From patchwork Thu Sep 8 04:11:50 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Naoya Horiguchi X-Patchwork-Id: 12969632 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6A853ECAAD5 for ; Thu, 8 Sep 2022 04:12:41 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 982726B0072; Thu, 8 Sep 2022 00:12:40 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 930B86B0073; Thu, 8 Sep 2022 00:12:40 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 820208D0001; Thu, 8 Sep 2022 00:12:40 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 73EF06B0072 for ; Thu, 8 Sep 2022 00:12:40 -0400 (EDT) Received: from smtpin10.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id BA37BA0C99 for ; Thu, 8 Sep 2022 04:12:36 +0000 (UTC) X-FDA: 79887596712.10.BB3106F Received: from out0.migadu.com (out0.migadu.com [94.23.1.103]) by imf20.hostedemail.com (Postfix) with ESMTP id 3C1021C0097 for ; Thu, 8 Sep 2022 04:12:35 +0000 (UTC) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1662610354; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=zwoG+2A1DN6DhncHURTf/vjvqKNs3W4Fx+gG9cqxMPk=; b=A7GwQ/Ajj9bHP0svWliAGuGUePBOMb64r707Tp5vlSTdrsJmZTgQPuScjqWudkJLh4qqWa 17h/ZbQmIyWrdOnnSKEanHP3cz04vi8Y/2JWEvBn7DrJsh+phenHD6h+SzGvaEh18t94iR 8NtWpBUq5P4esfn8vgvaHzPmZMUxzls= From: Naoya Horiguchi To: linux-mm@kvack.org Cc: Andrew Morton , David Hildenbrand , Muchun Song , Miaohe Lin , Matthew Wilcox , Michal Hocko , Yang Shi , Naoya Horiguchi , linux-kernel@vger.kernel.org Subject: [PATCH v2] mm/huge_memory: use pfn_to_online_page() in split_huge_pages_all() Date: Thu, 8 Sep 2022 13:11:50 +0900 Message-Id: <20220908041150.3430269-1-naoya.horiguchi@linux.dev> MIME-Version: 1.0 X-Migadu-Flow: FLOW_OUT X-Migadu-Auth-User: linux.dev ARC-Authentication-Results: i=1; imf20.hostedemail.com; dkim=pass header.d=linux.dev header.s=key1 header.b="A7GwQ/Aj"; spf=pass (imf20.hostedemail.com: domain of naoya.horiguchi@linux.dev designates 94.23.1.103 as permitted sender) smtp.mailfrom=naoya.horiguchi@linux.dev; dmarc=pass (policy=none) header.from=linux.dev ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1662610356; a=rsa-sha256; cv=none; b=kodXk8qKB2Y1uUs+KzYD/NhhHCrMPXe5q6kYscQ0azUHmkDhCLWwqstQK6X+PXen8F5Us/ koux+Ysd9paufhU6nUHp6zFpnjMXTsIf8br48tpurDTqRx5Khv4mjS4mmkFMcn1cwTL75z Wj7Rt/gC6ydfFGPpFNiNz8tip8nsWtE= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1662610356; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:references:dkim-signature; bh=zwoG+2A1DN6DhncHURTf/vjvqKNs3W4Fx+gG9cqxMPk=; b=N6mcLisu1Cxi/1jiHqcSArn1pp/qFEeYvbLhlN0R0pTiGSoIS5ApdEG2UK98/i6A2avqjw qieisYBYh29XrkxIYol0MoCDLsw5qcRFaSxY1E+zk2Es5W2NCe/rmHXUI+M5BHCP7pEj0m AK+0f9SlPXz7OKpD5STdlMSOwFQve2s= X-Rspamd-Queue-Id: 3C1021C0097 X-Rspam-User: Authentication-Results: imf20.hostedemail.com; dkim=pass header.d=linux.dev header.s=key1 header.b="A7GwQ/Aj"; spf=pass (imf20.hostedemail.com: domain of naoya.horiguchi@linux.dev designates 94.23.1.103 as permitted sender) smtp.mailfrom=naoya.horiguchi@linux.dev; dmarc=pass (policy=none) header.from=linux.dev X-Rspamd-Server: rspam01 X-Stat-Signature: p43ngseas16cw889uqxsddepj1hywf6b X-HE-Tag: 1662610355-28594 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: From: Naoya Horiguchi NULL pointer dereference is triggered when calling thp split via debugfs on the system with offlined memory blocks. With debug option enabled, the following kernel messages are printed out: page:00000000467f4890 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x121c000 flags: 0x17fffc00000000(node=0|zone=2|lastcpupid=0x1ffff) raw: 0017fffc00000000 0000000000000000 dead000000000122 0000000000000000 raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 page dumped because: unmovable page page:000000007d7ab72e is uninitialized and poisoned page dumped because: VM_BUG_ON_PAGE(PagePoisoned(p)) ------------[ cut here ]------------ kernel BUG at include/linux/mm.h:1248! invalid opcode: 0000 [#1] PREEMPT SMP PTI CPU: 16 PID: 20964 Comm: bash Tainted: G I 6.0.0-rc3-foll-numa+ #41 ... RIP: 0010:split_huge_pages_write+0xcf4/0xe30 This shows that page_to_nid() in page_zone() is unexpectedly called for an offlined memmap. Use pfn_to_online_page() to get struct page in PFN walker. Fixes: 49071d436b51 ("thp: add debugfs handle to split all huge pages") Signed-off-by: Naoya Horiguchi Co-developed-by: David Hildenbrand Signed-off-by: David Hildenbrand Reviewed-by: Yang Shi Acked-by: Michal Hocko Reviewed-by: Miaohe Lin Reviewed-by: Oscar Salvador Cc: # 5.10+ Acked-by: Kirill A. Shutemov --- mm/huge_memory.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/mm/huge_memory.c b/mm/huge_memory.c index 5fa2ba86dae4..730eb6d6836b 100644 --- a/mm/huge_memory.c +++ b/mm/huge_memory.c @@ -2894,11 +2894,9 @@ static void split_huge_pages_all(void) max_zone_pfn = zone_end_pfn(zone); for (pfn = zone->zone_start_pfn; pfn < max_zone_pfn; pfn++) { int nr_pages; - if (!pfn_valid(pfn)) - continue; - page = pfn_to_page(pfn); - if (!get_page_unless_zero(page)) + page = pfn_to_online_page(pfn); + if (!page || !get_page_unless_zero(page)) continue; if (zone != page_zone(page))