[PATCH] mm: sparsemem: fix missing higher order allocation splitting

[PATCH] mm: sparsemem: fix missing higher order allocation splitting

[Muchun Song]

Higher order allocations for vmemmap pages from buddy allocator must be
able to be treated as indepdenent small pages as they can be freed
individually by the caller.  There is no problem for higher order vmemmap
pages allocated at boot time since each individual small page will be
initialized at boot time.  However, it will be an issue for memory hotplug
case since those higher order vmemmap pages are allocated from buddy
allocator without initializing each individual small page's refcount. The
system will panic in put_page_testzero() when CONFIG_DEBUG_VM is enabled
if the vmemmap page is freed.

Fixes: d8d55f5616cf ("mm: sparsemem: use page table lock to protect kernel pmd operations")
Cc: <stable@vger.kernel.org>
Signed-off-by: Muchun Song <songmuchun@bytedance.com>
---
 mm/sparse-vmemmap.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/mm/sparse-vmemmap.c b/mm/sparse-vmemmap.c
index 652f11a05749..ebb489fcf07c 100644
--- a/mm/sparse-vmemmap.c
+++ b/mm/sparse-vmemmap.c
@@ -78,6 +78,14 @@ static int __split_vmemmap_huge_pmd(pmd_t *pmd, unsigned long start)
 
 	spin_lock(&init_mm.page_table_lock);
 	if (likely(pmd_leaf(*pmd))) {
+		/*
+		 * Higher order allocations from buddy allocator must be able to
+		 * be treated as indepdenent small pages (as they can be freed
+		 * individually).
+		 */
+		if (!PageReserved(page))
+			split_page(page, get_order(PMD_SIZE));
+
 		/* Make pte visible before pmd. See comment in pmd_install(). */
 		smp_wmb();
 		pmd_populate_kernel(&init_mm, pmd, pgtable);
-- 
2.11.0

Re: [PATCH] mm: sparsemem: fix missing higher order allocation splitting

[Mike Kravetz]

On 06/20/22 10:30, Muchun Song wrote:
> Higher order allocations for vmemmap pages from buddy allocator must be
> able to be treated as indepdenent small pages as they can be freed
> individually by the caller.  There is no problem for higher order vmemmap
> pages allocated at boot time since each individual small page will be
> initialized at boot time.  However, it will be an issue for memory hotplug
> case since those higher order vmemmap pages are allocated from buddy
> allocator without initializing each individual small page's refcount. The
> system will panic in put_page_testzero() when CONFIG_DEBUG_VM is enabled
> if the vmemmap page is freed.
> 
> Fixes: d8d55f5616cf ("mm: sparsemem: use page table lock to protect kernel pmd operations")
> Cc: <stable@vger.kernel.org>
> Signed-off-by: Muchun Song <songmuchun@bytedance.com>
> ---
>  mm/sparse-vmemmap.c | 8 ++++++++
>  1 file changed, 8 insertions(+)

Thanks for fixing,

Reviewed-by: Mike Kravetz <mike.kravetz@oracle.com>
-- 
Mike Kravetz

> 
> diff --git a/mm/sparse-vmemmap.c b/mm/sparse-vmemmap.c
> index 652f11a05749..ebb489fcf07c 100644
> --- a/mm/sparse-vmemmap.c
> +++ b/mm/sparse-vmemmap.c
> @@ -78,6 +78,14 @@ static int __split_vmemmap_huge_pmd(pmd_t *pmd, unsigned long start)
>  
>  	spin_lock(&init_mm.page_table_lock);
>  	if (likely(pmd_leaf(*pmd))) {
> +		/*
> +		 * Higher order allocations from buddy allocator must be able to
> +		 * be treated as indepdenent small pages (as they can be freed
> +		 * individually).
> +		 */
> +		if (!PageReserved(page))
> +			split_page(page, get_order(PMD_SIZE));
> +
>  		/* Make pte visible before pmd. See comment in pmd_install(). */
>  		smp_wmb();
>  		pmd_populate_kernel(&init_mm, pmd, pgtable);
> -- 
> 2.11.0
>