > > Not sure what the correct solution is, but at a guess, both: > > if (ptl != vmf->ptl) > > need to become: > > if (!vmf || ptl != vmf->ptl) No, we can't do that, because without using split PTE locks, we would use shared mm->page_table_lock, which would create a deadlock. But it seems that we cannot simply bring back do_pte_lock() and do_pte_unlock()? In make_coherent(), we traverse the vmas and exclude the same vma, but different vmas may also map to the same PTE page, right? In this case, we still cannot directly hold the pte lock. But this part of code is quite old, maybe I missed something? Thanks, Qi > > but I haven't checked wha tthe locking context actually is here > (I've been out of MM stuff too long to know this off the top of my > head.) >