From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 17D0AD1AD43
	for <linux-mm@archiver.kernel.org>; Wed, 16 Oct 2024 10:58:44 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 87B9B6B007B; Wed, 16 Oct 2024 06:58:44 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 803BE6B0082; Wed, 16 Oct 2024 06:58:44 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 67C666B0083; Wed, 16 Oct 2024 06:58:44 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12])
	by kanga.kvack.org (Postfix) with ESMTP id 45D6F6B007B
	for <linux-mm@kvack.org>; Wed, 16 Oct 2024 06:58:44 -0400 (EDT)
Received: from smtpin30.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay02.hostedemail.com (Postfix) with ESMTP id CD9E8121CB8
	for <linux-mm@kvack.org>; Wed, 16 Oct 2024 10:58:34 +0000 (UTC)
X-FDA: 82679167116.30.CA8C098
Received: from mail-oi1-f179.google.com (mail-oi1-f179.google.com [209.85.167.179])
	by imf13.hostedemail.com (Postfix) with ESMTP id 38DE620008
	for <linux-mm@kvack.org>; Wed, 16 Oct 2024 10:58:32 +0000 (UTC)
Authentication-Results: imf13.hostedemail.com;
	dkim=pass header.d=bytedance.com header.s=google header.b=F3EISGuT;
	spf=pass (imf13.hostedemail.com: domain of zhengqi.arch@bytedance.com designates 209.85.167.179 as permitted sender) smtp.mailfrom=zhengqi.arch@bytedance.com;
	dmarc=pass (policy=quarantine) header.from=bytedance.com
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1729076248; a=rsa-sha256;
	cv=none;
	b=nXQGC9RSofqf4NVqRiyI/VmGEd4ATrGsbV466LxQLn9TlGRQo0bWsV2Ysaq9WEc+E2KdsZ
	twtCehtQNPSR1ezPjf1zsQ/Q2QsXrpruhsmmqcI06RKIBrRrIUziBLIvtz1QDFv0aLPAvw
	NRgNPUbMaK01ZxgEkDTadoLShq6hOW8=
ARC-Authentication-Results: i=1;
	imf13.hostedemail.com;
	dkim=pass header.d=bytedance.com header.s=google header.b=F3EISGuT;
	spf=pass (imf13.hostedemail.com: domain of zhengqi.arch@bytedance.com designates 209.85.167.179 as permitted sender) smtp.mailfrom=zhengqi.arch@bytedance.com;
	dmarc=pass (policy=quarantine) header.from=bytedance.com
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1729076248;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=4V9uAkOemoBS+UOiRuVxaXC25eKKhe+qrnOqSnxMzh8=;
	b=IyvD02ZTt2O0wCcqje1JXlcHtj8AvTSe8w/xnEVCVM4KnKc+XlKe1JEAFGRNsIPCrS2+c6
	BC2qw+MqtzAUb1GONnkpVht/uyn1mDblU6ju2g2PopJonpdPk/QulTyCOP0qWrh4Kk9hJZ
	5hhGch5DTZAYrRFv8lYsXxrw0JMRmI4=
Received: by mail-oi1-f179.google.com with SMTP id 5614622812f47-3e57872eb49so2223953b6e.0
        for <linux-mm@kvack.org>; Wed, 16 Oct 2024 03:58:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=bytedance.com; s=google; t=1729076320; x=1729681120; darn=kvack.org;
        h=content-transfer-encoding:in-reply-to:content-language:from
         :references:cc:to:subject:user-agent:mime-version:date:message-id
         :from:to:cc:subject:date:message-id:reply-to;
        bh=4V9uAkOemoBS+UOiRuVxaXC25eKKhe+qrnOqSnxMzh8=;
        b=F3EISGuTkUChxyhzfKVFUoYH58HA1R8C8rWhJn1bJJDQQqy9k0BEdCiaGs1FMhha5S
         MUsuBEHv5TloVztucIWhu/urWSzj/65D2ledLQuB0VclHFd1BK15T4HkDuQmKA+usmHa
         +t66b9qD24u7cdzth2BqNDYM1Bw9Mf/gbjrlyqJmm6e54lwGDkFSyzKpBAybomTZU8yt
         n88xVFo3peSF7DWbrvgTBswy9y5wmaDMJLLNZySu/YMQ+Q7BkOuWbeIu7nHrWsGJi5aY
         Lh3rMi9FrziNTrOCifvBRbJXpeVn+6smiNwzSlOurCao2zKQBsdwtHOibR1NedcA9aKD
         GtSg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1729076320; x=1729681120;
        h=content-transfer-encoding:in-reply-to:content-language:from
         :references:cc:to:subject:user-agent:mime-version:date:message-id
         :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=4V9uAkOemoBS+UOiRuVxaXC25eKKhe+qrnOqSnxMzh8=;
        b=dwZpjx/XHCGqrA+gG+loaRKOUjSOHY461WUq7bB+pF3RZe0u50EP03dVD0ebmwJyhj
         DjmaQCHh10wfTaEcVkR+LzjbTbEkyv2bvFh6skPcWlBhOLsUgT3YXfvJ/JXnhG/1BOgs
         wfp4P6v6I0I6qLyUf2gqYCmlLc+tq5BB8Ej6j27IrE68Mmxs0zZt1g6s+O8iBIpCUmcZ
         bfTRErq5m0oXE3s14QCo4sYoKGex5PRF+rJNcAaddtjbl6Mn0ZttIK7suocsMuBdLeL2
         aBoBx2Ym7MLhn5t6MVUN4qcJRZqHOHk4XskXQZXJXukG4OkGCWhjkucjCkWINQucc8I0
         4Kpg==
X-Forwarded-Encrypted: i=1; AJvYcCX2fDXyHnLHjmizDMNvoxf2XUDSIAI3uJOqMhoUqnT+Hf3/+edEX8GQDJQIPzxrJYj67X5cM0OhOQ==@kvack.org
X-Gm-Message-State: AOJu0Yw8NCokppZ9E6M3XqevLTACuSZPbDfUBJhpamRisS6GT/eMonvU
	vbBbhgaEqVeCy+kLY6yVBFP1xcn9cVsouFrebjupWjCM7HlGi5VsXQaOAtXzLk4=
X-Google-Smtp-Source: AGHT+IE7gol+mLNQ2oP7eKHsCKiOCW9yBgEJ5GnKroOUWJxwrAQDQs0BVHFEzCeZsiuAQ7+RqmdoCg==
X-Received: by 2002:a05:6808:2e4d:b0:3e5:f7bb:1ce7 with SMTP id 5614622812f47-3e5f7bb1effmr671655b6e.38.1729076319764;
        Wed, 16 Oct 2024 03:58:39 -0700 (PDT)
Received: from [10.84.149.95] ([63.216.146.178])
        by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-7ea9c6bb02dsm3027512a12.4.2024.10.16.03.58.36
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Wed, 16 Oct 2024 03:58:39 -0700 (PDT)
Message-ID: <c364015e-ab37-411d-b2e9-4e7b10effdf5@bytedance.com>
Date: Wed, 16 Oct 2024 18:58:33 +0800
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: [PATCH v1] mm/pagewalk: fix usage of pmd_leaf()/pud_leaf()
 without present check
To: David Hildenbrand <david@redhat.com>
Cc: linux-kernel@vger.kernel.org, linux-mm@kvack.org,
 syzbot+7d917f67c05066cec295@syzkaller.appspotmail.com,
 Andrew Morton <akpm@linux-foundation.org>, Jann Horn <jannh@google.com>
References: <20241015111236.1290921-1-david@redhat.com>
 <4898fdf4-7c88-4697-9df4-64fd8a900e95@redhat.com>
From: Qi Zheng <zhengqi.arch@bytedance.com>
Content-Language: en-US
In-Reply-To: <4898fdf4-7c88-4697-9df4-64fd8a900e95@redhat.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
X-Stat-Signature: bgeotpk99u58j16ua5qzkd6sndyxq6u7
X-Rspamd-Queue-Id: 38DE620008
X-Rspam-User: 
X-Rspamd-Server: rspam10
X-HE-Tag: 1729076312-587940
X-HE-Meta: U2FsdGVkX1/3IhmLuXuIPWfWRcz91b6/Bkj3AOW+Q8iFQNUI1wdmdqL6cuHEftASeJO7hR59TAA7GnnIpkSQiqlusXy1gTz+Zuae+TmXLQ0XJZLLfhUCB41QvqALf+wz7RHKfuz0cOk5WCXsu7zHA0nmldvZ01WuHDLzdkf+bnbjSHfxPWgg/5Qh7JlBJvV0yzoOODZc3rpwzco3rZtTXyaSNqk65jALeMMQ/CkrEXgIHy5EfwPgDlyu0mVjpnr8+QlW+u0PIM2hAdxvUdjmju6uNGkr+1KCWiCx5xDcyACpCm2Iu1LDUtCme8ZGk8UtTOqgknLfct0X70g62VjyfuyV7sR7pMK9GA+cbUKO1j0bvcVMqIOzTMJGTJhwfgYao6ajclV3N4SOfUDbIPUvvl1jaoKwWEIEuF/ciyMnF7DL/IFrUSlwo8c6xKefNWq7e3yBW2ML1CiNnxxxKkXrMr3eSM9JcrVMQcNBMiXtUE4A0G0hP3PlustvlSxfQM0a+561iq66CB8K8ATQz0c/A6Zx5X0buxaan93vcsXIiRTfZ49LUw2QZrReQCVBauOcKnI54NmsrFhsYj778pO1RvpGDStNln3qG0iKhkYeTs9tqeu8TzRYLI5W6t7uS4PQ+SMGghCTlT/qKQEf6/Mh6bAgaIEC7ZWlIE5eex1M25Zv8mdu8O+I0cwZ7Qw0/OgUFSFJb0fUUHClvf+BTFZobQmisYbCvIUdcNBpzipPjR6ELhB5xTn+62W5+502EgBgDCIEPBCvi9E27ou7P7eCA20Dt/tId6lG/eDFtJx6jXC5qL+4EZcgAy9HAi45xJoGDvqzCFo5qJRCqbIAlcSmkbUO8s+0QgQ+W0Dr4p+Tjh0y75/qXyeNUfEir/uNu7R/bsfmG5dvmoSQFb6m7iZ5pt7i7Wll2NwRrYAwO9lbMnzPtrFmhxXFPKPXPGokoy4+hRDT3Jsry295hm0WAvl
 sdMNdYJG
 SmVN+LxHfl1RTzJMus9ZHDAsXoKPdPWBSZKyGJSaWieB93RL3gtn605SlH3bmr3vT1/KRR7CllRoBVzxQtjABAaeVkIHnx0JdqqIGA/bdwJNERJezIv9nmWyQrFyPplZiwIfBf+qCmdtj4A4tJTHdoSoepZePuFwS0MXDC6BWN5KVUySz1c9viWMjmVSY0ESB9Z5VzQaRC5luTFtqoKT3Vk337+y8hdPQnp4wmg/cw8C6l8AoiDt+m9fN5svPQlvp8Z2q29ShhU5BMFXXzQDxnm/Q2W6lrinPVg95XNKYpY6G5ZsWupTVxRDbBgaI3aHohGBwojz8cq8b3Ouqc/xTMHBqq1LyCs8UZkB18Va1tpu3mr2e827RNHnMQjgKD/I9hCSlPpBYSF53B35dPdzm6Oad3RFUy4ISb6VD1rvf3nzfpJjcwySmbJNoXf2ShjlPsHaCa92aXTuQ++e8k/fpkZnK/RU0KDEAdECsQomYSGkdJMeuNVDMLDw2IFMio+x7kqkj6/Jerh7/531IVDNmRFasdlFwoYx7/zi0mUhRVZ4PjGyS5m2nCJU8yehTPlKk29HqODqKWt3j20oYlSdaIIipDTMTmUDL8tH1ZdOzMhGftsIjfQk+9fM0I7/nQIBTY73rAfO1u+WdRYEEz9aeKaJlTdiEeAK1xzG1p0gZB5Ffkc8dD194ZJYQ0xrrVE1ji5j28joUjgYirB2OXBFe2tSVqHE6nUwt9XMPMzNKyu9WEtI=
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
List-Subscribe: <mailto:majordomo@kvack.org>
List-Unsubscribe: <mailto:majordomo@kvack.org>



On 2024/10/15 21:13, David Hildenbrand wrote:
> On 15.10.24 13:12, David Hildenbrand wrote:
>> pmd_leaf()/pud_leaf() only implies a pmd_present()/pud_present() check on
>> some architectures. We really should check for
>> pmd_present()/pud_present() first.
>>
>> This should explain the report we got on ppc64 (which has
>> CONFIG_PGTABLE_HAS_HUGE_LEAVES set in the config) that triggered:
>>     VM_WARN_ON_ONCE(pmd_leaf(pmdp_get_lockless(pmdp)));
>>
>> Likely we had a PMD migration entry for which pmd_leaf() did not
>> trigger. We raced with restoring the PMD migration entry, and suddenly
>> saw a pmd_leaf(). In this case, pte_offset_map_lock() saved us from more
>> trouble, because it rechecks the PMD value, but we would not have 
>> processed
>> the migration entry -- which is not too bad because the only user of
>> FW_MIGRATION is KSM for unsharing, and KSM only applies to small folios.
>>
>> Further, we shouldn't re-read the PMD/PUD value for our warning, the
>> primary purpose of the VM_WARN_ON_ONCE() is to find spurious use of
>> pmd_leaf()/pud_leaf() without CONFIG_PGTABLE_HAS_HUGE_LEAVES.
>>
>> As a side note, we are currently not implementing FW_MIGRATION support
>> for PUD migration entries, which likely should exist due to hugetlb. Add
>> a TODO so this won't fall through the cracks if more FW_MIGRATION users
>> get added.
>>
>> Fixes: aa39ca6940f1 ("mm/pagewalk: introduce folio_walk_start() + 
>> folio_walk_end()")
>> Reported-by: syzbot+7d917f67c05066cec295@syzkaller.appspotmail.com
>> Closes: 
>> https://lkml.kernel.org/r/670d3248.050a0220.3e960.0064.GAE@google.com
>> Cc: Andrew Morton <akpm@linux-foundation.org>
>> Cc: Jann Horn <jannh@google.com>
>> Signed-off-by: David Hildenbrand <david@redhat.com>
>> ---
> 
> Was able to write a quick reproducer and verify that the issue no longer 
> triggers with this fix.
> 
> https://gitlab.com/davidhildenbrand/scratchspace/-/blob/main/reproducers/move-pages-pmd-leaf.c
> 
> Without this fix after a couple of seconds in a VM with 2 NUMA nodes:
> 
> [   54.333753] ------------[ cut here ]------------
> [   54.334901] WARNING: CPU: 20 PID: 1704 at mm/pagewalk.c:815 
> folio_walk_start+0x48f/0x6e0
> [   54.336455] Modules linked in: ...
> [   54.345009] CPU: 20 UID: 0 PID: 1704 Comm: move-pages-pmd- Not 
> tainted 6.12.0-rc2+ #81
> [   54.346529] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 
> 1.16.3-2.fc40 04/01/2014
> [   54.348191] RIP: 0010:folio_walk_start+0x48f/0x6e0
> [   54.349134] Code: b5 ad 48 8d 35 00 00 00 00 e8 6d 59 d7 ff e8 08 74 
> da ff e9 9c fe ff ff 4c 8b 7c 24 08 4c 89 ff e8 26 2b be 00 e9 8a fe ff 
> ff <0f> 0b e9 ec fe ff ff f7 c2 ff 0f 00 00 0f 85 81 fe ff ff 48 8b 02
> [   54.352660] RSP: 0018:ffffb7e4c430bc78 EFLAGS: 00010282
> [   54.353679] RAX: 80000002a3e008e7 RBX: ffff9946039aa580 RCX: 
> ffff994380000000
> [   54.355056] RDX: ffff994606aec000 RSI: 00007f004b000000 RDI: 
> 0000000000000000
> [   54.356440] RBP: 00007f004b000000 R08: 0000000000000591 R09: 
> 0000000000000001
> [   54.357820] R10: 0000000000000200 R11: 0000000000000001 R12: 
> ffffb7e4c430bd10
> [   54.359198] R13: ffff994606aec2c0 R14: 0000000000000002 R15: 
> ffff994604a89b00
> [   54.360564] FS:  00007f004ae006c0(0000) GS:ffff9947f7400000(0000) 
> knlGS:0000000000000000
> [   54.362111] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [   54.363242] CR2: 00007f004adffe58 CR3: 0000000281e12005 CR4: 
> 0000000000770ef0
> [   54.364615] PKRU: 55555554
> [   54.365153] Call Trace:
> [   54.365646]  <TASK>
> [   54.366073]  ? __warn.cold+0xb7/0x14d
> [   54.366796]  ? folio_walk_start+0x48f/0x6e0
> [   54.367628]  ? report_bug+0xff/0x140
> [   54.368324]  ? handle_bug+0x58/0x90
> [   54.369019]  ? exc_invalid_op+0x17/0x70
> [   54.369771]  ? asm_exc_invalid_op+0x1a/0x20
> [   54.370606]  ? folio_walk_start+0x48f/0x6e0
> [   54.371415]  ? folio_walk_start+0x9e/0x6e0
> [   54.372227]  do_pages_move+0x1c5/0x680
> [   54.372972]  kernel_move_pages+0x1a1/0x2b0
> [   54.373804]  __x64_sys_move_pages+0x25/0x30

It would be better to add this call stack to the commit message, which
can help people find this fix patch when they encounter same problem. ;)

Otherwise, LGTM.

Acked-by: Qi Zheng <zhengqi.arch@bytedance.com>

Thanks!

> 
> 
> 
>