From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 70C29C0219B
	for <linux-mm@archiver.kernel.org>; Tue, 11 Feb 2025 12:10:22 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 879D56B007B; Tue, 11 Feb 2025 07:10:21 -0500 (EST)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 802816B0082; Tue, 11 Feb 2025 07:10:21 -0500 (EST)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 62E1A6B0083; Tue, 11 Feb 2025 07:10:21 -0500 (EST)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16])
	by kanga.kvack.org (Postfix) with ESMTP id 3B6E46B007B
	for <linux-mm@kvack.org>; Tue, 11 Feb 2025 07:10:21 -0500 (EST)
Received: from smtpin21.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay08.hostedemail.com (Postfix) with ESMTP id 67113141821
	for <linux-mm@kvack.org>; Tue, 11 Feb 2025 12:09:49 +0000 (UTC)
X-FDA: 83107544898.21.1D662CB
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124])
	by imf16.hostedemail.com (Postfix) with ESMTP id C4A4D180006
	for <linux-mm@kvack.org>; Tue, 11 Feb 2025 12:09:46 +0000 (UTC)
Authentication-Results: imf16.hostedemail.com;
	dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=MurKh2u8;
	spf=pass (imf16.hostedemail.com: domain of david@redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=david@redhat.com;
	dmarc=pass (policy=none) header.from=redhat.com
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1739275787;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=fO1oxPNk7yrmBODE7BKXBMDy5XzyubAISy1V0U5LvF4=;
	b=h5xG9Qay0GtiXTvrOypiM0VRcxFOYW4f3qPQG297eguzmZ6Nz24VXOopGyIJ+8w9BqZwSg
	Ku5red5aQbAeWfXpu8E1RaD3SzHxiGXIqRHNOd1R4GOvzVHTHmGiDCgMIDuOdQfLhPLErE
	xIS+QG3GiP9OudZSHTh3kvkyV6wDuRc=
ARC-Authentication-Results: i=1;
	imf16.hostedemail.com;
	dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=MurKh2u8;
	spf=pass (imf16.hostedemail.com: domain of david@redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=david@redhat.com;
	dmarc=pass (policy=none) header.from=redhat.com
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1739275787; a=rsa-sha256;
	cv=none;
	b=wKOHSwo/5RiG6iGU20ReTgR4ZASUQUp0+FcJISjyohXA9zSJiUObHp7Dgboo0jKC5qfxCG
	jyZYNGLQV49uIcqhpXs8jz2jRMbV8Db0YyBDm+rOIx+BxfGuOgcshwjE8z6O9FEJylXVvK
	Rytlvtje+EH07QNyaa8K+n2istTR+Po=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1739275786;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:autocrypt:autocrypt;
	bh=fO1oxPNk7yrmBODE7BKXBMDy5XzyubAISy1V0U5LvF4=;
	b=MurKh2u8xas5/8u9OFhu42l+G9e1J7vQoXgsvC7+2YRZSJTkqzzJMDMIe6o+B8O5yeaFw5
	qYSZFqxft+3fEeu8flfHeZOhzSpEgspArjVeM5HlC0fd/PB03SiIttaKxFnB2Xh1LkG1Y4
	Kp4FUYENtS72JDVPiS17CJMqf/Bw1io=
Received: from mail-ej1-f71.google.com (mail-ej1-f71.google.com
 [209.85.218.71]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id
 us-mta-1-KJSlUeAZNCCJRhyCWJsGbg-1; Tue, 11 Feb 2025 07:09:42 -0500
X-MC-Unique: KJSlUeAZNCCJRhyCWJsGbg-1
X-Mimecast-MFC-AGG-ID: KJSlUeAZNCCJRhyCWJsGbg_1739275781
Received: by mail-ej1-f71.google.com with SMTP id a640c23a62f3a-ab78a6342d7so397215066b.2
        for <linux-mm@kvack.org>; Tue, 11 Feb 2025 04:09:42 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1739275781; x=1739880581;
        h=content-transfer-encoding:in-reply-to:organization:autocrypt
         :content-language:from:references:cc:to:subject:user-agent
         :mime-version:date:message-id:x-gm-message-state:from:to:cc:subject
         :date:message-id:reply-to;
        bh=fO1oxPNk7yrmBODE7BKXBMDy5XzyubAISy1V0U5LvF4=;
        b=v55zJPK51ZCyrzqwAQE45XML8FEI4enXUr6xwgxqmzLP1ztwPWFd+ooO2NCnJhm6X8
         DOqUy5nsfNgjqz5rxPplB10BJLluIWRYrKYkzh5c0a3yI2FkAqVNv5dxIk5faEutxm90
         TOq6OEk9pnT+LqwAq0ctwXES61cTtxu7f0XpVeMeSGRQu6lS0V1GED+spzegEdDaqm2g
         MGGWTCqZQ+TNMEuOombKKGRwoDJSFGYca5y1uWjKVPj2VFjFhROj+jnNYRlRa+W9Wnxx
         7r+5yUinGrZYIaSMyapOq7QlRoKZZ4FY9XsF8xbRzBBJrpXpgUkfe/X/763+c4AYZ1EL
         sTrg==
X-Forwarded-Encrypted: i=1; AJvYcCW+TWCq7pk63OEFiXmNbeosCcoRjWIjS2D+oFJabKSdP1wOQaEoLVJJhXc+SZIeE98umb543tpfgA==@kvack.org
X-Gm-Message-State: AOJu0YyGMoP906RcW/vmiiPW5uRF2j/TvASN5TUF8pEh8R02Tw/sKXnY
	Nw+YDoTLZ0V1+eIYdcdy8VRcal7QV9JoSbCoY8Bz+WhOwyFe2hiS5OPyOJlETx0f6nqC0I/1NFE
	KaW+oBxkitsKTp8k1dpKg0iGufvs0EufaPLkWaX0HhGtvz9PT
X-Gm-Gg: ASbGncv42kcF6N3+fd84BPk09aqYKWVLAWYxOE4ejZNFUbKVHx7LQ1xGWnYTojb1/lk
	BjaldyhUy1slqe83vnng5nJmMfTZdtB1bh8E8+6EyxKg/bh4bdq6d8x+aJwbxb4dwbg70v10MZR
	sClLQf8u4cyLq8vxQxs7Yz/7Y0Vih2k/V/ijRlDYuuX86EEKf2/yB8uHH2LwnCFalu/KuelYJep
	Bng656x0tpZkVq1eGRmU/1qG+QgnJ0IXKKS5cm++IHqaOLR2wVbQ4SrJzx61fuh8HjN8MySZd63
	jjVEcMcSpTPnNsXertwoyljr3fYdivOhjlAoIz8=
X-Received: by 2002:a17:907:d507:b0:ab6:d4d0:2be9 with SMTP id a640c23a62f3a-ab7da5023bdmr283993366b.56.1739275781330;
        Tue, 11 Feb 2025 04:09:41 -0800 (PST)
X-Google-Smtp-Source: AGHT+IHEbs1MtVLltwibnkrnNTH+nFWZ/gMfsDyXy+1D6atnoYLXZpQt7n8m1lv8z51hnGexGBacQw==
X-Received: by 2002:a17:907:d507:b0:ab6:d4d0:2be9 with SMTP id a640c23a62f3a-ab7da5023bdmr283987366b.56.1739275780642;
        Tue, 11 Feb 2025 04:09:40 -0800 (PST)
Received: from ?IPV6:2a09:80c0:192:0:5dac:bf3d:c41:c3e7? ([2a09:80c0:192:0:5dac:bf3d:c41:c3e7])
        by smtp.gmail.com with ESMTPSA id a640c23a62f3a-ab7e1ce7ab7sm106831966b.171.2025.02.11.04.09.37
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Tue, 11 Feb 2025 04:09:39 -0800 (PST)
Message-ID: <bad8e013-3d01-4fe5-8783-c6d7e0e32a74@redhat.com>
Date: Tue, 11 Feb 2025 13:09:37 +0100
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: [REGRESSION] NULL pointer dereference on ARM (AT91SAM9G25) during
 compaction
To: Qi Zheng <zhengqi.arch@bytedance.com>
Cc: "Russell King (Oracle)" <linux@armlinux.org.uk>,
 Ezra Buehler <ezra@easyb.ch>, linux-mm@kvack.org,
 Andrew Morton <akpm@linux-foundation.org>,
 "Mike Rapoport (Microsoft)" <rppt@kernel.org>,
 Muchun Song <muchun.song@linux.dev>, Vlastimil Babka <vbabka@suse.cz>,
 Ryan Roberts <ryan.roberts@arm.com>,
 "Vishal Moola (Oracle)" <vishal.moola@gmail.com>,
 Hugh Dickins <hughd@google.com>, Matthew Wilcox <willy@infradead.org>,
 Peter Xu <peterx@redhat.com>, Nicolas Ferre <nicolas.ferre@microchip.com>,
 Alexandre Belloni <alexandre.belloni@bootlin.com>,
 Claudiu Beznea <claudiu.beznea@tuxon.dev>,
 open list <linux-kernel@vger.kernel.org>,
 linux-arm-kernel@lists.infradead.org
References: <CAM1KZSmZ2T_riHvay+7cKEFxoPgeVpHkVFTzVVEQ1BO0cLkHEQ@mail.gmail.com>
 <Z6oxUdrVBPd5ZTEu@shell.armlinux.org.uk>
 <5d50d714-197f-44c0-94e0-ff70ee51e866@bytedance.com>
 <34bcf011-b4ac-479c-92ce-852623e73039@redhat.com>
 <3f7babee-b232-4e6b-a896-947150dcd1ef@bytedance.com>
 <2b0bb476-5bd6-489a-9b9e-7aa20964abfa@redhat.com>
 <4e298f68-36ff-496a-81d2-7124f792180d@bytedance.com>
From: David Hildenbrand <david@redhat.com>
Autocrypt: addr=david@redhat.com; keydata=
 xsFNBFXLn5EBEAC+zYvAFJxCBY9Tr1xZgcESmxVNI/0ffzE/ZQOiHJl6mGkmA1R7/uUpiCjJ
 dBrn+lhhOYjjNefFQou6478faXE6o2AhmebqT4KiQoUQFV4R7y1KMEKoSyy8hQaK1umALTdL
 QZLQMzNE74ap+GDK0wnacPQFpcG1AE9RMq3aeErY5tujekBS32jfC/7AnH7I0v1v1TbbK3Gp
 XNeiN4QroO+5qaSr0ID2sz5jtBLRb15RMre27E1ImpaIv2Jw8NJgW0k/D1RyKCwaTsgRdwuK
 Kx/Y91XuSBdz0uOyU/S8kM1+ag0wvsGlpBVxRR/xw/E8M7TEwuCZQArqqTCmkG6HGcXFT0V9
 PXFNNgV5jXMQRwU0O/ztJIQqsE5LsUomE//bLwzj9IVsaQpKDqW6TAPjcdBDPLHvriq7kGjt
 WhVhdl0qEYB8lkBEU7V2Yb+SYhmhpDrti9Fq1EsmhiHSkxJcGREoMK/63r9WLZYI3+4W2rAc
 UucZa4OT27U5ZISjNg3Ev0rxU5UH2/pT4wJCfxwocmqaRr6UYmrtZmND89X0KigoFD/XSeVv
 jwBRNjPAubK9/k5NoRrYqztM9W6sJqrH8+UWZ1Idd/DdmogJh0gNC0+N42Za9yBRURfIdKSb
 B3JfpUqcWwE7vUaYrHG1nw54pLUoPG6sAA7Mehl3nd4pZUALHwARAQABzSREYXZpZCBIaWxk
 ZW5icmFuZCA8ZGF2aWRAcmVkaGF0LmNvbT7CwZgEEwEIAEICGwMGCwkIBwMCBhUIAgkKCwQW
 AgMBAh4BAheAAhkBFiEEG9nKrXNcTDpGDfzKTd4Q9wD/g1oFAl8Ox4kFCRKpKXgACgkQTd4Q
 9wD/g1oHcA//a6Tj7SBNjFNM1iNhWUo1lxAja0lpSodSnB2g4FCZ4R61SBR4l/psBL73xktp
 rDHrx4aSpwkRP6Epu6mLvhlfjmkRG4OynJ5HG1gfv7RJJfnUdUM1z5kdS8JBrOhMJS2c/gPf
 wv1TGRq2XdMPnfY2o0CxRqpcLkx4vBODvJGl2mQyJF/gPepdDfcT8/PY9BJ7FL6Hrq1gnAo4
 3Iv9qV0JiT2wmZciNyYQhmA1V6dyTRiQ4YAc31zOo2IM+xisPzeSHgw3ONY/XhYvfZ9r7W1l
 pNQdc2G+o4Di9NPFHQQhDw3YTRR1opJaTlRDzxYxzU6ZnUUBghxt9cwUWTpfCktkMZiPSDGd
 KgQBjnweV2jw9UOTxjb4LXqDjmSNkjDdQUOU69jGMUXgihvo4zhYcMX8F5gWdRtMR7DzW/YE
 BgVcyxNkMIXoY1aYj6npHYiNQesQlqjU6azjbH70/SXKM5tNRplgW8TNprMDuntdvV9wNkFs
 9TyM02V5aWxFfI42+aivc4KEw69SE9KXwC7FSf5wXzuTot97N9Phj/Z3+jx443jo2NR34XgF
 89cct7wJMjOF7bBefo0fPPZQuIma0Zym71cP61OP/i11ahNye6HGKfxGCOcs5wW9kRQEk8P9
 M/k2wt3mt/fCQnuP/mWutNPt95w9wSsUyATLmtNrwccz63XOwU0EVcufkQEQAOfX3n0g0fZz
 Bgm/S2zF/kxQKCEKP8ID+Vz8sy2GpDvveBq4H2Y34XWsT1zLJdvqPI4af4ZSMxuerWjXbVWb
 T6d4odQIG0fKx4F8NccDqbgHeZRNajXeeJ3R7gAzvWvQNLz4piHrO/B4tf8svmRBL0ZB5P5A
 2uhdwLU3NZuK22zpNn4is87BPWF8HhY0L5fafgDMOqnf4guJVJPYNPhUFzXUbPqOKOkL8ojk
 CXxkOFHAbjstSK5Ca3fKquY3rdX3DNo+EL7FvAiw1mUtS+5GeYE+RMnDCsVFm/C7kY8c2d0G
 NWkB9pJM5+mnIoFNxy7YBcldYATVeOHoY4LyaUWNnAvFYWp08dHWfZo9WCiJMuTfgtH9tc75
 7QanMVdPt6fDK8UUXIBLQ2TWr/sQKE9xtFuEmoQGlE1l6bGaDnnMLcYu+Asp3kDT0w4zYGsx
 5r6XQVRH4+5N6eHZiaeYtFOujp5n+pjBaQK7wUUjDilPQ5QMzIuCL4YjVoylWiBNknvQWBXS
 lQCWmavOT9sttGQXdPCC5ynI+1ymZC1ORZKANLnRAb0NH/UCzcsstw2TAkFnMEbo9Zu9w7Kv
 AxBQXWeXhJI9XQssfrf4Gusdqx8nPEpfOqCtbbwJMATbHyqLt7/oz/5deGuwxgb65pWIzufa
 N7eop7uh+6bezi+rugUI+w6DABEBAAHCwXwEGAEIACYCGwwWIQQb2cqtc1xMOkYN/MpN3hD3
 AP+DWgUCXw7HsgUJEqkpoQAKCRBN3hD3AP+DWrrpD/4qS3dyVRxDcDHIlmguXjC1Q5tZTwNB
 boaBTPHSy/Nksu0eY7x6HfQJ3xajVH32Ms6t1trDQmPx2iP5+7iDsb7OKAb5eOS8h+BEBDeq
 3ecsQDv0fFJOA9ag5O3LLNk+3x3q7e0uo06XMaY7UHS341ozXUUI7wC7iKfoUTv03iO9El5f
 XpNMx/YrIMduZ2+nd9Di7o5+KIwlb2mAB9sTNHdMrXesX8eBL6T9b+MZJk+mZuPxKNVfEQMQ
 a5SxUEADIPQTPNvBewdeI80yeOCrN+Zzwy/Mrx9EPeu59Y5vSJOx/z6OUImD/GhX7Xvkt3kq
 Er5KTrJz3++B6SH9pum9PuoE/k+nntJkNMmQpR4MCBaV/J9gIOPGodDKnjdng+mXliF3Ptu6
 3oxc2RCyGzTlxyMwuc2U5Q7KtUNTdDe8T0uE+9b8BLMVQDDfJjqY0VVqSUwImzTDLX9S4g/8
 kC4HRcclk8hpyhY2jKGluZO0awwTIMgVEzmTyBphDg/Gx7dZU1Xf8HFuE+UZ5UDHDTnwgv7E
 th6RC9+WrhDNspZ9fJjKWRbveQgUFCpe1sa77LAw+XFrKmBHXp9ZVIe90RMe2tRL06BGiRZr
 jPrnvUsUUsjRoRNJjKKA/REq+sAnhkNPPZ/NNMjaZ5b8Tovi8C0tmxiCHaQYqj7G2rgnT0kt
 WNyWQQ==
Organization: Red Hat
In-Reply-To: <4e298f68-36ff-496a-81d2-7124f792180d@bytedance.com>
X-Mimecast-Spam-Score: 0
X-Mimecast-MFC-PROC-ID: tY2om-wTFNMDhVEG7eW5QYqvWfCu-g7Ek8ZxU6TtnfI_1739275781
X-Mimecast-Originator: redhat.com
Content-Language: en-US
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
X-Rspamd-Queue-Id: C4A4D180006
X-Stat-Signature: zcxp9ka3ysyki6wnf4365c11jmmd3pqw
X-Rspam-User: 
X-Rspamd-Server: rspam01
X-HE-Tag: 1739275786-463950
X-HE-Meta: U2FsdGVkX1+FmRTchMUqDOwCrjhmfUCF7AWWv72Y7D15hqCmIA5W9X9v8f8IuzT7d0g4CDZNOwSFoIKfD+zxQm0GnG4U54ZulnmTLDpz6hZ485j3ljzlNhakfvhWWbNXz+mB6PZYpkNB1tApIlCK0/oSpkPE/P80zHBU8V0YdO11Xe3KNUP47qHW/weRcRWeUfZzdOnN0qWe8uXpshakCJKst7YqFEk4nXpqa5nH/G+yTJJ3FG4ZgnhggVe9lb8R0oHbHmlGdSNI/lKSWQZE6QTKxwp57W5fNPiBpfRAalb1fJ+tlBMpLfJfVGptuaaZDpWGYR2Y2rpl2b8Dsw+y7D9PZOHPiCTBF7PGiWl++sj4Ka9yi3RiGo+wVx0fRfaP0yAGBM7uaYZ0M7I1Rp3Xemcx521oriuULqr2iHLRnPMlaE9mXyeekRoifcuL2LKDjYRtTYCfsemaokbDt1K6+F5FI/uRdHtUjM/sAEawZDnI8aUFMw4IMXXxHrF+RJ7XKSikrKIoHORLS4DIk8ElFHS7l/rSL3EK/0b1VOPnaAE264bAm2hnZ/FzXHTP6otLWavWyI2MTcm+ewBdKXcvMLjWkKfTbcQ+IDdCdTbGTSFmx2j/Pw8gswggcqwZkSmYwl+WP2BE40umFzA04kHmbqE8qv1TIWau8eOq6ZHcvabas0ovZxgIFKAfVkAcKPh1MdKsAd6fyzaCzu3qj52mqfLyOjCLbOkgb1cbySNWY2jghbirfV68FQGzwx0FB16PfMHNzKGfVCPgsrZR+HmoIG479TW2UZzurjJmq8aRnHrqjJzwU6ERz5/2GUHNh+7ljHiY/gtNANndy3elC4u31VMcMW8d6GYuGkKha5p08+j7For3FuDslFPDZrXApDTfjSSJKEUxx+oR7xIcmTav94ZckKFad9udwTSelWcJ6XJh5F6X04DRnp/1J2R/pTf6SxAE5vO3PR/U04nD6Ow
 P4EYcUoo
 Emu61JAWGl/DJJXBLvGaN25A8p74PAea6516VDFqhYXkyP9OROQhDI3Un6bj6EgnjCU7kbBZlGqYIheouppky4MSkcEDMnL8iatsgjYjREwry/9E+/4Bv9SLN2s0P4Ao8Kdd/YuehVVa/9+zDAu8f6a+z9VPfHHvpDIiMuH9edxGmpAjlLpJevS9Z0s7nwWub7tfPL3rPwb4C2BvfHPCfM4dOz+0/qUYPxH76bCLHQUxCPUFm81IqU0bkj10Vtw/tvHFY+naRsslvOQtL3vhPvvE68mdb/JENfPZoijVopr6TRW/6sCOjXPSbiz9/ld9wSdhDt5wq1oN1Z8wjd//P+owuJ4nKTo5YUW3M990DvIrHzMPCORTZVqAwb6X7hlRwatX3qYC2vEsXLJAUqjkfeF8+L988K62IDqAcrqwpzUGpn0q5Wt73uAzq08nla5hp3w7jzuOe1dOckPknAwbUDii/s6/t97kBwiET5Rv3xardiar5y7E7WL0WPp8+hIAJmMq9wk767rijZp5k5nK6zzr1OVKmRDd7KDGjVsV+g0cloLA=
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
List-Subscribe: <mailto:majordomo@kvack.org>
List-Unsubscribe: <mailto:majordomo@kvack.org>

On 11.02.25 10:43, Qi Zheng wrote:
> 
> 
> On 2025/2/11 17:37, David Hildenbrand wrote:
>> On 11.02.25 10:29, Qi Zheng wrote:
>>>
>>>
>>> On 2025/2/11 17:14, David Hildenbrand wrote:
>>>> On 11.02.25 04:45, Qi Zheng wrote:
>>>>> Hi Russell,
>>>>>
>>>>> On 2025/2/11 01:03, Russell King (Oracle) wrote:
>>>>>> On Mon, Feb 10, 2025 at 05:49:38PM +0100, Ezra Buehler wrote:
>>>>>>> When running vanilla Linux 6.13 or newer (6.14-rc2) on the
>>>>>>> AT91SAM9G25-based GARDENA smart Gateway, we are seeing a NULL pointer
>>>>>>> dereference resulting in a kernel panic. The culprit seems to be
>>>>>>> commit
>>>>>>> fc9c45b71f43 ("arm: adjust_pte() usepte_offset_map_rw_nolock()").
>>>>>>> Reverting the commit apparently fixes the issue.
>>>>>>
>>>>>> The blamed commit is buggy:
>>>>>>
>>>>>> arch/arm/include/asm/tlbflush.h:
>>>>>> #define update_mmu_cache(vma, addr, ptep) \
>>>>>>             update_mmu_cache_range(NULL, vma, addr, ptep, 1)
>>>>>>
>>>>>> So vmf can be NULL. This didn't used to matter before this commit,
>>>>>> because vmf was not used by ARM's update_mmu_cache_range(). However,
>>>>>> the commit introduced a dereference of it, which now causes a NULL
>>>>>> point dereference.
>>>>>>
>>>>>> Not sure what the correct solution is, but at a guess, both:
>>>>>>
>>>>>>       if (ptl != vmf->ptl)
>>>>>>
>>>>>> need to become:
>>>>>>
>>>>>>       if (!vmf || ptl != vmf->ptl)
>>>>>
>>>>> No, we can't do that, because without using split PTE locks, we would
>>>>> use shared mm->page_table_lock, which would create a deadlock.
>>>>
>>>> Maybe we can simply special-case on CONFIG_SPLIT_PTE_PTLOCKS ?
>>>>
>>>> if (IS_ENABLED(CONFIG_SPLIT_PTE_PTLOCKS)) {
>>>
>>> In this case, if two vmas map the same PTE page, then the same PTE lock
>>> will be held repeatedly. Right?
>>
>> Hmm, the comment says:
>>
>>           /*
>>            * This is called while another page table is mapped, so we
>>            * must use the nested version.  This also means we need to
>>            * open-code the spin-locking.
>>            */
>>
>> "another page table" implies that it cannot be the same. But maybe that
>> comment was also wrong?
> 
> I don't see make_coherent() ensuring this when traversing vma.

Right, we could just have the same file range mapped MAP_SHARED into the 
same page table using two VMAs ... I suspect writing a reproducer for 
the deadlock should be easy.

I therefore propose the following changes:
> 
> diff --git a/arch/arm/mm/fault-armv.c b/arch/arm/mm/fault-armv.c
> index 2bec87c3327d2..dddbca9a2597e 100644
> --- a/arch/arm/mm/fault-armv.c
> +++ b/arch/arm/mm/fault-armv.c
> @@ -61,8 +61,41 @@ static int do_adjust_pte(struct vm_area_struct *vma,
> unsigned long address,
>           return ret;
>    }
> 
> +#if defined(CONFIG_SPLIT_PTE_PTLOCKS)
> +/*
> + * If we are using split PTE locks, then we need to take the pte
> + * lock here.  Otherwise we are using shared mm->page_table_lock
> + * which is already locked, thus cannot take it.
> + */
> +static inline bool do_pte_lock(spinlock_t *ptl, pmd_t pmdval, pmd_t *pmd)
> +{
> +       /*
> +        * Use nested version here to indicate that we are already
> +        * holding one similar spinlock.
> +        */
> +       spin_lock_nested(ptl, SINGLE_DEPTH_NESTING);
> +       if (unlikely(!pmd_same(pmdval, pmdp_get_lockless(pmd)))) {
> +               spin_unlock(ptl);
> +               return false;
> +       }
> +
> +       return true;
> +}
> +
> +static inline void do_pte_unlock(spinlock_t *ptl)
> +{
> +       spin_unlock(ptl);
> +}
> +#else /* !defined(CONFIG_SPLIT_PTE_PTLOCKS) */
> +static inline bool do_pte_lock(spinlock_t *ptl)
> +{
> +       return true;
> +}
> +static inline void do_pte_unlock(spinlock_t *ptl) {}
> +#endif /* defined(CONFIG_SPLIT_PTE_PTLOCKS) */
> +
>    static int adjust_pte(struct vm_area_struct *vma, unsigned long address,
> -                     unsigned long pfn, struct vm_fault *vmf)
> +                     unsigned long pfn)
>    {
>           spinlock_t *ptl;
>           pgd_t *pgd;
> @@ -99,23 +132,14 @@ static int adjust_pte(struct vm_area_struct *vma,
> unsigned long address,
>           if (!pte)
>                   return 0;
> 
> -       /*
> -        * If we are using split PTE locks, then we need to take the page
> -        * lock here.  Otherwise we are using shared mm->page_table_lock
> -        * which is already locked, thus cannot take it.
> -        */
> -       if (ptl != vmf->ptl) {
> -               spin_lock_nested(ptl, SINGLE_DEPTH_NESTING);
> -               if (unlikely(!pmd_same(pmdval, pmdp_get_lockless(pmd)))) {
> -                       pte_unmap_unlock(pte, ptl);
> -                       goto again;
> -               }
> +       if (!do_pte_lock(ptl, pmdval, pmd)) {
> +               pte_unmap(pte);
> +               goto again;
>           }
> 
>           ret = do_adjust_pte(vma, address, pfn, pte);
> 
> -       if (ptl != vmf->ptl)
> -               spin_unlock(ptl);
> +       do_pte_unlock(ptl);
>           pte_unmap(pte);
> 
>           return ret;
> @@ -123,16 +147,17 @@ static int adjust_pte(struct vm_area_struct *vma,
> unsigned long address,
> 
>    static void
>    make_coherent(struct address_space *mapping, struct vm_area_struct *vma,
> -             unsigned long addr, pte_t *ptep, unsigned long pfn,
> -             struct vm_fault *vmf)
> +             unsigned long addr, pte_t *ptep, unsigned long pfn)
>    {
>           struct mm_struct *mm = vma->vm_mm;
>           struct vm_area_struct *mpnt;
>           unsigned long offset;
> +       unsigned long start;
>           pgoff_t pgoff;
>           int aliases = 0;
> 
>           pgoff = vma->vm_pgoff + ((addr - vma->vm_start) >> PAGE_SHIFT);
> +       start = ALIGN_DOWN(addr, PMD_SIZE);
> 
>           /*
>            * If we have any shared mappings that are in the same mm
> @@ -141,6 +166,8 @@ make_coherent(struct address_space *mapping, struct
> vm_area_struct *vma,
>            */
>           flush_dcache_mmap_lock(mapping);
>           vma_interval_tree_foreach(mpnt, &mapping->i_mmap, pgoff, pgoff) {
> +               unsigned long mpnt_addr;
> +
>                   /*
>                    * If this VMA is not in our MM, we can ignore it.
>                    * Note that we intentionally mask out the VMA
> @@ -151,7 +178,14 @@ make_coherent(struct address_space *mapping, struct
> vm_area_struct *vma,
>                   if (!(mpnt->vm_flags & VM_MAYSHARE))
>                           continue;
>                   offset = (pgoff - mpnt->vm_pgoff) << PAGE_SHIFT;
> -               aliases += adjust_pte(mpnt, mpnt->vm_start + offset,
> pfn, vmf);
> +               mpnt_addr = mpnt->vm_start + offset;
> +               /*
> +                * If mpnt_addr and addr are mapped to the same PTE page,
> +                * also skip this vma.
> +                */
> +               if (mpnt_addr >= start && mpnt_addr - start < PMD_SIZE)
> +                       continue;

Hmm, but is skipping the right thing to do? Maybe you would want to 
indicate to adjust_pte() whether it must take the PTL or not.

I did not study that code in detail, though ...

-- 
Cheers,

David / dhildenb