| Message ID | 20221116083811.464678-2-liushixin2@huawei.com |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a5d:6687:0:0:0:0:0 with SMTP id l7csp12027wru;
Tue, 15 Nov 2022 23:56:19 -0800 (PST)
X-Google-Smtp-Source:
AA0mqf79qJEH41YP414FoKrU93+YSp6XuBEiqGu1iDQSbnUVDKG2lDBTmCiowCNVXpq/Syt+Y8RX
X-Received: by 2002:aa7:de88:0:b0:458:b42e:46e6 with SMTP id
j8-20020aa7de88000000b00458b42e46e6mr18342012edv.375.1668585379744;
Tue, 15 Nov 2022 23:56:19 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1668585379; cv=none;
d=google.com; s=arc-20160816;
b=UemvZgtPpsZZ3t/t4rNCQnP0cyGXm4Lvsnz3Iz4t2HokS5pjy9RE5qhdaBH3X8xZK6
ojMzLlJi1TFaxkLTTVoW2bvOy+n/0LIW/jW3ZCT/m2rqytbavZL8T114sVoFyAX/BVG4
OHN63U9j5jVNFIKtKZYxsErfAh0sIWl6TyTkUwrws4Jj1chPvd6l28tbbLl+z15hzTv1
QmJlpWjRwoWCAkpkCO45izY2mtO981o7He9HLSlbofkrWxziU+jYl3Ytqhmoh/MW4tM6
4X7KVGDC2gqR2NhTN+806i93DcfHHIaVC8AO1ifFZyNyZCNc8qaamdH2vyb6Dm/J7ULf
hIDQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:content-transfer-encoding:mime-version
:references:in-reply-to:message-id:date:subject:cc:to:from;
bh=XcfLpoJTAW+zw7Z9uCMFG3xHDpVv6NMfvOMGwjNGisQ=;
b=GEfVBKZN9125uvSPCkQ+OvMvPsKAcUTqUBhiNJjT1baymyQsAsGbH+Z/tG3hFc5/72
qSKEBTkKy0aLTwM1wZZhZ2i+HVOp0ifx671ef3w6h/6lHfIQe3RTY0I2kYAiC1Hjy76T
4iBIkQ0/S+6IlAFGqftrxMD2iqlVWu49fHrYu03Wy99+q/GqJDGA3wSo8o9SWqzSX/3H
58MoLaC1I0D2mo3pA6zovNDNaylImocf4M/uPmeLUTGhc7/NWVklnB+DvtrHnopZGDAQ
Kjs3U5ca1cYItOLoXyDNPU2orG9coF3K3aL/AXk4q1xlRLJmV8ZoKUrmRRC6FAII8Yqv
uunw==
ARC-Authentication-Results: i=1; mx.google.com;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
by mx.google.com with ESMTP id
i8-20020a0564020f0800b0045cfa0b1f46si7395721eda.11.2022.11.15.23.55.56;
Tue, 15 Nov 2022 23:56:19 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S232714AbiKPHvH (ORCPT <rfc822;maxim.cournoyer@gmail.com>
+ 99 others); Wed, 16 Nov 2022 02:51:07 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57566 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S231811AbiKPHvD (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Wed, 16 Nov 2022 02:51:03 -0500
Received: from szxga01-in.huawei.com (szxga01-in.huawei.com [45.249.212.187])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8658D13D21
for <linux-kernel@vger.kernel.org>;
Tue, 15 Nov 2022 23:51:02 -0800 (PST)
Received: from dggpemm500022.china.huawei.com (unknown [172.30.72.53])
by szxga01-in.huawei.com (SkyGuard) with ESMTP id 4NBw9s0CdyzqSPG;
Wed, 16 Nov 2022 15:47:13 +0800 (CST)
Received: from dggpemm100009.china.huawei.com (7.185.36.113) by
dggpemm500022.china.huawei.com (7.185.36.162) with Microsoft SMTP Server
(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
15.1.2375.31; Wed, 16 Nov 2022 15:51:00 +0800
Received: from huawei.com (10.175.113.32) by dggpemm100009.china.huawei.com
(7.185.36.113) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Wed, 16 Nov
2022 15:51:00 +0800
From: Liu Shixin <liushixin2@huawei.com>
To: Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will@kernel.org>,
Denys Vlasenko <dvlasenk@redhat.com>,
Kefeng Wang <wangkefeng.wang@huawei.com>,
Anshuman Khandual <anshuman.khandual@arm.com>,
David Hildenbrand <dhildenb@redhat.com>,
Rafael Aquini <raquini@redhat.com>,
Pasha Tatashin <pasha.tatashin@soleen.com>
CC: <linux-arm-kernel@lists.infradead.org>,
<linux-kernel@vger.kernel.org>, Liu Shixin <liushixin2@huawei.com>
Subject: [PATCH 1/2] arm64/mm: fix incorrect file_map_count for non-leaf
pmd/pud
Date: Wed, 16 Nov 2022 16:38:10 +0800
Message-ID: <20221116083811.464678-2-liushixin2@huawei.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <20221116083811.464678-1-liushixin2@huawei.com>
References: <20221116083811.464678-1-liushixin2@huawei.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 7BIT
Content-Type: text/plain; charset=US-ASCII
X-Originating-IP: [10.175.113.32]
X-ClientProxiedBy: dggems703-chm.china.huawei.com (10.3.19.180) To
dggpemm100009.china.huawei.com (7.185.36.113)
X-CFilter-Loop: Reflected
X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1749638582885689564?=
X-GMAIL-MSGID: =?utf-8?q?1749638582885689564?=
|
| Series |
arm64: fix two bug about page table check
|
|
Commit Message
Liu Shixin
Nov. 16, 2022, 8:38 a.m. UTC
The page table check trigger BUG_ON() unexpectedly when collapse hugepage:
------------[ cut here ]------------
kernel BUG at mm/page_table_check.c:82!
Internal error: Oops - BUG: 00000000f2000800 [#1] SMP
Dumping ftrace buffer:
(ftrace buffer empty)
Modules linked in:
CPU: 6 PID: 68 Comm: khugepaged Not tainted 6.1.0-rc3+ #750
Hardware name: linux,dummy-virt (DT)
pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : page_table_check_clear.isra.0+0x258/0x3f0
lr : page_table_check_clear.isra.0+0x240/0x3f0
[...]
Call trace:
page_table_check_clear.isra.0+0x258/0x3f0
__page_table_check_pmd_clear+0xbc/0x108
pmdp_collapse_flush+0xb0/0x160
collapse_huge_page+0xa08/0x1080
hpage_collapse_scan_pmd+0xf30/0x1590
khugepaged_scan_mm_slot.constprop.0+0x52c/0xac8
khugepaged+0x338/0x518
kthread+0x278/0x2f8
ret_from_fork+0x10/0x20
[...]
Since pmd_user_accessible_page() doesn't check if a pmd is leaf, it
decrease file_map_count for a non-leaf pmd comes from collapse_huge_page().
and so trigger BUG_ON() unexpectedly.
Fix this problem by using pmd_leaf() insteal of pmd_present() in
pmd_user_accessible_page(). Moreover, use pud_leaf() for
pud_user_accessible_page() too.
Fixes: 42b2547137f5 ("arm64/mm: enable ARCH_SUPPORTS_PAGE_TABLE_CHECK")
Reported-by: Denys Vlasenko <dvlasenk@redhat.com>
Signed-off-by: Liu Shixin <liushixin2@huawei.com>
---
arch/arm64/include/asm/pgtable.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
Comments
On 16.11.22 09:38, Liu Shixin wrote: > The page table check trigger BUG_ON() unexpectedly when collapse hugepage: > > ------------[ cut here ]------------ > kernel BUG at mm/page_table_check.c:82! > Internal error: Oops - BUG: 00000000f2000800 [#1] SMP > Dumping ftrace buffer: > (ftrace buffer empty) > Modules linked in: > CPU: 6 PID: 68 Comm: khugepaged Not tainted 6.1.0-rc3+ #750 > Hardware name: linux,dummy-virt (DT) > pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) > pc : page_table_check_clear.isra.0+0x258/0x3f0 > lr : page_table_check_clear.isra.0+0x240/0x3f0 > [...] > Call trace: > page_table_check_clear.isra.0+0x258/0x3f0 > __page_table_check_pmd_clear+0xbc/0x108 > pmdp_collapse_flush+0xb0/0x160 > collapse_huge_page+0xa08/0x1080 > hpage_collapse_scan_pmd+0xf30/0x1590 > khugepaged_scan_mm_slot.constprop.0+0x52c/0xac8 > khugepaged+0x338/0x518 > kthread+0x278/0x2f8 > ret_from_fork+0x10/0x20 > [...] > > Since pmd_user_accessible_page() doesn't check if a pmd is leaf, it > decrease file_map_count for a non-leaf pmd comes from collapse_huge_page(). > and so trigger BUG_ON() unexpectedly. > > Fix this problem by using pmd_leaf() insteal of pmd_present() in > pmd_user_accessible_page(). Moreover, use pud_leaf() for > pud_user_accessible_page() too. > > Fixes: 42b2547137f5 ("arm64/mm: enable ARCH_SUPPORTS_PAGE_TABLE_CHECK") > Reported-by: Denys Vlasenko <dvlasenk@redhat.com> > Signed-off-by: Liu Shixin <liushixin2@huawei.com> > --- > arch/arm64/include/asm/pgtable.h | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/arch/arm64/include/asm/pgtable.h b/arch/arm64/include/asm/pgtable.h > index 71a1af42f0e8..edf6625ce965 100644 > --- a/arch/arm64/include/asm/pgtable.h > +++ b/arch/arm64/include/asm/pgtable.h > @@ -863,12 +863,12 @@ static inline bool pte_user_accessible_page(pte_t pte) > > static inline bool pmd_user_accessible_page(pmd_t pmd) > { > - return pmd_present(pmd) && (pmd_user(pmd) || pmd_user_exec(pmd)); > + return pmd_leaf(pmd) && (pmd_user(pmd) || pmd_user_exec(pmd)); > } > > static inline bool pud_user_accessible_page(pud_t pud) > { > - return pud_present(pud) && pud_user(pud); > + return pud_leaf(pud) && pud_user(pud); > } > #endif > Reviewed-by: David Hildenbrand <david@redhat.com>
On Wed, Nov 16, 2022 at 2:51 AM Liu Shixin <liushixin2@huawei.com> wrote: > > The page table check trigger BUG_ON() unexpectedly when collapse hugepage: > > ------------[ cut here ]------------ > kernel BUG at mm/page_table_check.c:82! > Internal error: Oops - BUG: 00000000f2000800 [#1] SMP > Dumping ftrace buffer: > (ftrace buffer empty) > Modules linked in: > CPU: 6 PID: 68 Comm: khugepaged Not tainted 6.1.0-rc3+ #750 > Hardware name: linux,dummy-virt (DT) > pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) > pc : page_table_check_clear.isra.0+0x258/0x3f0 > lr : page_table_check_clear.isra.0+0x240/0x3f0 > [...] > Call trace: > page_table_check_clear.isra.0+0x258/0x3f0 > __page_table_check_pmd_clear+0xbc/0x108 > pmdp_collapse_flush+0xb0/0x160 > collapse_huge_page+0xa08/0x1080 > hpage_collapse_scan_pmd+0xf30/0x1590 > khugepaged_scan_mm_slot.constprop.0+0x52c/0xac8 > khugepaged+0x338/0x518 > kthread+0x278/0x2f8 > ret_from_fork+0x10/0x20 > [...] > > Since pmd_user_accessible_page() doesn't check if a pmd is leaf, it > decrease file_map_count for a non-leaf pmd comes from collapse_huge_page(). > and so trigger BUG_ON() unexpectedly. > > Fix this problem by using pmd_leaf() insteal of pmd_present() in s/insteal/instead > pmd_user_accessible_page(). Moreover, use pud_leaf() for > pud_user_accessible_page() too. > > Fixes: 42b2547137f5 ("arm64/mm: enable ARCH_SUPPORTS_PAGE_TABLE_CHECK") > Reported-by: Denys Vlasenko <dvlasenk@redhat.com> > Signed-off-by: Liu Shixin <liushixin2@huawei.com> > --- > arch/arm64/include/asm/pgtable.h | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/arch/arm64/include/asm/pgtable.h b/arch/arm64/include/asm/pgtable.h > index 71a1af42f0e8..edf6625ce965 100644 > --- a/arch/arm64/include/asm/pgtable.h > +++ b/arch/arm64/include/asm/pgtable.h > @@ -863,12 +863,12 @@ static inline bool pte_user_accessible_page(pte_t pte) > > static inline bool pmd_user_accessible_page(pmd_t pmd) > { > - return pmd_present(pmd) && (pmd_user(pmd) || pmd_user_exec(pmd)); > + return pmd_leaf(pmd) && (pmd_user(pmd) || pmd_user_exec(pmd)); > } > > static inline bool pud_user_accessible_page(pud_t pud) > { > - return pud_present(pud) && pud_user(pud); > + return pud_leaf(pud) && pud_user(pud); Thanks a lot. The x86 variants are already using p*d_leaf() in these functions. Acked-by: Pasha Tatashin <pasha.tatashin@soleen.com>
On 11/16/22 14:08, Liu Shixin wrote: > The page table check trigger BUG_ON() unexpectedly when collapse hugepage: > > ------------[ cut here ]------------ > kernel BUG at mm/page_table_check.c:82! > Internal error: Oops - BUG: 00000000f2000800 [#1] SMP > Dumping ftrace buffer: > (ftrace buffer empty) > Modules linked in: > CPU: 6 PID: 68 Comm: khugepaged Not tainted 6.1.0-rc3+ #750 > Hardware name: linux,dummy-virt (DT) > pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) > pc : page_table_check_clear.isra.0+0x258/0x3f0 > lr : page_table_check_clear.isra.0+0x240/0x3f0 > [...] > Call trace: > page_table_check_clear.isra.0+0x258/0x3f0 > __page_table_check_pmd_clear+0xbc/0x108 > pmdp_collapse_flush+0xb0/0x160 > collapse_huge_page+0xa08/0x1080 > hpage_collapse_scan_pmd+0xf30/0x1590 > khugepaged_scan_mm_slot.constprop.0+0x52c/0xac8 > khugepaged+0x338/0x518 > kthread+0x278/0x2f8 > ret_from_fork+0x10/0x20 > [...] > > Since pmd_user_accessible_page() doesn't check if a pmd is leaf, it > decrease file_map_count for a non-leaf pmd comes from collapse_huge_page(). > and so trigger BUG_ON() unexpectedly. Could you please provide the pmd_val() on the pmd entry, that triggers this BUG_ON() here ? Only additional thing pmd_leaf() ensures, is that the entry is not a table one. #define pmd_leaf(pmd) (pmd_present(pmd) && !pmd_table(pmd)) collapse_huge_page() pmd is non-leaf because it has table bit on ? > > Fix this problem by using pmd_leaf() insteal of pmd_present() in > pmd_user_accessible_page(). Moreover, use pud_leaf() for > pud_user_accessible_page() too. > > Fixes: 42b2547137f5 ("arm64/mm: enable ARCH_SUPPORTS_PAGE_TABLE_CHECK") > Reported-by: Denys Vlasenko <dvlasenk@redhat.com> > Signed-off-by: Liu Shixin <liushixin2@huawei.com> > --- > arch/arm64/include/asm/pgtable.h | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/arch/arm64/include/asm/pgtable.h b/arch/arm64/include/asm/pgtable.h > index 71a1af42f0e8..edf6625ce965 100644 > --- a/arch/arm64/include/asm/pgtable.h > +++ b/arch/arm64/include/asm/pgtable.h > @@ -863,12 +863,12 @@ static inline bool pte_user_accessible_page(pte_t pte) > > static inline bool pmd_user_accessible_page(pmd_t pmd) > { > - return pmd_present(pmd) && (pmd_user(pmd) || pmd_user_exec(pmd)); > + return pmd_leaf(pmd) && (pmd_user(pmd) || pmd_user_exec(pmd)); > } > > static inline bool pud_user_accessible_page(pud_t pud) > { > - return pud_present(pud) && pud_user(pud); > + return pud_leaf(pud) && pud_user(pud); > } > #endif >
On 2022/11/17 12:09, Anshuman Khandual wrote: > > On 11/16/22 14:08, Liu Shixin wrote: >> The page table check trigger BUG_ON() unexpectedly when collapse hugepage: >> >> ------------[ cut here ]------------ >> kernel BUG at mm/page_table_check.c:82! >> Internal error: Oops - BUG: 00000000f2000800 [#1] SMP >> Dumping ftrace buffer: >> (ftrace buffer empty) >> Modules linked in: >> CPU: 6 PID: 68 Comm: khugepaged Not tainted 6.1.0-rc3+ #750 >> Hardware name: linux,dummy-virt (DT) >> pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) >> pc : page_table_check_clear.isra.0+0x258/0x3f0 >> lr : page_table_check_clear.isra.0+0x240/0x3f0 >> [...] >> Call trace: >> page_table_check_clear.isra.0+0x258/0x3f0 >> __page_table_check_pmd_clear+0xbc/0x108 >> pmdp_collapse_flush+0xb0/0x160 >> collapse_huge_page+0xa08/0x1080 >> hpage_collapse_scan_pmd+0xf30/0x1590 >> khugepaged_scan_mm_slot.constprop.0+0x52c/0xac8 >> khugepaged+0x338/0x518 >> kthread+0x278/0x2f8 >> ret_from_fork+0x10/0x20 >> [...] >> >> Since pmd_user_accessible_page() doesn't check if a pmd is leaf, it >> decrease file_map_count for a non-leaf pmd comes from collapse_huge_page(). >> and so trigger BUG_ON() unexpectedly. > Could you please provide the pmd_val() on the pmd entry, that triggers this > BUG_ON() here ? Only additional thing pmd_leaf() ensures, is that the entry > is not a table one. > > #define pmd_leaf(pmd) (pmd_present(pmd) && !pmd_table(pmd)) > > collapse_huge_page() pmd is non-leaf because it has table bit on ? The pmd_val is 0x80000004c367003. It is indeed a table entry. collapse_huge_page() will replace page table of page granularity with block granularity. Before this replace, it will call pmdp_collapse_flush() to clear the table pmd. In this function, the table pmd do the check unexpectdly and trigger the BUG_ON(). diff --git a/mm/pgtable-generic.c b/mm/pgtable-generic.c index 90ab721a12a8..a5c2380bac4d 100644 --- a/mm/pgtable-generic.c +++ b/mm/pgtable-generic.c @@ -221,6 +221,7 @@ pmd_t pmdp_collapse_flush(struct vm_area_struct *vma, unsigned long address, VM_BUG_ON(address & ~HPAGE_PMD_MASK); VM_BUG_ON(pmd_trans_huge(*pmdp)); + pr_err("pmd_val is 0x%lx\n", pmd_val(*pmdp)); pmd = pmdp_huge_get_and_clear(vma->vm_mm, address, pmdp); /* collapse entails shooting down ptes not pmd */ Thanks, Liu Shixin . > >> Fix this problem by using pmd_leaf() insteal of pmd_present() in >> pmd_user_accessible_page(). Moreover, use pud_leaf() for >> pud_user_accessible_page() too. >> >> Fixes: 42b2547137f5 ("arm64/mm: enable ARCH_SUPPORTS_PAGE_TABLE_CHECK") >> Reported-by: Denys Vlasenko <dvlasenk@redhat.com> >> Signed-off-by: Liu Shixin <liushixin2@huawei.com> >> --- >> arch/arm64/include/asm/pgtable.h | 4 ++-- >> 1 file changed, 2 insertions(+), 2 deletions(-) >> >> diff --git a/arch/arm64/include/asm/pgtable.h b/arch/arm64/include/asm/pgtable.h >> index 71a1af42f0e8..edf6625ce965 100644 >> --- a/arch/arm64/include/asm/pgtable.h >> +++ b/arch/arm64/include/asm/pgtable.h >> @@ -863,12 +863,12 @@ static inline bool pte_user_accessible_page(pte_t pte) >> >> static inline bool pmd_user_accessible_page(pmd_t pmd) >> { >> - return pmd_present(pmd) && (pmd_user(pmd) || pmd_user_exec(pmd)); >> + return pmd_leaf(pmd) && (pmd_user(pmd) || pmd_user_exec(pmd)); >> } >> >> static inline bool pud_user_accessible_page(pud_t pud) >> { >> - return pud_present(pud) && pud_user(pud); >> + return pud_leaf(pud) && pud_user(pud); >> } >> #endif >> > . >
On 11/16/22 09:38, Liu Shixin wrote: > The page table check trigger BUG_ON() unexpectedly when collapse hugepage: > > ------------[ cut here ]------------ > kernel BUG at mm/page_table_check.c:82! > Internal error: Oops - BUG: 00000000f2000800 [#1] SMP > Dumping ftrace buffer: > (ftrace buffer empty) > Modules linked in: > CPU: 6 PID: 68 Comm: khugepaged Not tainted 6.1.0-rc3+ #750 > Hardware name: linux,dummy-virt (DT) > pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) > pc : page_table_check_clear.isra.0+0x258/0x3f0 > lr : page_table_check_clear.isra.0+0x240/0x3f0 > [...] > Call trace: > page_table_check_clear.isra.0+0x258/0x3f0 > __page_table_check_pmd_clear+0xbc/0x108 > pmdp_collapse_flush+0xb0/0x160 > collapse_huge_page+0xa08/0x1080 > hpage_collapse_scan_pmd+0xf30/0x1590 > khugepaged_scan_mm_slot.constprop.0+0x52c/0xac8 > khugepaged+0x338/0x518 > kthread+0x278/0x2f8 > ret_from_fork+0x10/0x20 > [...] > > Since pmd_user_accessible_page() doesn't check if a pmd is leaf, it > decrease file_map_count for a non-leaf pmd comes from collapse_huge_page(). > and so trigger BUG_ON() unexpectedly. > > Fix this problem by using pmd_leaf() insteal of pmd_present() in > pmd_user_accessible_page(). Moreover, use pud_leaf() for > pud_user_accessible_page() too. > > Fixes: 42b2547137f5 ("arm64/mm: enable ARCH_SUPPORTS_PAGE_TABLE_CHECK") > Reported-by: Denys Vlasenko <dvlasenk@redhat.com> > Signed-off-by: Liu Shixin <liushixin2@huawei.com> Tested on 6.0.6 kernel, no oopses anymore.
diff --git a/arch/arm64/include/asm/pgtable.h b/arch/arm64/include/asm/pgtable.h index 71a1af42f0e8..edf6625ce965 100644 --- a/arch/arm64/include/asm/pgtable.h +++ b/arch/arm64/include/asm/pgtable.h @@ -863,12 +863,12 @@ static inline bool pte_user_accessible_page(pte_t pte) static inline bool pmd_user_accessible_page(pmd_t pmd) { - return pmd_present(pmd) && (pmd_user(pmd) || pmd_user_exec(pmd)); + return pmd_leaf(pmd) && (pmd_user(pmd) || pmd_user_exec(pmd)); } static inline bool pud_user_accessible_page(pud_t pud) { - return pud_present(pud) && pud_user(pud); + return pud_leaf(pud) && pud_user(pud); } #endif