From patchwork Wed Nov 20 13:12:02 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?b?QmrDtnJuIFTDtnBlbA==?= X-Patchwork-Id: 13881185 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 35024D63938 for ; Wed, 20 Nov 2024 13:12:14 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 88B236B0099; Wed, 20 Nov 2024 08:12:13 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 83A0A6B009A; Wed, 20 Nov 2024 08:12:13 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 6DA486B009B; Wed, 20 Nov 2024 08:12:13 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id 4CC7D6B0099 for ; Wed, 20 Nov 2024 08:12:13 -0500 (EST) Received: from smtpin19.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id EF8C01C6EEE for ; Wed, 20 Nov 2024 13:12:12 +0000 (UTC) X-FDA: 82806509394.19.17BD13F Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf12.hostedemail.com (Postfix) with ESMTP id 3223E40013 for ; Wed, 20 Nov 2024 13:11:47 +0000 (UTC) Authentication-Results: imf12.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=jGZhu9Dw; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf12.hostedemail.com: domain of bjorn@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=bjorn@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1732108195; a=rsa-sha256; cv=none; b=mbzIho6PnyBfftRAonv4lU1ULs9k9P1TZ32VH6vHuBh8IfCA/h5VTPew9jB4hV66HCp/DS EKrkD10ze0syL9Q7H0BvICXmXL8Bot1KG0gpAmmUQ5NXQHaof2mscfZACrh55pi8oPjs+Q /u0PkqZwbWbdi9QPGAFnGITzsnENgRw= ARC-Authentication-Results: i=1; imf12.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=jGZhu9Dw; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf12.hostedemail.com: domain of bjorn@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=bjorn@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1732108195; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:in-reply-to: references:dkim-signature; bh=t8kyjNmEseeo13utYxp2fHeXmsnQuEvMZNUlXQkqKZ0=; b=cpOA3yfoiWAiVoCCTfqlN3NkPou048uOljTqI+5SsN13ksLIVdCqODr0MvwogB8/fqPcS+ +OtVYXB4lltItnlGEE/ujGB4mJXAJgmPGdwRwZJ3dlVtJQhvQhT2kNVXiECI2R1rGuLULL kjxhZK+b5hL0ZkAhryB21wYdNOnFKx4= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id 66B385C4C65; Wed, 20 Nov 2024 13:11:26 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id BB08CC4CECD; Wed, 20 Nov 2024 13:12:07 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1732108330; bh=k+5dEYh0Wx0gYDwBov9cnbkAU6CMVjt/gVpf33OC/N8=; h=From:To:Cc:Subject:Date:From; b=jGZhu9Dwi+lGk9ZsjijKZtKKmfps855+KQDnqkWJagaRykvm2OPjoa3N7MXkOMafs TE+QWilPmnA3oHJchvWXEJw1WePCqb4iEZzbli7EjPOJcdSJGkR7Pl9HO21Q2LWteL eAwdFkF+dvkwEOJ2xB+30+nVCbEYibc1HqmsSgV7/nIoBve5Db+l6ZIACcoiViKHcT cccKAxYjyGLTsGykPjnZ4z1n8KFZXypqjklh5YxiP+OM3MzFg21y6pHacUYDc1qedp H6ayz5UPejtY03knpY4awE4AgRy3FByrk7wJdPB4tmtz0/3GEmcJTYBrmhvSGk1mN+ a9rDfMwo0nRnw== From: =?utf-8?b?QmrDtnJuIFTDtnBlbA==?= To: Alexandre Ghiti , Albert Ou , David Hildenbrand , Palmer Dabbelt , Paul Walmsley , linux-riscv@lists.infradead.org, Oscar Salvador Cc: =?utf-8?b?QmrDtnJuIFTDtnBlbA==?= , Andrew Bresticker , linux-kernel@vger.kernel.org, linux-mm@kvack.org, virtualization@lists.linux-foundation.org Subject: [PATCH fixes] riscv: mm: Do not call pmd dtor on vmemmap page table teardown Date: Wed, 20 Nov 2024 14:12:02 +0100 Message-ID: <20241120131203.1859787-1-bjorn@kernel.org> X-Mailer: git-send-email 2.45.2 MIME-Version: 1.0 X-Rspamd-Queue-Id: 3223E40013 X-Stat-Signature: rj6edn3r6zwgedrawrgu1kpi9bysasxe X-Rspam-User: X-Rspamd-Server: rspam05 X-HE-Tag: 1732108307-306734 X-HE-Meta: U2FsdGVkX19G+2V+UNZr3ZqDbOE4rDQ2hw+NwgoSCJM05EuQ4em2Nmze16OFGWSmstnUunAyN0lUErrXtonsr46YS0D8VyNr1yKNZH4IWWb79yNO5feZ6qcz6FYUNiYG80ZvzD+mwa33NU0rBQ/36pVhdcesCFpujUxivCHWmES6APVfv8JOiHMCNYY/5ap/6I3+jrz37MM4YsSB2O69AfI7CNlmSFvhFUebT1kOdNSHpM0qK99iD5Sfs1+oaElx2z4csrlzF5tyKHXUyuhV8JsOK3Ic5MEVQ30eNT4rrTAMTmlN74nAjbi4HOuuQmD7ZYprA1c8jUFnz7myiWOOmwGbCcJlRMCDC8vjJe4kNsjwmLAwRtXmZaJmfTs1p6ppfsOHS0FT7LNmBWtghGEt/m2+4lIWM/cDpvnjUp+0aEkIIkm7p04itI3zPuvJFklwy3CixBB6UAVcnypZtsnLB0VTvi4AeV/9EiKmrATtlbaSSvlBPbOk17/xkHAFK+//dB2anmNL+PJOddExnc5AZbRcMTWO2gPyjNxE6vXzw1rX0q2yEnsy6CG64KXs7CnsL70v8Mg8QyDIvNmsMlD1hd6B9T7KpDgJ9+9GhNF39TghSUBeKrA1NFlogVzzLSWDzphs+N6NfcfNTKi4HVbWtep+bKAoWyla1iPWeaQhfdt465QOUfOPZDrxhajBTwhIXao5ghlnsPIPHPbT3FW5DGExwNisa4+c4KWVZ8wnTsubWULpJuxrBKjmDXYWDIar0Ko4Z+t4XREXUTCPDL8caftvCzx1e4+vZ9eO/7bsZlOa6UTJ0qgaIW0NJ4l6rkc9hAi4zYPmLUygc0NyyUMBpK+9t1tsTlTpGE37VQ0pE0tl7RewXRdxvStZXCOmUN/wsJGUYHvrfcEYcgmn0LXOaDMffW2xgjXq/kRODO79tDuLayfI0WEnsZmjQF4TvLu+0fae1jvCt/aLiua1TE8 tD2aMnLr 609MTU+xCjh6yTi4+AoxxOCwZAcK9pSqXUS+V4RxYqaIov65pnQh5/0LquEyOKnEG026npZkJ0L1DArMN0LOAIdxY6oOr7HFp66yHmf/NInr1SnrsdcXxXLymfglENoD/S/dnzh8OEiwJ+5gp2FYoo3FgCA12tRd5q+6KakiG7PZ9T/vPdYpJX2hqMkI5td9y/i4TT3QE+TxXiOH/3SRn0jqB0nbJsgGyOQQJNa0qzTgjlKn0SqFi4ozwSWAceT/zsC9JFqvWrtwgZ2JVBy7nTAYQfsqIUFqtVOhWdsOWZ4hMBlXaRSfyK3gmO4sGbHxv44iVc0az7jHbVQ8dO8u53GXZH0pFLSxyVw39HPm8PAUtt4NMb4v2IsRGjA== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: From: Björn Töpel The vmemmap's, which is used for RV64 with SPARSEMEM_VMEMMAP, page tables are populated using pmd (page middle directory) hugetables. However, the pmd allocation is not using the generic mechanism used by the VMA code (e.g. pmd_alloc()), or the RISC-V specific create_pgd_mapping()/alloc_pmd_late(). Instead, the vmemmap page table code allocates a page, and calls vmemmap_set_pmd(). This results in that the pmd ctor is *not* called, nor would it make sense to do so. Now, when tearing down a vmemmap page table pmd, the cleanup code would unconditionally, and incorrectly call the pmd dtor, which results in a crash (best case). This issue was found when running the HMM selftests: | tools/testing/selftests/mm# ./test_hmm.sh smoke | ... # when unloading the test_hmm.ko module | page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10915b | flags: 0x1000000000000000(node=0|zone=1) | raw: 1000000000000000 0000000000000000 dead000000000122 0000000000000000 | raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 | page dumped because: VM_BUG_ON_PAGE(ptdesc->pmd_huge_pte) | ------------[ cut here ]------------ | kernel BUG at include/linux/mm.h:3080! | Kernel BUG [#1] | Modules linked in: test_hmm(-) sch_fq_codel fuse drm drm_panel_orientation_quirks backlight dm_mod | CPU: 1 UID: 0 PID: 514 Comm: modprobe Tainted: G W 6.12.0-00982-gf2a4f1682d07 #2 | Tainted: [W]=WARN | Hardware name: riscv-virtio qemu/qemu, BIOS 2024.10 10/01/2024 | epc : remove_pgd_mapping+0xbec/0x1070 | ra : remove_pgd_mapping+0xbec/0x1070 | epc : ffffffff80010a68 ra : ffffffff80010a68 sp : ff20000000a73940 | gp : ffffffff827b2d88 tp : ff6000008785da40 t0 : ffffffff80fbce04 | t1 : 0720072007200720 t2 : 706d756420656761 s0 : ff20000000a73a50 | s1 : ff6000008915cff8 a0 : 0000000000000039 a1 : 0000000000000008 | a2 : ff600003fff0de20 a3 : 0000000000000000 a4 : 0000000000000000 | a5 : 0000000000000000 a6 : c0000000ffffefff a7 : ffffffff824469b8 | s2 : ff1c0000022456c0 s3 : ff1ffffffdbfffff s4 : ff6000008915c000 | s5 : ff6000008915c000 s6 : ff6000008915c000 s7 : ff1ffffffdc00000 | s8 : 0000000000000001 s9 : ff1ffffffdc00000 s10: ffffffff819a31f0 | s11: ffffffffffffffff t3 : ffffffff8000c950 t4 : ff60000080244f00 | t5 : ff60000080244000 t6 : ff20000000a73708 | status: 0000000200000120 badaddr: ffffffff80010a68 cause: 0000000000000003 | [] remove_pgd_mapping+0xbec/0x1070 | [] vmemmap_free+0x14/0x1e | [] section_deactivate+0x220/0x452 | [] sparse_remove_section+0x4a/0x58 | [] __remove_pages+0x7e/0xba | [] memunmap_pages+0x2bc/0x3fe | [] dmirror_device_remove_chunks+0x2ea/0x518 [test_hmm] | [] hmm_dmirror_exit+0x3e/0x1018 [test_hmm] | [] __riscv_sys_delete_module+0x15a/0x2a6 | [] do_trap_ecall_u+0x1f2/0x266 | [] _new_vmalloc_restore_context_a0+0xc6/0xd2 | Code: bf51 7597 0184 8593 76a5 854a 4097 0029 80e7 2c00 (9002) 7597 | ---[ end trace 0000000000000000 ]--- | Kernel panic - not syncing: Fatal exception in interrupt Add a check to avoid calling the pmd dtor, if the calling context is vmemmap_free(). Fixes: c75a74f4ba19 ("riscv: mm: Add memory hotplugging support") Signed-off-by: Björn Töpel --- arch/riscv/mm/init.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) base-commit: 57f7c7dc78cd09622b12920d92b40c1ce11b234e diff --git a/arch/riscv/mm/init.c b/arch/riscv/mm/init.c index 0e8c20adcd98..fc53ce748c80 100644 --- a/arch/riscv/mm/init.c +++ b/arch/riscv/mm/init.c @@ -1566,7 +1566,7 @@ static void __meminit free_pte_table(pte_t *pte_start, pmd_t *pmd) pmd_clear(pmd); } -static void __meminit free_pmd_table(pmd_t *pmd_start, pud_t *pud) +static void __meminit free_pmd_table(pmd_t *pmd_start, pud_t *pud, bool is_vmemmap) { struct page *page = pud_page(*pud); struct ptdesc *ptdesc = page_ptdesc(page); @@ -1579,7 +1579,8 @@ static void __meminit free_pmd_table(pmd_t *pmd_start, pud_t *pud) return; } - pagetable_pmd_dtor(ptdesc); + if (!is_vmemmap) + pagetable_pmd_dtor(ptdesc); if (PageReserved(page)) free_reserved_page(page); else @@ -1703,7 +1704,7 @@ static void __meminit remove_pud_mapping(pud_t *pud_base, unsigned long addr, un remove_pmd_mapping(pmd_base, addr, next, is_vmemmap, altmap); if (pgtable_l4_enabled) - free_pmd_table(pmd_base, pudp); + free_pmd_table(pmd_base, pudp, is_vmemmap); } }