From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id D6174C369D9 for ; Wed, 30 Apr 2025 14:37:31 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 5F3F76B00B5; Wed, 30 Apr 2025 10:37:29 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 5A0826B00BB; Wed, 30 Apr 2025 10:37:29 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 3CCF06B00BC; Wed, 30 Apr 2025 10:37:29 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 146526B00B5 for ; Wed, 30 Apr 2025 10:37:29 -0400 (EDT) Received: from smtpin18.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id 91F8B1A06CA for ; Wed, 30 Apr 2025 14:37:30 +0000 (UTC) X-FDA: 83390963460.18.80E6EA5 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by imf12.hostedemail.com (Postfix) with ESMTP id EB05D40011 for ; Wed, 30 Apr 2025 14:37:27 +0000 (UTC) Authentication-Results: imf12.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=JEL4mfxE; dmarc=pass (policy=quarantine) header.from=redhat.com; spf=pass (imf12.hostedemail.com: domain of david@redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=david@redhat.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1746023848; a=rsa-sha256; cv=none; b=6ghGw/+oOx3LgX5IXchP5vD5vD/a9OE8feYzPF3Gg1+qbHdQ919xkQp/sCZFf+EPsLvbOH bt582lyUvQZyEreKFmnmNyTgFZLGGNn/EsEW0qvc0AZf8hE6yjhsH7P5HxQ6tD02nbdOl9 eT9A4YqBetMmCrVMuWJvdZEYi4LZy00= ARC-Authentication-Results: i=1; imf12.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=JEL4mfxE; dmarc=pass (policy=quarantine) header.from=redhat.com; spf=pass (imf12.hostedemail.com: domain of david@redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=david@redhat.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1746023848; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=MnkXjFY3TEcL0dXqwM2Thq4YlP1rbhLrXBXsYqEQ+Ro=; b=aDzoRVylXgAVmZ+QrKHnNBh9qv4623J2xrh8ZdrRd7c5u8ZTyILvsR1w5OL4IBkajPikzz BDecPI/FpZ4A9XIhcq+Akv4uVt1aMBn1YTdXawwWgh3mDEIJ/zlwnEPi8IIFvB/AQCwbuc 7q6z01EeMprK2PxftPHyOzPeKxKS9V8= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1746023847; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:autocrypt:autocrypt; bh=MnkXjFY3TEcL0dXqwM2Thq4YlP1rbhLrXBXsYqEQ+Ro=; b=JEL4mfxEsQdoXlE8khJhFPDrtfd+e347c13cj97fsVKLLalgMWSX7xjhRXVzjJvF1fgtcp 7LwWcwyS9Oku98iJM55G14EWAguwYgcljNbmtHYRuteWy9ngm2N6Nl62NsfVev8s3jodjd QKc/FYApOaJeJ2p8Rx7O7FPHEF8RV7g= Received: from mail-wr1-f71.google.com (mail-wr1-f71.google.com [209.85.221.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-393-TNAHjsYyPj61k-eVJ061rw-1; Wed, 30 Apr 2025 10:37:24 -0400 X-MC-Unique: TNAHjsYyPj61k-eVJ061rw-1 X-Mimecast-MFC-AGG-ID: TNAHjsYyPj61k-eVJ061rw_1746023844 Received: by mail-wr1-f71.google.com with SMTP id ffacd0b85a97d-39c1b1c0969so4574741f8f.1 for ; Wed, 30 Apr 2025 07:37:24 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1746023843; x=1746628643; h=content-transfer-encoding:in-reply-to:organization:autocrypt :content-language:from:references:cc:to:subject:user-agent :mime-version:date:message-id:x-gm-message-state:from:to:cc:subject :date:message-id:reply-to; bh=MnkXjFY3TEcL0dXqwM2Thq4YlP1rbhLrXBXsYqEQ+Ro=; b=Hhz2woVNji16jZctVvuxtgCYyc2FhUH7sZ9CvV0/1etxVEyZ3NCHhJ9w6azlk/Dht0 wfFkdwSQGCKkkKsw+T27Brjnz5ZkUxC/27SKVUnE0o7CbWpt2ZUFYatIo2pEiDqCNLx6 UsOHz+vvMhJ1Za/8TSU5iappHMRTRDeeYvOgvJ9m1cFilwG8e6gfzuXzsbCJN5K1Powr H5aBbfBMPjF8WqEfx7vvmTLRlVbipzRMDB8t0fZvai+OvAXYQqZv8m/v7zYITET2lpeo hggDIVzHiK4cxJPdGpQy4G1SLa6LiOcBXxxSr8wz+T1ijTgYJL99rSPyDbyk1xYU++DK avCw== X-Forwarded-Encrypted: i=1; AJvYcCWmAeS3hpX/CjWr7B0ZGzbiNB3dARl2voZzTF6f/qX6uO4nljIXe9KSB9ZY2nIJ3xf3tNvuCcRGOg==@kvack.org X-Gm-Message-State: AOJu0YwNMOmvRIsN9ZltGe35UXgUBqiB0e83hlQJ9y5ke9JklHoVC+8m Io1HeGidppkTalX+X0LQV/w1OOU68KpTzUpHidyyT4xRNrkn/zHReX26h0hl8q3laViA1ZOvBVw wFXJtJnf1widbvF2dLR5n7HI1LZEVYLg5eEOJWUE5bLrIeSg4 X-Gm-Gg: ASbGncvcKw6+r2ZBgxm2g+ymeUj2vas+iWkxp8dvHHj4NyzYLwJSzpwgEvHaxHe/XB4 pVAEoB1Uxkz59UXI8En6g7t9k6ZCDVoZNAsHmWqHU6zj5UECZaxRx1/4e1K8gZjHXweXLbGndyv vTKq521RFolIZVKz/KYd5/4XDV1uKcGnwqVYdPfMAi83rtgbPOGq2FfKhCnrP4g/WEzcojzZK1x MhjDcedlTq00/qM4s5KXM0ZWwiyzWHQJ3cxyj3TuWaoN0KwHF3RgMb0lfV9bEoOq1j4mQQSsIUb hqNgoepC64RdkipHp3fDi5uwaXFOwG2h6FMix4igrFn8i+fp X-Received: by 2002:a05:6000:2481:b0:3a0:80bf:b4e3 with SMTP id ffacd0b85a97d-3a08ff50967mr2212398f8f.58.1746023843575; Wed, 30 Apr 2025 07:37:23 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFwrkb+QAgrfKTfZCLUpqNq2im1MtwJnU5K+x0x8Nke1bFEBVj3+6QE5/TBxK5sBPrLyYpM9g== X-Received: by 2002:a05:6000:2481:b0:3a0:80bf:b4e3 with SMTP id ffacd0b85a97d-3a08ff50967mr2212365f8f.58.1746023843092; Wed, 30 Apr 2025 07:37:23 -0700 (PDT) Received: from [192.168.178.21] (tmo-081-40.customers.d1-online.com. [80.187.81.40]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-3a073e5d52bsm17672837f8f.90.2025.04.30.07.37.22 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 30 Apr 2025 07:37:22 -0700 (PDT) Message-ID: <9c412f4f-3bdf-43c0-a3cd-7ce52233f4e5@redhat.com> Date: Wed, 30 Apr 2025 16:37:21 +0200 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH 1/1] mm: Fix folio_pte_batch() overcount with zero PTEs To: =?UTF-8?Q?Petr_Van=C4=9Bk?= Cc: linux-kernel@vger.kernel.org, Andrew Morton , Ryan Roberts , linux-mm@kvack.org, stable@vger.kernel.org References: <20250429142237.22138-1-arkamar@atlas.cz> <20250429142237.22138-2-arkamar@atlas.cz> <2025429144547-aBDmGzJBQc9RMBj--arkamar@atlas.cz> <2025429183321-aBEbcQQY3WX6dsNI-arkamar@atlas.cz> <1df577bb-eaba-4e34-9050-309ee1c7dc57@redhat.com> <202543011526-aBIO5nq6Olsmq2E--arkamar@atlas.cz> From: David Hildenbrand Autocrypt: addr=david@redhat.com; keydata= xsFNBFXLn5EBEAC+zYvAFJxCBY9Tr1xZgcESmxVNI/0ffzE/ZQOiHJl6mGkmA1R7/uUpiCjJ dBrn+lhhOYjjNefFQou6478faXE6o2AhmebqT4KiQoUQFV4R7y1KMEKoSyy8hQaK1umALTdL QZLQMzNE74ap+GDK0wnacPQFpcG1AE9RMq3aeErY5tujekBS32jfC/7AnH7I0v1v1TbbK3Gp XNeiN4QroO+5qaSr0ID2sz5jtBLRb15RMre27E1ImpaIv2Jw8NJgW0k/D1RyKCwaTsgRdwuK Kx/Y91XuSBdz0uOyU/S8kM1+ag0wvsGlpBVxRR/xw/E8M7TEwuCZQArqqTCmkG6HGcXFT0V9 PXFNNgV5jXMQRwU0O/ztJIQqsE5LsUomE//bLwzj9IVsaQpKDqW6TAPjcdBDPLHvriq7kGjt WhVhdl0qEYB8lkBEU7V2Yb+SYhmhpDrti9Fq1EsmhiHSkxJcGREoMK/63r9WLZYI3+4W2rAc UucZa4OT27U5ZISjNg3Ev0rxU5UH2/pT4wJCfxwocmqaRr6UYmrtZmND89X0KigoFD/XSeVv jwBRNjPAubK9/k5NoRrYqztM9W6sJqrH8+UWZ1Idd/DdmogJh0gNC0+N42Za9yBRURfIdKSb B3JfpUqcWwE7vUaYrHG1nw54pLUoPG6sAA7Mehl3nd4pZUALHwARAQABzSREYXZpZCBIaWxk ZW5icmFuZCA8ZGF2aWRAcmVkaGF0LmNvbT7CwZgEEwEIAEICGwMGCwkIBwMCBhUIAgkKCwQW AgMBAh4BAheAAhkBFiEEG9nKrXNcTDpGDfzKTd4Q9wD/g1oFAl8Ox4kFCRKpKXgACgkQTd4Q 9wD/g1oHcA//a6Tj7SBNjFNM1iNhWUo1lxAja0lpSodSnB2g4FCZ4R61SBR4l/psBL73xktp rDHrx4aSpwkRP6Epu6mLvhlfjmkRG4OynJ5HG1gfv7RJJfnUdUM1z5kdS8JBrOhMJS2c/gPf wv1TGRq2XdMPnfY2o0CxRqpcLkx4vBODvJGl2mQyJF/gPepdDfcT8/PY9BJ7FL6Hrq1gnAo4 3Iv9qV0JiT2wmZciNyYQhmA1V6dyTRiQ4YAc31zOo2IM+xisPzeSHgw3ONY/XhYvfZ9r7W1l pNQdc2G+o4Di9NPFHQQhDw3YTRR1opJaTlRDzxYxzU6ZnUUBghxt9cwUWTpfCktkMZiPSDGd KgQBjnweV2jw9UOTxjb4LXqDjmSNkjDdQUOU69jGMUXgihvo4zhYcMX8F5gWdRtMR7DzW/YE BgVcyxNkMIXoY1aYj6npHYiNQesQlqjU6azjbH70/SXKM5tNRplgW8TNprMDuntdvV9wNkFs 9TyM02V5aWxFfI42+aivc4KEw69SE9KXwC7FSf5wXzuTot97N9Phj/Z3+jx443jo2NR34XgF 89cct7wJMjOF7bBefo0fPPZQuIma0Zym71cP61OP/i11ahNye6HGKfxGCOcs5wW9kRQEk8P9 M/k2wt3mt/fCQnuP/mWutNPt95w9wSsUyATLmtNrwccz63XOwU0EVcufkQEQAOfX3n0g0fZz Bgm/S2zF/kxQKCEKP8ID+Vz8sy2GpDvveBq4H2Y34XWsT1zLJdvqPI4af4ZSMxuerWjXbVWb T6d4odQIG0fKx4F8NccDqbgHeZRNajXeeJ3R7gAzvWvQNLz4piHrO/B4tf8svmRBL0ZB5P5A 2uhdwLU3NZuK22zpNn4is87BPWF8HhY0L5fafgDMOqnf4guJVJPYNPhUFzXUbPqOKOkL8ojk CXxkOFHAbjstSK5Ca3fKquY3rdX3DNo+EL7FvAiw1mUtS+5GeYE+RMnDCsVFm/C7kY8c2d0G NWkB9pJM5+mnIoFNxy7YBcldYATVeOHoY4LyaUWNnAvFYWp08dHWfZo9WCiJMuTfgtH9tc75 7QanMVdPt6fDK8UUXIBLQ2TWr/sQKE9xtFuEmoQGlE1l6bGaDnnMLcYu+Asp3kDT0w4zYGsx 5r6XQVRH4+5N6eHZiaeYtFOujp5n+pjBaQK7wUUjDilPQ5QMzIuCL4YjVoylWiBNknvQWBXS lQCWmavOT9sttGQXdPCC5ynI+1ymZC1ORZKANLnRAb0NH/UCzcsstw2TAkFnMEbo9Zu9w7Kv AxBQXWeXhJI9XQssfrf4Gusdqx8nPEpfOqCtbbwJMATbHyqLt7/oz/5deGuwxgb65pWIzufa N7eop7uh+6bezi+rugUI+w6DABEBAAHCwXwEGAEIACYCGwwWIQQb2cqtc1xMOkYN/MpN3hD3 AP+DWgUCXw7HsgUJEqkpoQAKCRBN3hD3AP+DWrrpD/4qS3dyVRxDcDHIlmguXjC1Q5tZTwNB boaBTPHSy/Nksu0eY7x6HfQJ3xajVH32Ms6t1trDQmPx2iP5+7iDsb7OKAb5eOS8h+BEBDeq 3ecsQDv0fFJOA9ag5O3LLNk+3x3q7e0uo06XMaY7UHS341ozXUUI7wC7iKfoUTv03iO9El5f XpNMx/YrIMduZ2+nd9Di7o5+KIwlb2mAB9sTNHdMrXesX8eBL6T9b+MZJk+mZuPxKNVfEQMQ a5SxUEADIPQTPNvBewdeI80yeOCrN+Zzwy/Mrx9EPeu59Y5vSJOx/z6OUImD/GhX7Xvkt3kq Er5KTrJz3++B6SH9pum9PuoE/k+nntJkNMmQpR4MCBaV/J9gIOPGodDKnjdng+mXliF3Ptu6 3oxc2RCyGzTlxyMwuc2U5Q7KtUNTdDe8T0uE+9b8BLMVQDDfJjqY0VVqSUwImzTDLX9S4g/8 kC4HRcclk8hpyhY2jKGluZO0awwTIMgVEzmTyBphDg/Gx7dZU1Xf8HFuE+UZ5UDHDTnwgv7E th6RC9+WrhDNspZ9fJjKWRbveQgUFCpe1sa77LAw+XFrKmBHXp9ZVIe90RMe2tRL06BGiRZr jPrnvUsUUsjRoRNJjKKA/REq+sAnhkNPPZ/NNMjaZ5b8Tovi8C0tmxiCHaQYqj7G2rgnT0kt WNyWQQ== Organization: Red Hat In-Reply-To: <202543011526-aBIO5nq6Olsmq2E--arkamar@atlas.cz> X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: RpT4yDgLjSqH7IdHqY8WLUJWnWR4_0Kuv_NwK0uKVfE_1746023844 X-Mimecast-Originator: redhat.com Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: EB05D40011 X-Rspam-User: X-Rspamd-Server: rspam07 X-Stat-Signature: ui1sg6ubbf8ckyuds37yyqfg6hc8gkhf X-HE-Tag: 1746023847-519564 X-HE-Meta: U2FsdGVkX1+T2qNIsJp4TPtSoNukv3lzTB9/IBzSB6+XN7PiTgYMHKlqhKGdQjz5Avma5fyhHOTMU0jG0KuH2GAdhSCuxEfaH76D0zopW31ytYAk8k9+sn3A9hKqfDeNJBR/xZwHD2FXh1UGZtrdR0sc0YBR7jqLp5ZD5boej5pLp0X59at90izLeAT/0x18fKgiHN7hy/tsZRBrvtt7Ljl+gNpT8Yg2ZaBg1C3oopcEBydI9Y6HhoqrM4G5lkqOPRf658Zl5XldnzAzEyH6i9+Jq/F2IMyY+2If31z38bj0/zA6g1f27MSiVc3g+VtVsH7DYNSDJ+ivtGmsACY0GshO9IBV1tYINblqW4/Yr/6ruMt2QlyU0Nb2QGoFTw9zh2QHqjePwGrx0Wd1ujgYkzlmo4sI17Qs7hAqlJqAsiHamp2mn6F6UneJlRuCabjiMkjhewAl2qAhEha2hiDZHvzeB4BuNllMzpSci87wSzOzPICii3yn7S5t0pMug9DvmZc1LsVEYZl+intkRdfpQazmzoTmXCvJPfmjKlC9C2OTiL5z6IXb2Z1Ts6u6e9UMk/pT3Ae58dO0grO+fEx63pY2SB1smJXdCGQpEsmyqY5/oL+5ZBu4V2h2u335PL7ax17a6HShhniYoYWmYWbnlZhCHojQtUqpYj1B1i+cO0dkTGBaVirhMj740nU64xqpKO1CFGJQ8p4B3qbjqtZEHZUjJy01NMzX6T0cZHtoQ+VGoIL+8k2GV44mqANYPUizg35SaenOxDX17pLmcQbkOTrIglgwRBajyDJfnzgNXfyNI0b/OBial+4tcjan6beX/LHmBPzb34dLnKpt4vguRy7Bez6Fax+pmBIRhOHBcN6wpBvwtHMRmaePV85fGn+QX9CFC/iHZX0H7boR7aMfLuLH9y1bZe5I0mj0x18j7VmIMisqKBWummvZsOyWqAxYZqUNpKe6j2PbB3dCBeG ZPvGBw5z TFLZ5pGzJm6fWvki128XOpQrcsXtV/wR4Bxd1qn6VaWWUjcwKpOL6l3JqxmRRymTKFZiX5hpHgtPboPzUjzZ8Q9VWhner65TxPLXHqZbH2gTZGPorG9IiQpszkmQBxDBak1FTTqZx7+4YX/PmkK/Z2z8+wB6nB2KeF1YZfGzkfOZUS3VRPFoAQtw0ar1txgNgrIrxsVW3w60QTQTZREkEnlYDIVO51WvBGirkUWaQgHOt0VRhMhDWZgaeWZxSXl0zumPp+QTukyqarztkat1+engjzvEARWXZ+oT2nS2olHoe9cIiRkmRgeD5vuRBKc5nbJm/z7De3DbfUsQjl2R51aSwHf7Ab5p2Zznahm+4jQkDZ3ufzAR8T2FgDRBDJ2RmPBJ8DLORFhNU4urbPq8dU8WIczFlJwSVtQ2gvXxAzxDOVlclhHV9Tm6IpWI6wxZklvIBy0eFP5/fXeKqObS6JdaASKmCsbb1/6SbKLJhrRjWxdx28nsXSI/3e9TI4/EwFYlUKZjZwC1jWHE4PzeE41AjCh4G9lfKrHxF X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On 30.04.25 13:52, Petr Vaněk wrote: > On Tue, Apr 29, 2025 at 08:56:03PM +0200, David Hildenbrand wrote: >> On 29.04.25 20:33, Petr Vaněk wrote: >>> On Tue, Apr 29, 2025 at 05:45:53PM +0200, David Hildenbrand wrote: >>>> On 29.04.25 16:52, David Hildenbrand wrote: >>>>> On 29.04.25 16:45, Petr Vaněk wrote: >>>>>> On Tue, Apr 29, 2025 at 04:29:30PM +0200, David Hildenbrand wrote: >>>>>>> On 29.04.25 16:22, Petr Vaněk wrote: >>>>>>>> folio_pte_batch() could overcount the number of contiguous PTEs when >>>>>>>> pte_advance_pfn() returns a zero-valued PTE and the following PTE in >>>>>>>> memory also happens to be zero. The loop doesn't break in such a case >>>>>>>> because pte_same() returns true, and the batch size is advanced by one >>>>>>>> more than it should be. >>>>>>>> >>>>>>>> To fix this, bail out early if a non-present PTE is encountered, >>>>>>>> preventing the invalid comparison. >>>>>>>> >>>>>>>> This issue started to appear after commit 10ebac4f95e7 ("mm/memory: >>>>>>>> optimize unmap/zap with PTE-mapped THP") and was discovered via git >>>>>>>> bisect. >>>>>>>> >>>>>>>> Fixes: 10ebac4f95e7 ("mm/memory: optimize unmap/zap with PTE-mapped THP") >>>>>>>> Cc: stable@vger.kernel.org >>>>>>>> Signed-off-by: Petr Vaněk >>>>>>>> --- >>>>>>>> mm/internal.h | 2 ++ >>>>>>>> 1 file changed, 2 insertions(+) >>>>>>>> >>>>>>>> diff --git a/mm/internal.h b/mm/internal.h >>>>>>>> index e9695baa5922..c181fe2bac9d 100644 >>>>>>>> --- a/mm/internal.h >>>>>>>> +++ b/mm/internal.h >>>>>>>> @@ -279,6 +279,8 @@ static inline int folio_pte_batch(struct folio *folio, unsigned long addr, >>>>>>>> dirty = !!pte_dirty(pte); >>>>>>>> pte = __pte_batch_clear_ignored(pte, flags); >>>>>>>> >>>>>>>> + if (!pte_present(pte)) >>>>>>>> + break; >>>>>>>> if (!pte_same(pte, expected_pte)) >>>>>>>> break; >>>>>>> >>>>>>> How could pte_same() suddenly match on a present and non-present PTE. >>>>>> >>>>>> In the problematic case pte.pte == 0 and expected_pte.pte == 0 as well. >>>>>> pte_same() returns a.pte == b.pte -> 0 == 0. Both are non-present PTEs. >>>>> >>>>> Observe that folio_pte_batch() was called *with a present pte*. >>>>> >>>>> do_zap_pte_range() >>>>> if (pte_present(ptent)) >>>>> zap_present_ptes() >>>>> folio_pte_batch() >>>>> >>>>> How can we end up with an expected_pte that is !present, if it is based >>>>> on the provided pte that *is present* and we only used pte_advance_pfn() >>>>> to advance the pfn? >>>> >>>> I've been staring at the code for too long and don't see the issue. >>>> >>>> We even have >>>> >>>> VM_WARN_ON_FOLIO(!pte_present(pte), folio); >>>> >>>> So the initial pteval we got is present. >>>> >>>> I don't see how >>>> >>>> nr = pte_batch_hint(start_ptep, pte); >>>> expected_pte = __pte_batch_clear_ignored(pte_advance_pfn(pte, nr), flags); >>>> >>>> would suddenly result in !pte_present(expected_pte). >>> >>> The issue is not happening in __pte_batch_clear_ignored but later in >>> following line: >>> >>> expected_pte = pte_advance_pfn(expected_pte, nr); >>> >>> The issue seems to be in __pte function which converts PTE value to >>> pte_t in pte_advance_pfn, because warnings disappears when I change the >>> line to >>> >>> expected_pte = (pte_t){ .pte = pte_val(expected_pte) + (nr << PFN_PTE_SHIFT) }; >>> >>> The kernel probably uses __pte function from >>> arch/x86/include/asm/paravirt.h because it is configured with >>> CONFIG_PARAVIRT=y: >>> >>> static inline pte_t __pte(pteval_t val) >>> { >>> return (pte_t) { PVOP_ALT_CALLEE1(pteval_t, mmu.make_pte, val, >>> "mov %%rdi, %%rax", ALT_NOT_XEN) }; >>> } >>> >>> I guess it might cause this weird magic, but I need more time to >>> understand what it does :) > > I understand it slightly more. __pte() uses xen_make_pte(), which calls > pte_pfn_to_mfn(), however, mfn for this pfn contains INVALID_P2M_ENTRY > value, therefore the pte_pfn_to_mfn() returns 0, see [1]. > > I guess that the mfn was invalidated by xen-balloon driver? > > [1] https://web.git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/arch/x86/xen/mmu_pv.c?h=v6.15-rc4#n408 > >> What XEN does with basic primitives that convert between pteval and >> pte_t is beyond horrible. >> >> How come set_ptes() that uses pte_next_pfn()->pte_advance_pfn() does not >> run into this? > > I don't know, but I guess it is somehow related to pfn->mfn translation. > >> Is it only a problem if we exceed a certain pfn? > > No, it is a problem if the corresponding mft to given pfn is invalid. > > I am not sure if my original patch is a good fix. No :) Maybe it would be > better to have some sort of native_pte_advance_pfn() which will use > native_make_pte() rather than __pte(). Or do you think the issue is in > Xen part? I think what's happening is that -- under XEN only -- we might get garbage when calling pte_advance_pfn() and the next PFN would no longer fall into the folio. And the current code cannot deal with that XEN garbage. But still not 100% sure. The following is completely untested, could you give that a try? I might find some time this evening to test myself and try to further improve it. From 7d4149a5ea18cba6a694946e59efa9f51d793a4e Mon Sep 17 00:00:00 2001 From: David Hildenbrand Date: Wed, 30 Apr 2025 16:35:12 +0200 Subject: [PATCH] tmp Signed-off-by: David Hildenbrand --- mm/internal.h | 29 +++++++++++++---------------- 1 file changed, 13 insertions(+), 16 deletions(-) diff --git a/mm/internal.h b/mm/internal.h index e9695baa59226..a9ea7f62486ec 100644 --- a/mm/internal.h +++ b/mm/internal.h @@ -248,11 +248,9 @@ static inline int folio_pte_batch(struct folio *folio, unsigned long addr, pte_t *start_ptep, pte_t pte, int max_nr, fpb_t flags, bool *any_writable, bool *any_young, bool *any_dirty) { - unsigned long folio_end_pfn = folio_pfn(folio) + folio_nr_pages(folio); - const pte_t *end_ptep = start_ptep + max_nr; pte_t expected_pte, *ptep; bool writable, young, dirty; - int nr; + int nr, cur_nr; if (any_writable) *any_writable = false; @@ -265,11 +263,17 @@ static inline int folio_pte_batch(struct folio *folio, unsigned long addr, VM_WARN_ON_FOLIO(!folio_test_large(folio) || max_nr < 1, folio); VM_WARN_ON_FOLIO(page_folio(pfn_to_page(pte_pfn(pte))) != folio, folio); + /* Limit max_nr to the actual remaining PFNs in the folio. */ + max_nr = min_t(unsigned long, max_nr, + folio_pfn(folio) + folio_nr_pages(folio) - pte_pfn(pte)); + if (unlikely(max_nr == 1)) + return 1; + nr = pte_batch_hint(start_ptep, pte); expected_pte = __pte_batch_clear_ignored(pte_advance_pfn(pte, nr), flags); ptep = start_ptep + nr; - while (ptep < end_ptep) { + while (nr < max_nr) { pte = ptep_get(ptep); if (any_writable) writable = !!pte_write(pte); @@ -282,14 +286,6 @@ static inline int folio_pte_batch(struct folio *folio, unsigned long addr, if (!pte_same(pte, expected_pte)) break; - /* - * Stop immediately once we reached the end of the folio. In - * corner cases the next PFN might fall into a different - * folio. - */ - if (pte_pfn(pte) >= folio_end_pfn) - break; - if (any_writable) *any_writable |= writable; if (any_young) @@ -297,12 +293,13 @@ static inline int folio_pte_batch(struct folio *folio, unsigned long addr, if (any_dirty) *any_dirty |= dirty; - nr = pte_batch_hint(ptep, pte); - expected_pte = pte_advance_pfn(expected_pte, nr); - ptep += nr; + cur_nr = pte_batch_hint(ptep, pte); + expected_pte = pte_advance_pfn(expected_pte, cur_nr); + ptep += cur_nr; + nr += cur_nr; } - return min(ptep - start_ptep, max_nr); + return min(nr, max_nr); } /** -- 2.49.0 -- Cheers, David / dhildenb