From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2347ED69104 for ; Thu, 28 Nov 2024 12:38:47 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 7FDCF6B0083; Thu, 28 Nov 2024 07:38:46 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 7AD856B0085; Thu, 28 Nov 2024 07:38:46 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 69BD46B0088; Thu, 28 Nov 2024 07:38:46 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 4BB6A6B0083 for ; Thu, 28 Nov 2024 07:38:46 -0500 (EST) Received: from smtpin19.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id 02C961A0DDA for ; Thu, 28 Nov 2024 12:38:45 +0000 (UTC) X-FDA: 82835457516.19.22F2E21 Received: from relay9-d.mail.gandi.net (relay9-d.mail.gandi.net [217.70.183.199]) by imf23.hostedemail.com (Postfix) with ESMTP id 34F8A14000B for ; Thu, 28 Nov 2024 12:38:39 +0000 (UTC) Authentication-Results: imf23.hostedemail.com; dkim=none; dmarc=none; spf=pass (imf23.hostedemail.com: domain of alex@ghiti.fr designates 217.70.183.199 as permitted sender) smtp.mailfrom=alex@ghiti.fr ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1732797517; a=rsa-sha256; cv=none; b=yFlhVXQX1B1gzPlZtRh33qpVByPpagIxAMkBNa3GuzOEtVAjj91cr37iR9iNeCWHGuOFGT jM1GcfPv7lFx8CXMkhMcQ0+y5K7Z13alTUt2xylxaco6fKD3RhceQA+meL9Mfy8M4qlw8c OBqN16N2wirpJBMJJpYHHuUFoX9Ul4o= ARC-Authentication-Results: i=1; imf23.hostedemail.com; dkim=none; dmarc=none; spf=pass (imf23.hostedemail.com: domain of alex@ghiti.fr designates 217.70.183.199 as permitted sender) smtp.mailfrom=alex@ghiti.fr ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1732797517; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=4JRmds+JVsJR5lxBa3l9S5Pzdtim2jraUZVdeNH0paM=; b=F+Y6L9yOGYve0O1qSy554qFNCgff7QrWe8biAoSHRwr5yD2LttUM2av7bR3YPB5dc6mu9t NaWpksCNAcyYM80/dgcrxezb7nkg8I+Iv+pgVeTRfshrAZs+OUsGN3wfMsaVOAujBERlZw fjG7Ucoo1/O60ubuDrajaQnp96sIvwc= Received: by mail.gandi.net (Postfix) with ESMTPSA id 2C600FF803; Thu, 28 Nov 2024 12:38:39 +0000 (UTC) Message-ID: Date: Thu, 28 Nov 2024 13:38:38 +0100 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH fixes] riscv: mm: Do not call pmd dtor on vmemmap page table teardown To: =?UTF-8?B?QmrDtnJuIFTDtnBlbA==?= , Alexandre Ghiti , Albert Ou , David Hildenbrand , Palmer Dabbelt , Paul Walmsley , linux-riscv@lists.infradead.org, Oscar Salvador Cc: =?UTF-8?B?QmrDtnJuIFTDtnBlbA==?= , Andrew Bresticker , linux-kernel@vger.kernel.org, linux-mm@kvack.org, virtualization@lists.linux-foundation.org References: <20241120131203.1859787-1-bjorn@kernel.org> Content-Language: en-US From: Alexandre Ghiti In-Reply-To: <20241120131203.1859787-1-bjorn@kernel.org> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-GND-Sasl: alex@ghiti.fr X-Rspamd-Server: rspam04 X-Rspamd-Queue-Id: 34F8A14000B X-Stat-Signature: tgkr44p6w7nfds8b7c1sgengsca8kdtp X-Rspam-User: X-HE-Tag: 1732797519-172893 X-HE-Meta: U2FsdGVkX1/Fg5Dkkb38g9cQdpH9DL+mrro3/k+SVQvCKNpVt3hRJNmdJk2f+5d0NWh9E1ZMLAU3X2v9OwWwYCH04FgEBShxCUjVYds8qPsP8xNuNxaedqgWdrusP/FTdmSG/DOaZ92rkNoep60NxfYEaMlbk9OBjGpDpIQvccudzWP7u5C2cnHYWL1lz0qRPF4uP8nEivb9+wID8S/w3I03Wy1scj4dpil8PQbQ89e1pOgZxzeNpXDR23r/XpGEZwbn92DOpZnLYAYCtJLzUTFE/IyahE3XagrC8teBYEGnFGtKk5MbOq/B84L+YLhNf2Gjq2bmxfFYz5d7LRvjby0TqfcFILHChTrZRrtP9wiCzJF7pNBeATDUG41sLUp14Mr+AFSzZzeR1b1XfWtmxj/7BvVbhtqHufMHciCaQHFNOmL9H5P3A/tNTeoNMA5+b760BJZspirMv1+uQJJroL/pgI3iWuejYZtPcTWqEMYvY25JRYSFwwHu6u2+0Ea70Zvv1ATPAtilWQaDEKRyiWKVoepA1mS9rNzg01S4wotu6QmXax5g89WSLc5RaTf7t67OFpgbcV+BrP728zAQVUZPmIar+BuSXd5ppUqM9H2HXps8Av/albX4mFyEm15IBrtaafnD+gLMbHQhjMdylY7HJwXzmeksw8OSNerRRE4OfaKhvfWfYZys9svQvj+JDXDLrePuSx12Bv6fe79m+Jf2ZMSLHj4ZipAgm6LDE9Ucgr35dBNt8VKE2B2DlOpHQXsVhcLsM0nmQDo1AsTmDsNOihVdXxcxreigGwSC3Q8jeAs4Pqc0n2+v2jRgKTTfQja8sWiIePE6bZvMIXy7PIEGLk56uD3RDFyli0qCEuXWOLBw/kJuB5wF6Piog0RidnV7pJ703xk4QHrySQHyXEfNQhfOAtAViiaG/Ro4/sHGNq02JPXIJ3JBUMT1IZflTTOE6LoAu0ekVp5X9Td /daMAOrE VxwVAoVQabPAdUIwxF3V0i7zYwbA6Tqpr9hDN6MaUFH30q1TzLngHo1yTVaB8dwcl7j2r99qaCTkgRE0AUIZjHfITOpKV1jvPL/KUHzrhKYHzOzYW91uABdW9skfn6xxJLiFiir76dCSn1MR0T2l7C7KPaWxaqnmBv4gFXhscblKN/Uw= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Hi Björn, On 20/11/2024 14:12, Björn Töpel wrote: > From: Björn Töpel > > The vmemmap's, which is used for RV64 with SPARSEMEM_VMEMMAP, page > tables are populated using pmd (page middle directory) hugetables. > However, the pmd allocation is not using the generic mechanism used by > the VMA code (e.g. pmd_alloc()), or the RISC-V specific > create_pgd_mapping()/alloc_pmd_late(). Instead, the vmemmap page table > code allocates a page, and calls vmemmap_set_pmd(). This results in > that the pmd ctor is *not* called, nor would it make sense to do so. > > Now, when tearing down a vmemmap page table pmd, the cleanup code > would unconditionally, and incorrectly call the pmd dtor, which > results in a crash (best case). > > This issue was found when running the HMM selftests: > > | tools/testing/selftests/mm# ./test_hmm.sh smoke > | ... # when unloading the test_hmm.ko module > | page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10915b > | flags: 0x1000000000000000(node=0|zone=1) > | raw: 1000000000000000 0000000000000000 dead000000000122 0000000000000000 > | raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 > | page dumped because: VM_BUG_ON_PAGE(ptdesc->pmd_huge_pte) > | ------------[ cut here ]------------ > | kernel BUG at include/linux/mm.h:3080! > | Kernel BUG [#1] > | Modules linked in: test_hmm(-) sch_fq_codel fuse drm drm_panel_orientation_quirks backlight dm_mod > | CPU: 1 UID: 0 PID: 514 Comm: modprobe Tainted: G W 6.12.0-00982-gf2a4f1682d07 #2 > | Tainted: [W]=WARN > | Hardware name: riscv-virtio qemu/qemu, BIOS 2024.10 10/01/2024 > | epc : remove_pgd_mapping+0xbec/0x1070 > | ra : remove_pgd_mapping+0xbec/0x1070 > | epc : ffffffff80010a68 ra : ffffffff80010a68 sp : ff20000000a73940 > | gp : ffffffff827b2d88 tp : ff6000008785da40 t0 : ffffffff80fbce04 > | t1 : 0720072007200720 t2 : 706d756420656761 s0 : ff20000000a73a50 > | s1 : ff6000008915cff8 a0 : 0000000000000039 a1 : 0000000000000008 > | a2 : ff600003fff0de20 a3 : 0000000000000000 a4 : 0000000000000000 > | a5 : 0000000000000000 a6 : c0000000ffffefff a7 : ffffffff824469b8 > | s2 : ff1c0000022456c0 s3 : ff1ffffffdbfffff s4 : ff6000008915c000 > | s5 : ff6000008915c000 s6 : ff6000008915c000 s7 : ff1ffffffdc00000 > | s8 : 0000000000000001 s9 : ff1ffffffdc00000 s10: ffffffff819a31f0 > | s11: ffffffffffffffff t3 : ffffffff8000c950 t4 : ff60000080244f00 > | t5 : ff60000080244000 t6 : ff20000000a73708 > | status: 0000000200000120 badaddr: ffffffff80010a68 cause: 0000000000000003 > | [] remove_pgd_mapping+0xbec/0x1070 > | [] vmemmap_free+0x14/0x1e > | [] section_deactivate+0x220/0x452 > | [] sparse_remove_section+0x4a/0x58 > | [] __remove_pages+0x7e/0xba > | [] memunmap_pages+0x2bc/0x3fe > | [] dmirror_device_remove_chunks+0x2ea/0x518 [test_hmm] > | [] hmm_dmirror_exit+0x3e/0x1018 [test_hmm] > | [] __riscv_sys_delete_module+0x15a/0x2a6 > | [] do_trap_ecall_u+0x1f2/0x266 > | [] _new_vmalloc_restore_context_a0+0xc6/0xd2 > | Code: bf51 7597 0184 8593 76a5 854a 4097 0029 80e7 2c00 (9002) 7597 > | ---[ end trace 0000000000000000 ]--- > | Kernel panic - not syncing: Fatal exception in interrupt > > Add a check to avoid calling the pmd dtor, if the calling context is > vmemmap_free(). > > Fixes: c75a74f4ba19 ("riscv: mm: Add memory hotplugging support") > Signed-off-by: Björn Töpel > --- > arch/riscv/mm/init.c | 7 ++++--- > 1 file changed, 4 insertions(+), 3 deletions(-) > > diff --git a/arch/riscv/mm/init.c b/arch/riscv/mm/init.c > index 0e8c20adcd98..fc53ce748c80 100644 > --- a/arch/riscv/mm/init.c > +++ b/arch/riscv/mm/init.c > @@ -1566,7 +1566,7 @@ static void __meminit free_pte_table(pte_t *pte_start, pmd_t *pmd) > pmd_clear(pmd); > } > > -static void __meminit free_pmd_table(pmd_t *pmd_start, pud_t *pud) > +static void __meminit free_pmd_table(pmd_t *pmd_start, pud_t *pud, bool is_vmemmap) > { > struct page *page = pud_page(*pud); > struct ptdesc *ptdesc = page_ptdesc(page); > @@ -1579,7 +1579,8 @@ static void __meminit free_pmd_table(pmd_t *pmd_start, pud_t *pud) > return; > } > > - pagetable_pmd_dtor(ptdesc); > + if (!is_vmemmap) > + pagetable_pmd_dtor(ptdesc); > if (PageReserved(page)) > free_reserved_page(page); > else > @@ -1703,7 +1704,7 @@ static void __meminit remove_pud_mapping(pud_t *pud_base, unsigned long addr, un > remove_pmd_mapping(pmd_base, addr, next, is_vmemmap, altmap); > > if (pgtable_l4_enabled) > - free_pmd_table(pmd_base, pudp); > + free_pmd_table(pmd_base, pudp, is_vmemmap); > } > } > > > base-commit: 57f7c7dc78cd09622b12920d92b40c1ce11b234e Reviewed-by: Alexandre Ghiti Thanks, Alex