From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 7CD0AC8302D
	for <linux-mm@archiver.kernel.org>; Mon, 30 Jun 2025 17:13:27 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id E46186B00D7; Mon, 30 Jun 2025 13:13:26 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id DF5F76B00D9; Mon, 30 Jun 2025 13:13:26 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id CE57C6B00DA; Mon, 30 Jun 2025 13:13:26 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16])
	by kanga.kvack.org (Postfix) with ESMTP id BAC956B00D7
	for <linux-mm@kvack.org>; Mon, 30 Jun 2025 13:13:26 -0400 (EDT)
Received: from smtpin03.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay07.hostedemail.com (Postfix) with ESMTP id 45BF61605B8
	for <linux-mm@kvack.org>; Mon, 30 Jun 2025 17:13:26 +0000 (UTC)
X-FDA: 83612713212.03.74A1CDD
Received: from mail-ed1-f46.google.com (mail-ed1-f46.google.com [209.85.208.46])
	by imf23.hostedemail.com (Postfix) with ESMTP id 6259B140006
	for <linux-mm@kvack.org>; Mon, 30 Jun 2025 17:13:24 +0000 (UTC)
Authentication-Results: imf23.hostedemail.com;
	dkim=pass header.d=google.com header.s=20230601 header.b=ER0KzUgE;
	spf=pass (imf23.hostedemail.com: domain of jannh@google.com designates 209.85.208.46 as permitted sender) smtp.mailfrom=jannh@google.com;
	dmarc=pass (policy=reject) header.from=google.com
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1751303604;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=jasc2yCLCtAmXj5vg6zKb7XPnw8WeWWLMn09XtqorQ8=;
	b=RZgVWHRmdcYkXDqTxH4o6LvuUUcXE5p30uKiEX0LvjHjB8Ew/ASF0c33r6LcOUu93F2xcw
	Pmru5lzmQJPrgFWBGPWkTyT8HN5UIaQ5NrYC82yj3J5uEZoQTargNSUTzlnM4oi/d5YG3e
	CZJYWB11fhRAgBFxmZwiuBVnsG/jlgw=
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1751303604; a=rsa-sha256;
	cv=none;
	b=NXsj8AOayp1xHrYjN5U2z8CquAQsbuAGcE7SsAfGpVd4r3KrterS8zGmMpdQ0r8tNTuvgp
	s8HEUyahwJC/ETbxCJIehGiy21xdnLHZmRSObR1OsYfLrX0SPVpyVs+xik5XAoOCrJX22E
	HL0GS+HYQYLIuNlkhCTudPA7IfiADbk=
ARC-Authentication-Results: i=1;
	imf23.hostedemail.com;
	dkim=pass header.d=google.com header.s=20230601 header.b=ER0KzUgE;
	spf=pass (imf23.hostedemail.com: domain of jannh@google.com designates 209.85.208.46 as permitted sender) smtp.mailfrom=jannh@google.com;
	dmarc=pass (policy=reject) header.from=google.com
Received: by mail-ed1-f46.google.com with SMTP id 4fb4d7f45d1cf-60b86fc4b47so419a12.1
        for <linux-mm@kvack.org>; Mon, 30 Jun 2025 10:13:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1751303603; x=1751908403; darn=kvack.org;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:from:to:cc:subject:date
         :message-id:reply-to;
        bh=jasc2yCLCtAmXj5vg6zKb7XPnw8WeWWLMn09XtqorQ8=;
        b=ER0KzUgE4m0U/n5kEdQrjPMPA3dVd5sBBWoyaRQ2KbZfAd8KMUAQPoBcpcTihPOuWt
         +4lLPXvdeHuDzc9oztskSHnDYvsqEGLUJJNOPFL1EOBSlJIJ/aZXIRYhtbw7MZFr6mbm
         a2UlJjjdsDMnH0QbdoqzjeNa01BYXb+Kch9SmezRclaRfv6pv0KCsHRc7idZMcaZ5EAF
         IXWl++zvM/82zFBIVGz6E4YRluRTTJxltDDiuf2pK/WfgvuhaVO3KE+CihzxsGOep3ff
         9+qryRgUGSswzVNKVoDPIHoVGPVdX8wBqYdfgHYDqCV602o3924zBKaqlYemz7xCy68H
         ffcQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1751303603; x=1751908403;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=jasc2yCLCtAmXj5vg6zKb7XPnw8WeWWLMn09XtqorQ8=;
        b=GDXN6WVtbMDeHEQUgcq/9ierXt2ZDw0qfD7PLJojFwjnOvZIVTk7E/bD2kTTDZOQAj
         srHnQ5NOqFhxSzLdwUCXrhrMK2W5k3jsK6NgLVdNSxV4Dp7TSXTlK/oQRZSxONAR4gMo
         /OS7nlBk1L++GlhjpFoLhtjVQ2ynjADRmhBNHu3+5/o0GJP3mRj8IGQroRDqoBoPSrmN
         mRVWs8y29oufNjNIG7TiAtTOhmiv+4pQ3o6p6i8soOLHXcGkjMa5uUzX1Q1vueyz5e8J
         BD2Y7HJDASxHdVdk8xXxchDrterj0hsuOqtBS5+gRWkBLZxNHJpOr6pb1sDFNJY2Ct31
         8xIQ==
X-Forwarded-Encrypted: i=1; AJvYcCVKvWdR4jV5IpyPGyQ6rwlQzjyESe7uRs0PA8nzu5JWpBtkalbHGxB0LAfiL1k9eyR6tK+oGS1LIw==@kvack.org
X-Gm-Message-State: AOJu0YyM0y+HpFXuNvjqV3mNz+1jU2+xcqpMQqJ6HFaJFzr/kS+7k4Qn
	bD0C2T+Azam5blvQf9rgBdU1pej2vSYCFOargZVP6rE0X7iFCGk6hPsk9rWxDhMrAHXqVhZSKCt
	l5mXs9a+42lG090S5D9va4ugukLIlCD+3YrlEQiE6
X-Gm-Gg: ASbGncsPgMmdQo4+7dmFn1M3jjTzbrUWjyoINxlbYRGoI0sUavUER9oNs9BaSfVyzHQ
	1L7wOhdX/+Y3V/N0EXeFf/AlwzIfKxDpmf9VzWPziR2ZwZnqcxbIPHAsugQJTPzqDPy3KB6ymtL
	rJsY/ZBCGxzkSi9Fj3x/LhpjKkBq54JjTJF6dFAhALAbbmju6IekvPby5slLSP4Qqowe+Tne11
X-Google-Smtp-Source: AGHT+IEzfT/ZhtvaiHES1w5oEMGGkR7Cyo6jq9vHat5tTCdSf7fpQ7ssJ8USfyRBT8RU2gzg9zUYeCitkt1kJFZnKtE=
X-Received: by 2002:a05:6402:896:b0:5e6:15d3:ffe7 with SMTP id
 4fb4d7f45d1cf-60ca584adb6mr177763a12.7.1751303602326; Mon, 30 Jun 2025
 10:13:22 -0700 (PDT)
MIME-Version: 1.0
References: <2025062041-uplifted-cahoots-6c42@gregkh> <20250620213334.158850-1-jannh@google.com>
 <20250620213334.158850-2-jannh@google.com> <srhpjxlqfna67blvma5frmy3aa@altlinux.org>
In-Reply-To: <srhpjxlqfna67blvma5frmy3aa@altlinux.org>
From: Jann Horn <jannh@google.com>
Date: Mon, 30 Jun 2025 19:12:45 +0200
X-Gm-Features: Ac12FXzfUXrkv-OKuAyNZTAWdJTtbngKItkU25c4MYi5jjRadoR-tibPVCecEWs
Message-ID: <CAG48ez26QWvqPoL-B0p934P9U6hDyGTUDjE6srGdUhBeCR2Z=w@mail.gmail.com>
Subject: Re: [PATCH 6.1.y 2/3] mm: hugetlb: independent PMD page table shared count
To: Vitaly Chikunov <vt@altlinux.org>, Muchun Song <muchun.song@linux.dev>, 
	Oscar Salvador <osalvador@suse.de>, Dave Hansen <dave.hansen@linux.intel.com>, 
	Andy Lutomirski <luto@kernel.org>, Peter Zijlstra <peterz@infradead.org>
Cc: Sasha Levin <sashal@kernel.org>, Andrew Morton <akpm@linux-foundation.org>, 
	gregkh@linuxfoundation.org, stable@vger.kernel.org, 
	Jane Chu <jane.chu@oracle.com>, Nanyong Sun <sunnanyong@huawei.com>, 
	Ken Chen <kenneth.w.chen@intel.com>, Kefeng Wang <wangkefeng.wang@huawei.com>, 
	Liu Shixin <liushixin2@huawei.com>, linux-mm@kvack.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Rspamd-Server: rspam03
X-Rspamd-Queue-Id: 6259B140006
X-Stat-Signature: 1fg57hyoqjjrfqd5izsqxhtbc3s16wgt
X-Rspam-User: 
X-HE-Tag: 1751303604-369143
X-HE-Meta: U2FsdGVkX18Ptu5So900KFaiqNIqzz1D0lECPm+BIFtAlgJSpzZRHgzk0TZ2jVeQEQo88nwxiHRmozqB6ARMNOicPxm+7UIEzPzqK2E8mnXrw6OKhkqT33xLi4UyRDU6k9cF/5X/AzOrjVMeS0kr75AsdI3sRcptEUwOSeFgI/tx3AOhecMFYxqDsk4wHHZHrFVK/xUPEvcPqIuknTOonRvLnpt9zGg552KOqzgVdPNHV85/LML5HTWlC0BtFiAvzDQSmXL6qlMjVwLw1uRwgefE5CP9+0RNHp2G2yw/uYviPvrCDJkujAdwJ/NNIxlLQt3ryozc4uf4YVHd9ob8Q7DyGrPR+61VMsKuE9z70/x2VMCKgTOOTrfiAc6G1n3mpoDKGrohWIec4tg/gpidiKusZr0u5oc0v17nmHHE963fokgKJOHLDRFQ7cvNgcnmAZSYub5O2s5a98xI3SOZdYIcMEZcE3hmgEM2Hnv1p4/7mAcpMGFYoW2ZE6B5CtsroocPNVRi94ejfd4Q+7DFGsOdeGkwT0Sx2CwQTXG50WCH7JsPX58IJe3+7dpM24HIMiz0bj4pXz9MfWTHchu/bywpYg03QCFREHhqViNkrFY16GJHMW/Sk4RTjXeejYe6Ilsy6MejGgRbwrojD4Rgmhv8+7hsAcwynMu7BoRHiKWrws9wulA5vsrCF8XCdN7FMVU56teFEHwga0uz+cYB/Zq3JnV9zO23UGjM/quRLtyjwct5602eVFKUgl7U0dU0XGWIPmkTD5TkMRHQmHiDEeKJOMrYlha/bQP9Drf3+ydDZrTOEnIy45HxhABL5b3wVO/AkWXS6oQ5HU2CUjiPhI/rYV25OS6oC7nhpQjJLU5D9f4qethjTw==
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
List-Subscribe: <mailto:majordomo@kvack.org>
List-Unsubscribe: <mailto:majordomo@kvack.org>

tl;dr: 32-bit x86 without PAE opts into hugetlb page table sharing
despite only having 2-level paging, which means the "sharable" page
tables are PGDs, and then stuff breaks

On Sun, Jun 29, 2025 at 3:00=E2=80=AFPM Vitaly Chikunov <vt@altlinux.org> w=
rote:
> LTP tests failure with the following commit described below:

Uuugh... thanks for letting me know.

> On Fri, Jun 20, 2025 at 11:33:32PM +0200, Jann Horn wrote:
> > From: Liu Shixin <liushixin2@huawei.com>
> >
> > [ Upstream commit 59d9094df3d79443937add8700b2ef1a866b1081 ]
> >
> > The folio refcount may be increased unexpectly through try_get_folio() =
by
> > caller such as split_huge_pages.  In huge_pmd_unshare(), we use refcoun=
t
> > to check whether a pmd page table is shared.  The check is incorrect if
> > the refcount is increased by the above caller, and this can cause the p=
age
> > table leaked:
[...]
> The commit causes LTP test memfd_create03 to fail on i586 architecture
> on v6.1.142 stable release, the test was passing on v6.1.141. Found the
> commit with git bisect.

Ah, yes, I can reproduce this; specifically it reproduces on a 32-bit
X86 builds without X86_PAE. If I enable X86_PAE, the tests pass.

Okay, I don't know precisely why this is breaking, but at a high
level: x86 unconditionally selects ARCH_WANT_HUGE_PMD_SHARE (and still
does in mainline). That flag means "when we have PMD entries pointing
to hugetlb pages, we want to share the PMD table across processes".

32-bit X86 with PAE has 3 page table levels (pgd, pmd, pte); so with
this sharing mechanism, we'd have multiple PGD entries pointing to the
same PMD. I guess that seems fine.

But 32-bit X86 with PAE only has 2 page table levels (pgd, pte). So a
hugepage is referenced by a PGD entry, and it makes no sense to try to
share PGDs. PGDs not being shared page tables is also baked into
(looking at the mainline version) "struct ptdesc", which puts "struct
mm_struct *pt_mm;" (for x86 PGDs) and "atomic_t pt_share_count;" (for
hugetlb page table sharing) into the same union.

I guess I'll send a patch later to disable page table sharing in
non-PAE 32-bit x86... or maybe we should disable it entirely for
32-bit x86...