From patchwork Tue Jan 22 13:29:16 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Qian Cai X-Patchwork-Id: 10775509 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id B00251390 for ; Tue, 22 Jan 2019 13:29:28 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 9BC4529BDF for ; Tue, 22 Jan 2019 13:29:28 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 8C86829BE5; Tue, 22 Jan 2019 13:29:28 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D5FB429BDF for ; Tue, 22 Jan 2019 13:29:27 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 9B89E8E0003; Tue, 22 Jan 2019 08:29:26 -0500 (EST) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 967368E0001; Tue, 22 Jan 2019 08:29:26 -0500 (EST) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 857628E0003; Tue, 22 Jan 2019 08:29:26 -0500 (EST) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-qt1-f197.google.com (mail-qt1-f197.google.com [209.85.160.197]) by kanga.kvack.org (Postfix) with ESMTP id 5C8F98E0001 for ; Tue, 22 Jan 2019 08:29:26 -0500 (EST) Received: by mail-qt1-f197.google.com with SMTP id n50so24520635qtb.9 for ; Tue, 22 Jan 2019 05:29:26 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:dkim-signature:from:to:cc:subject:date :message-id; bh=ZobmOX2RnjjwMTekUZRV4KZkyaPzmJrMtDFY/zT5fWk=; b=qDc8mYTaohpfaZ6WDjGYtBRCsiUJClwKl3OcXlfb9jjCswN6wFa/YQRViHOXyPDOr2 a3F9ofOZ2iTg+stSFHXhzmx6BJiBvRNqosah6P/oc1wlNuuGB/11oonWll20L/wBG4KU vjq6WT8yQE+BqhP0mq8xxRHMAGFsBNIXqgUD1htKiaREgV3rHIXcQbybB9T87Usv/QEI DpqNCH3TbMUdHO7Ab9rvsngQhlBu7v1/We2GAlFwQUNWafZ5S7YgloBYvIGKuuhUmxz2 dRvr376PtdFGYCy/KhCI0yZO7yP0t/daB64czEBpdMJs3w/5yidhUp0ds6t67MQVTVtZ sc8g== X-Gm-Message-State: AJcUukeTXrJaefzN4GGv8K2M7T71DmIpsj0DP7gPkeeEdz7qzsc926Hg GY3njUJYgglhae5oIiPgigEx6EIpArzaOqiRXQOD5wcw/8YZJ9zly95AfdpURWY8HAtcgF+uo1Y XC9LyjIYVqyo9ZW2LMiJcI8PKVkxHUSBTROQFwkBI8OeIoXc79opJ96MSqaOmS46OPgFyaRaOaV PRPyqKUG5DaJs9+ph5zKjT/+YXnlSBS4NAmKOBhEBI53/fb5q6NPwV8ZWyEMjAomjDQyrwXTtNi 40Tk1gSttNWsyzc9HOptWzehUTY+1lQiI3TxQW2RCToIvtnjkniP9CftomBAi/z1CGXs/TSyIcu 5I1TJTZUNCoZ1UQPW64xBW/tC7V/zb24zIuM2UW2USHq0YQ4yTHom2T/MZlvbPhQJeTVJWdk+uG 0 X-Received: by 2002:aed:3105:: with SMTP id 5mr31590152qtg.364.1548163766079; Tue, 22 Jan 2019 05:29:26 -0800 (PST) X-Received: by 2002:aed:3105:: with SMTP id 5mr31590107qtg.364.1548163765197; Tue, 22 Jan 2019 05:29:25 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1548163765; cv=none; d=google.com; s=arc-20160816; b=K+VrgnhLj/Zu2E2viXrve4b7rU9HKZ4GoaDvfypZ6TGdtcr0pz3bl8JB0XhLSh4b8j otGVi8xlDKjyIKuYLP3oOfBYkSHI2PfdZmZ7CNGWAIPxr1oqkOsjfksJwxWpIeNQcZiS J4mV75CdCrWORN54fsA/k1STbx5rU2IWXip/xYwH5edRDi4vbqouAqi7bRWPaIW7U5cL zrU2XxZzMJJBjrYS8ht1qcw02m6yuzZ3c2RYj8v7MxqukBa/FsMt/i7A1OC1RgIgO+In 3Vpt8rEKM5duSjK06Be0GVHOKMmejfHTnw3ouE0L477qjVQN5oVL30OBUXthkjAiVSeP mD5A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=message-id:date:subject:cc:to:from:dkim-signature; bh=ZobmOX2RnjjwMTekUZRV4KZkyaPzmJrMtDFY/zT5fWk=; b=olcQ3iJT9Ylh50Anydp0Ew9wMi3MV/zuN59Jlc6/0kCI7YaGFhbKQiGvWLeEBJjvW6 mxe3YyVSt1Plamd8VoTxhZHJUrm3h06s7wbcorHulesi6zvMgeJctBvtl0oreraL5ES7 inlr3QyjQLPkRW4/cdxVogNAdNPG3yT8FmNMli2T0LTROuTG/N4w0SsaORkK497/0jiI sdcvi6nHGOKNoX9EgbXvf0Mr2ag6zvmJ1/AOijtv6Y7vFvS+nQGKl1U1Vp4nbITb8eZy DLNu6RSG50d5vzhdS+khBf2kZP1arNwmOcdcQifE5OjYlsCvwvhrMjMlgTuw6SsTR+BT B96w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lca.pw header.s=google header.b=hgiUYY1Z; spf=pass (google.com: domain of cai@lca.pw designates 209.85.220.65 as permitted sender) smtp.mailfrom=cai@lca.pw Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id b47sor113197105qtb.44.2019.01.22.05.29.25 for (Google Transport Security); Tue, 22 Jan 2019 05:29:25 -0800 (PST) Received-SPF: pass (google.com: domain of cai@lca.pw designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@lca.pw header.s=google header.b=hgiUYY1Z; spf=pass (google.com: domain of cai@lca.pw designates 209.85.220.65 as permitted sender) smtp.mailfrom=cai@lca.pw DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lca.pw; s=google; h=from:to:cc:subject:date:message-id; bh=ZobmOX2RnjjwMTekUZRV4KZkyaPzmJrMtDFY/zT5fWk=; b=hgiUYY1Zv38rllaGc/Dqx5sumCCcVbqE3ZTnV2chD2vWzm5Cva1yfGgWjau5yGvMVq 1ApDRpHeceF09+LzWKLHT6YFp5282nDFO6ouHsRCM3M9xbc5symulPMl46IfB2xw5C2+ tJlK+pHQhdSXrC10CwmcTkwbOsC2CIXNRnZUjm4h7wcHrC8Qz5qfcR13NaB2Y+kGcbq/ uu3hQkyKQA8tiVmBxWaf/NTr/6A5yNTGB8QLQtbzXuaIcvLNm2qFLIQ3waI86FMkenxR gRZGrALk8tFa4L9kqWNp+5f8B3Wh1jlaD8qUmMdcGMGwqI63mEJqwrW7amHccuSGF6aI /qCA== X-Google-Smtp-Source: ALg8bN76Cn4h6Y4oZX8zFJCJO5vXZUPpEabI8kgtI/uW6n4lLmxxe3h8VgNT8kxyiw6UIKgCHLI1Ig== X-Received: by 2002:ac8:1794:: with SMTP id o20mr29146970qtj.98.1548163764810; Tue, 22 Jan 2019 05:29:24 -0800 (PST) Received: from ovpn-120-54.rdu2.redhat.com (pool-71-184-117-43.bstnma.fios.verizon.net. [71.184.117.43]) by smtp.gmail.com with ESMTPSA id n11sm31511718qke.82.2019.01.22.05.29.23 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 22 Jan 2019 05:29:23 -0800 (PST) From: Qian Cai To: akpm@linux-foundation.org Cc: osalvador@suse.de, catalin.marinas@arm.com, vbabka@suse.cz, mhocko@suse.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org, Qian Cai Subject: [PATCH v4] mm/hotplug: invalid PFNs from pfn_to_online_page() Date: Tue, 22 Jan 2019 08:29:16 -0500 Message-Id: <20190122132916.28360-1-cai@lca.pw> X-Mailer: git-send-email 2.17.2 (Apple Git-113) X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP On an arm64 ThunderX2 server, the first kmemleak scan would crash [1] with CONFIG_DEBUG_VM_PGFLAGS=y due to page_to_nid() found a pfn that is not directly mapped (MEMBLOCK_NOMAP). Hence, the page->flags is uninitialized. This is due to the commit 9f1eb38e0e11 ("mm, kmemleak: little optimization while scanning") starts to use pfn_to_online_page() instead of pfn_valid(). However, in the CONFIG_MEMORY_HOTPLUG=y case, pfn_to_online_page() does not call memblock_is_map_memory() while pfn_valid() does. Historically, the commit 68709f45385a ("arm64: only consider memblocks with NOMAP cleared for linear mapping") causes pages marked as nomap being no long reassigned to the new zone in memmap_init_zone() by calling __init_single_page(). Since the commit 2d070eab2e82 ("mm: consider zone which is not fully populated to have holes") introduced pfn_to_online_page() and was designed to return a valid pfn only, but it is clearly broken on arm64. Therefore, let pfn_to_online_page() call pfn_valid_within(), so it can handle nomap thanks to the commit f52bb98f5ade ("arm64: mm: always enable CONFIG_HOLES_IN_ZONE"), while it will be optimized away on architectures where have no HOLES_IN_ZONE. [1] [ 102.195320] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000006 [ 102.204113] Mem abort info: [ 102.206921] ESR = 0x96000005 [ 102.209997] Exception class = DABT (current EL), IL = 32 bits [ 102.215926] SET = 0, FnV = 0 [ 102.218993] EA = 0, S1PTW = 0 [ 102.222150] Data abort info: [ 102.225047] ISV = 0, ISS = 0x00000005 [ 102.228887] CM = 0, WnR = 0 [ 102.231866] user pgtable: 64k pages, 48-bit VAs, pgdp = (____ptrval____) [ 102.238572] [0000000000000006] pgd=0000000000000000, pud=0000000000000000 [ 102.245448] Internal error: Oops: 96000005 [#1] SMP [ 102.264062] CPU: 60 PID: 1408 Comm: kmemleak Not tainted 5.0.0-rc2+ #8 [ 102.280403] pstate: 60400009 (nZCv daif +PAN -UAO) [ 102.280409] pc : page_mapping+0x24/0x144 [ 102.280415] lr : __dump_page+0x34/0x3dc [ 102.292923] sp : ffff00003a5cfd10 [ 102.296229] x29: ffff00003a5cfd10 x28: 000000000000802f [ 102.301533] x27: 0000000000000000 x26: 0000000000277d00 [ 102.306835] x25: ffff000010791f56 x24: ffff7fe000000000 [ 102.312138] x23: ffff000010772f8b x22: ffff00001125f670 [ 102.317442] x21: ffff000011311000 x20: ffff000010772f8b [ 102.322747] x19: fffffffffffffffe x18: 0000000000000000 [ 102.328049] x17: 0000000000000000 x16: 0000000000000000 [ 102.333352] x15: 0000000000000000 x14: ffff802698b19600 [ 102.338654] x13: ffff802698b1a200 x12: ffff802698b16f00 [ 102.343956] x11: ffff802698b1a400 x10: 0000000000001400 [ 102.349260] x9 : 0000000000000001 x8 : ffff00001121a000 [ 102.354563] x7 : 0000000000000000 x6 : ffff0000102c53b8 [ 102.359868] x5 : 0000000000000000 x4 : 0000000000000003 [ 102.365173] x3 : 0000000000000100 x2 : 0000000000000000 [ 102.370476] x1 : ffff000010772f8b x0 : ffffffffffffffff [ 102.375782] Process kmemleak (pid: 1408, stack limit = 0x(____ptrval____)) [ 102.382648] Call trace: [ 102.385091] page_mapping+0x24/0x144 [ 102.388659] __dump_page+0x34/0x3dc [ 102.392140] dump_page+0x28/0x4c [ 102.395363] kmemleak_scan+0x4ac/0x680 [ 102.399106] kmemleak_scan_thread+0xb4/0xdc [ 102.403285] kthread+0x12c/0x13c [ 102.406509] ret_from_fork+0x10/0x18 [ 102.410080] Code: d503201f f9400660 36000040 d1000413 (f9400661) [ 102.416357] ---[ end trace 4d4bd7f573490c8e ]--- [ 102.420966] Kernel panic - not syncing: Fatal exception [ 102.426293] SMP: stopping secondary CPUs [ 102.431830] Kernel Offset: disabled [ 102.435311] CPU features: 0x002,20000c38 [ 102.439223] Memory Limit: none [ 102.442384] ---[ end Kernel panic - not syncing: Fatal exception ]--- Fixes: 9f1eb38e0e11 ("mm, kmemleak: little optimization while scanning") Acked-by: Michal Hocko Signed-off-by: Qian Cai --- v4: avoid unsafe macros with side effects. v3: change the "Fixes" line. v2: update the changelog; keep the bound check; use pfn_valid_within(). include/linux/memory_hotplug.h | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/include/linux/memory_hotplug.h b/include/linux/memory_hotplug.h index 07da5c6c5ba0..368267c1b71b 100644 --- a/include/linux/memory_hotplug.h +++ b/include/linux/memory_hotplug.h @@ -21,14 +21,16 @@ struct vmem_altmap; * walkers which rely on the fully initialized page->flags and others * should use this rather than pfn_valid && pfn_to_page */ -#define pfn_to_online_page(pfn) \ -({ \ - struct page *___page = NULL; \ - unsigned long ___nr = pfn_to_section_nr(pfn); \ - \ - if (___nr < NR_MEM_SECTIONS && online_section_nr(___nr))\ - ___page = pfn_to_page(pfn); \ - ___page; \ +#define pfn_to_online_page(pfn) \ +({ \ + struct page *___page = NULL; \ + unsigned long ___pfn = pfn; \ + unsigned long ___nr = pfn_to_section_nr(___pfn); \ + \ + if (___nr < NR_MEM_SECTIONS && online_section_nr(___nr) && \ + pfn_valid_within(___pfn)) \ + ___page = pfn_to_page(___pfn); \ + ___page; \ }) /*