From: Alistair Popple <apopple@nvidia.com>
To: Wupeng Ma <mawupeng1@huawei.com>
Cc: catalin.marinas@arm.com, will@kernel.org, ryan.roberts@arm.com,
anshuman.khandual@arm.com, akpm@linux-foundation.org,
peterx@redhat.com, joey.gouly@arm.com, yangyicong@hisilicon.com,
ioworker0@gmail.com, baohua@kernel.org, jack@suse.cz,
linux-arm-kernel@lists.infradead.org, linux-mm@kvack.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH] arm64: dax: add devmap check for pmd_trans_huge
Date: Wed, 9 Apr 2025 09:05:43 +1000 [thread overview]
Message-ID: <qzqanugi6qbbucxp2fn2456t4n7q4lj2enhzf4z767jpcbgacu@37cowlipfmgo> (raw)
In-Reply-To: <20250408085914.1946183-1-mawupeng1@huawei.com>
On Tue, Apr 08, 2025 at 04:59:14PM +0800, Wupeng Ma wrote:
> During our test in ext4 dax linux-v5.10 on arm64. A BUG_ON is trigger in
> follow_invalidate_pte as follow since this pmd is seem as pmd_trans_huge.
> However this page is really a dax-pmds rather than a pmd trans huge.
>
> Call trace is shown as follow:
>
> ------------[ cut here ]------------
> kernel BUG at mm/memory.c:5185!
> CPU: 0 PID: 150 Comm: kworker/u8:10 Not tainted 5.10.0-01678-g1e62aad66bbc-dirty #36
This is an old kernel, and I couldn't correlate the line number of the BUG_ON()
probably because you have patches applied. But I assume this is the VM_BUG_ON()
in follow_invalidate_pte()? Does this issue reproduce on more recent kernel
versions (eg. v6.13)? Or some other upstream kernel version?
> pc : follow_invalidate_pte+0xdc/0x5e0
> lr : follow_invalidate_pte+0xc4/0x5e0
> sp : ffffa00012997110
> Call trace:
> follow_invalidate_pte+0xdc/0x5e0
> dax_entry_mkclean+0x250/0x870
> dax_writeback_one+0xac/0x380
> dax_writeback_mapping_range+0x22c/0x704
> ext4_dax_writepages+0x234/0x6e4
> do_writepages+0xc8/0x1c0
> __writeback_single_inode+0xb8/0x560
> writeback_sb_inodes+0x344/0x7a0
> wb_writeback+0x1f8/0x6b0
> wb_do_writeback+0x194/0x3cc
> wb_workfn+0x14c/0x590
> process_one_work+0x470/0xa30
> worker_thread+0xac/0x510
> kthread+0x1e0/0x220
> ret_from_fork+0x10/0x18
> ---[ end trace 0f479050bd4b1818 ]---
> Kernel panic - not syncing: Oops - BUG: Fatal exception
> ---[ end Kernel panic - not syncing: Oops - BUG: Fatal exception ]---
>
> Commit 5c7fb56e5e3f ("mm, dax: dax-pmd vs thp-pmd vs hugetlbfs-pmd") and
> commit 36b78402d97a ("powerpc/hash64/devmap: Use H_PAGE_THP_HUGE when
> setting up huge devmap PTE entries") already check pmd_devmap during
> checking pmd_trans_huge. Since pmd_devmap() is used to distinguish dax-pmds,
> add the same check for arm64 to fix this problem.
That seems correct to me. In practice most callers of pmd_trans_huge() that can
see a dax-pmd already check for it explicitly with vma_is_dax(), but there are a
few cases that don't.
> Add PTE_DEVMAP in pte_modify as commit 4628a64591e6 ("mm: Preserve
> _PAGE_DEVMAP across mprotect() calls") does to avoid the same issue in
> mprotect.
>
> Fixes: 73b20c84d42d ("arm64: mm: implement pte_devmap support")
> Signed-off-by: Wupeng Ma <mawupeng1@huawei.com>
> ---
> arch/arm64/include/asm/pgtable.h | 5 +++--
> 1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/arch/arm64/include/asm/pgtable.h b/arch/arm64/include/asm/pgtable.h
> index d3b538be1500b..b9a618127c01b 100644
> --- a/arch/arm64/include/asm/pgtable.h
> +++ b/arch/arm64/include/asm/pgtable.h
> @@ -740,7 +740,7 @@ static inline int pmd_trans_huge(pmd_t pmd)
> * as a table, so force the valid bit for the comparison.
> */
> return pmd_val(pmd) && pmd_present(pmd) &&
> - !pmd_table(__pmd(pmd_val(pmd) | PTE_VALID));
> + !pmd_table(__pmd(pmd_val(pmd) | PTE_VALID)) && !pmd_devmap(pmd);
> }
> #endif /* CONFIG_TRANSPARENT_HUGEPAGE */
>
> @@ -1186,7 +1186,8 @@ static inline pte_t pte_modify(pte_t pte, pgprot_t newprot)
> */
> const pteval_t mask = PTE_USER | PTE_PXN | PTE_UXN | PTE_RDONLY |
> PTE_PRESENT_INVALID | PTE_VALID | PTE_WRITE |
> - PTE_GP | PTE_ATTRINDX_MASK | PTE_PO_IDX_MASK;
> + PTE_GP | PTE_ATTRINDX_MASK | PTE_PO_IDX_MASK |
> + PTE_DEVMAP;
>
> /* preserve the hardware dirty information */
> if (pte_hw_dirty(pte))
> --
> 2.43.0
>
>
next prev parent reply other threads:[~2025-04-08 23:05 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-04-08 8:59 Wupeng Ma
2025-04-08 23:05 ` Alistair Popple [this message]
2025-04-09 1:08 ` mawupeng
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=qzqanugi6qbbucxp2fn2456t4n7q4lj2enhzf4z767jpcbgacu@37cowlipfmgo \
--to=apopple@nvidia.com \
--cc=akpm@linux-foundation.org \
--cc=anshuman.khandual@arm.com \
--cc=baohua@kernel.org \
--cc=catalin.marinas@arm.com \
--cc=ioworker0@gmail.com \
--cc=jack@suse.cz \
--cc=joey.gouly@arm.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mawupeng1@huawei.com \
--cc=peterx@redhat.com \
--cc=ryan.roberts@arm.com \
--cc=will@kernel.org \
--cc=yangyicong@hisilicon.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox