October 2024 - Linux-stable-mirror

[PATCH v1 2/2] selftest/mseal: Add tests for madvise fixes

by jeffxu＠chromium.org

From: Jeff Xu <jeffxu(a)chromium.org> Testcase for "Two fixes for madvise(MADV_DONTNEED) when sealed" test_seal_madvise_prot_none shall not block when mapping is PROT_NONE test_madvise_filebacked_writable shall not block writeable private filebacked mapping. test_madvise_filebacked_was_writable - shall block. shall block read-only private filebacked mapping which was previously writable. Fixes: 8be7258aad44 ("mseal: add mseal syscall") Cc: <stable(a)vger.kernel.org> # 6.11.y: 67203f3f2a63: selftests/mm: add mseal test for no-discard madvise Cc: <stable(a)vger.kernel.org> # 6.11.y: f28bdd1b17ec: selftests/mm: add more mseal traversal tests Cc: <stable(a)vger.kernel.org> # 6.11.y Signed-off-by: Jeff Xu <jeffxu(a)chromium.org> --- tools/testing/selftests/mm/mseal_test.c | 118 +++++++++++++++++++++++- 1 file changed, 116 insertions(+), 2 deletions(-) diff --git a/tools/testing/selftests/mm/mseal_test.c b/tools/testing/selftests/mm/mseal_test.c index 01675c412b2a..fa74dbe4a684 100644 --- a/tools/testing/selftests/mm/mseal_test.c +++ b/tools/testing/selftests/mm/mseal_test.c @@ -1728,7 +1728,7 @@ static void test_seal_discard_ro_anon_on_filebacked(bool seal) FAIL_TEST_IF_FALSE(!ret); } - /* sealing doesn't apply for file backed mapping. */ + /* read-only private file-backed mapping, allow always */ ret = sys_madvise(ptr, size, MADV_DONTNEED); FAIL_TEST_IF_FALSE(!ret); @@ -1864,6 +1864,111 @@ static void test_seal_madvise_nodiscard(bool seal) REPORT_TEST_PASS(); } +static void test_seal_madvise_prot_none(bool seal) +{ + void *ptr; + unsigned long page_size = getpagesize(); + unsigned long size = 4 * page_size; + int ret; + + setup_single_address(size, &ptr); + FAIL_TEST_IF_FALSE(ptr != (void *)-1); + + ret = sys_mprotect(ptr + page_size, page_size, PROT_NONE); + FAIL_TEST_IF_FALSE(!ret); + + if (seal) { + ret = seal_single_address(ptr + page_size, page_size); + FAIL_TEST_IF_FALSE(!ret); + } + + /* madvise(DONTNEED) should pass on PROT_NONE sealed VMA */ + ret = sys_madvise(ptr + page_size, page_size, MADV_DONTNEED); + FAIL_TEST_IF_FALSE(!ret); + + REPORT_TEST_PASS(); +} + +static void test_madvise_filebacked_writable(bool seal) +{ + void *ptr; + unsigned long page_size = getpagesize(); + unsigned long size = 4 * page_size; + int ret; + int fd; + unsigned long mapflags = MAP_PRIVATE; + + fd = memfd_create("test", 0); + FAIL_TEST_IF_FALSE(fd > 0); + + ret = fallocate(fd, 0, 0, size); + FAIL_TEST_IF_FALSE(!ret); + + ptr = mmap(NULL, size, PROT_READ|PROT_WRITE, mapflags, fd, 0); + FAIL_TEST_IF_FALSE(ptr != MAP_FAILED); + + if (seal) { + ret = sys_mseal(ptr, size); + FAIL_TEST_IF_FALSE(!ret); + } + + /* sealing doesn't apply for writeable file-backed mapping. */ + ret = sys_madvise(ptr, size, MADV_DONTNEED); + FAIL_TEST_IF_FALSE(!ret); + + ret = sys_munmap(ptr, size); + if (seal) + FAIL_TEST_IF_FALSE(ret < 0); + else + FAIL_TEST_IF_FALSE(!ret); + close(fd); + + REPORT_TEST_PASS(); +} + +static void test_madvise_filebacked_was_writable(bool seal) +{ + void *ptr; + unsigned long page_size = getpagesize(); + unsigned long size = 4 * page_size; + int ret; + int fd; + unsigned long mapflags = MAP_PRIVATE; + + fd = memfd_create("test", 0); + FAIL_TEST_IF_FALSE(fd > 0); + + ret = fallocate(fd, 0, 0, size); + FAIL_TEST_IF_FALSE(!ret); + + ptr = mmap(NULL, size, PROT_READ|PROT_WRITE, mapflags, fd, 0); + FAIL_TEST_IF_FALSE(ptr != MAP_FAILED); + + ret = sys_mprotect(ptr, size, PROT_READ); + FAIL_TEST_IF_FALSE(!ret); + + if (seal) { + ret = sys_mseal(ptr, size); + FAIL_TEST_IF_FALSE(!ret); + } + + /* read-only file-backed mapping, was writable. */ + ret = sys_madvise(ptr, size, MADV_DONTNEED); + if (seal) + FAIL_TEST_IF_FALSE(ret < 0); + else + FAIL_TEST_IF_FALSE(!ret); + + ret = sys_munmap(ptr, size); + if (seal) + FAIL_TEST_IF_FALSE(ret < 0); + else + FAIL_TEST_IF_FALSE(!ret); + close(fd); + + REPORT_TEST_PASS(); +} + int main(int argc, char **argv) { bool test_seal = seal_support(); @@ -1876,7 +1981,7 @@ int main(int argc, char **argv) if (!pkey_supported()) ksft_print_msg("PKEY not supported\n"); - ksft_set_plan(88); + ksft_set_plan(94); test_seal_addseal(); test_seal_unmapped_start(); @@ -1985,5 +2090,14 @@ int main(int argc, char **argv) test_seal_discard_ro_anon_on_pkey(false); test_seal_discard_ro_anon_on_pkey(true); + test_seal_madvise_prot_none(false); + test_seal_madvise_prot_none(true); + + test_madvise_filebacked_writable(false); + test_madvise_filebacked_writable(true); + + test_madvise_filebacked_was_writable(false); + test_madvise_filebacked_was_writable(true); + ksft_finished(); } -- 2.47.0.rc1.288.g06298d1525-goog

1 year

2
1
0 0

[PATCH v3 2/2] wifi: ath12k: fix warning when unbinding

by Jose Ignacio Tornos Martinez

If there is an error during some initialization related to firmware, the buffers dp->tx_ring[i].tx_status are released. However this is released again when the device is unbinded (ath12k_pci), and we get: WARNING: CPU: 0 PID: 2098 at mm/slub.c:4689 free_large_kmalloc+0x4d/0x80 Call Trace: free_large_kmalloc ath12k_dp_free ath12k_core_deinit ath12k_pci_remove ... The issue is always reproducible from a VM because the MSI addressing initialization is failing. In order to fix the issue, just set the buffers to NULL after releasing in order to avoid the double free. cc: stable(a)vger.kernel.org Fixes: d889913205cf ("wifi: ath12k: driver for Qualcomm Wi-Fi 7 devices") Signed-off-by: Jose Ignacio Tornos Martinez <jtornosm(a)redhat.com> --- v3: - Remove unnecessary check to not free if buffer is NULL. - Trim backtrace. - Fix typos. v2: https://lore.kernel.org/linux-wireless/20241016123722.206899-1-jtornosm@red… v1: https://lore.kernel.org/linux-wireless/20241010175102.207324-3-jtornosm@red… drivers/net/wireless/ath/ath12k/dp.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/net/wireless/ath/ath12k/dp.c b/drivers/net/wireless/ath/ath12k/dp.c index 789d430e4455..15061782a2df 100644 --- a/drivers/net/wireless/ath/ath12k/dp.c +++ b/drivers/net/wireless/ath/ath12k/dp.c @@ -1277,8 +1277,10 @@ void ath12k_dp_free(struct ath12k_base *ab) ath12k_dp_rx_reo_cmd_list_cleanup(ab); - for (i = 0; i < ab->hw_params->max_tx_ring; i++) + for (i = 0; i < ab->hw_params->max_tx_ring; i++) { kfree(dp->tx_ring[i].tx_status); + dp->tx_ring[i].tx_status = NULL; + } ath12k_dp_rx_free(ab); /* Deinit any SOC level resource */ -- 2.47.0

1 year

1
0
0 0

[PATCH v3 1/2] wifi: ath12k: fix crash when unbinding

by Jose Ignacio Tornos Martinez

If there is an error during some initialization related to firmware, the function ath12k_dp_cc_cleanup is called to release resources. However this is released again when the device is unbinded (ath12k_pci), and we get: BUG: kernel NULL pointer dereference, address: 0000000000000020 at RIP: 0010:ath12k_dp_cc_cleanup.part.0+0xb6/0x500 [ath12k] Call Trace: ath12k_dp_cc_cleanup ath12k_dp_free ath12k_core_deinit ath12k_pci_remove ... The issue is always reproducible from a VM because the MSI addressing initialization is failing. In order to fix the issue, just set to NULL the released structure in ath12k_dp_cc_cleanup at the end. cc: stable(a)vger.kernel.org Fixes: d889913205cf ("wifi: ath12k: driver for Qualcomm Wi-Fi 7 devices") Signed-off-by: Jose Ignacio Tornos Martinez <jtornosm(a)redhat.com> --- v3: - Trim backtrace. - Fix typos. v2: https://lore.kernel.org/linux-wireless/20241016123452.206671-1-jtornosm@red… v1: https://lore.kernel.org/linux-wireless/20241010175102.207324-2-jtornosm@red… drivers/net/wireless/ath/ath12k/dp.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/net/wireless/ath/ath12k/dp.c b/drivers/net/wireless/ath/ath12k/dp.c index 61aa78d8bd8c..789d430e4455 100644 --- a/drivers/net/wireless/ath/ath12k/dp.c +++ b/drivers/net/wireless/ath/ath12k/dp.c @@ -1241,6 +1241,7 @@ static void ath12k_dp_cc_cleanup(struct ath12k_base *ab) } kfree(dp->spt_info); + dp->spt_info = NULL; } static void ath12k_dp_reoq_lut_cleanup(struct ath12k_base *ab) -- 2.46.2

1 year

1
0
0 0

[PATCH v2 2/2] wifi: ath12k: fix warning when unbinding

by Jose Ignacio Tornos Martinez

If there is an error during some initialization realated to firmware, the buffers dp->tx_ring[i].tx_status are released. However this is released again when the device is unbinded (ath12k_pci), and we get: [ 41.271233] WARNING: CPU: 0 PID: 2098 at mm/slub.c:4689 free_large_kmalloc+0x4d/0x80 [ 41.271246] Modules linked in: uinput snd_seq_dummy snd_hrtimer nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables nfnetlink sunrpc qrtr_mhi intel_rapl_msr intel_rapl_common intel_uncore_frequency_common intel_pmc_core intel_vsec pmt_telemetry pmt_class kvm_intel kvm rapl qrtr snd_hda_codec_generic ath12k qmi_helpers snd_hda_intel snd_intel_dspcfg snd_intel_sdw_acpi iTCO_wdt intel_pmc_bxt mac80211 snd_hda_codec iTCO_vendor_support libarc4 snd_hda_core snd_hwdep snd_seq snd_seq_device cfg80211 snd_pcm pcspkr i2c_i801 snd_timer i2c_smbus snd rfkill soundcore lpc_ich mhi virtio_balloon joydev xfs crct10dif_pclmul crc32_pclmul crc32c_intel polyval_clmulni polyval_generic ghash_clmulni_intel sha512_ssse3 sha256_ssse3 sha1_ssse3 virtio_net virtio_blk virtio_console virtio_gpu net_failover failover virtio_dma_buf serio_raw fuse qemu_fw_cfg [ 41.271284] CPU: 0 UID: 0 PID: 2098 Comm: bash Kdump: loaded Not tainted 6.12.0-rc1+ #29 [ 41.271286] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014 [ 41.271287] RIP: 0010:free_large_kmalloc+0x4d/0x80 [ 41.271289] Code: 00 10 00 00 48 d3 e0 f7 d8 81 e2 c0 00 00 00 75 2f 89 c6 48 89 df e8 82 ff ff ff f0 ff 4b 34 0f 85 59 0e ce 00 e9 5b 0e ce 00 <0f> 0b 80 3d c8 29 3c 02 00 0f 84 2d 0e ce 00 b8 00 f0 ff ff eb d1 [ 41.271290] RSP: 0018:ffffa40881a33c50 EFLAGS: 00010246 [ 41.271292] RAX: 000fffffc0000000 RBX: ffffe697c0278000 RCX: 0000000000000000 [ 41.271293] RDX: ffffe697c0b60008 RSI: ffff8d00c9e00000 RDI: ffffe697c0278000 [ 41.271294] RBP: ffff8d00c3af0000 R08: ffff8d00f215d0c0 R09: 0000000080400038 [ 41.271294] R10: 0000000080400038 R11: 0000000000000000 R12: 0000000000000001 [ 41.271295] R13: ffffffffc0ef8948 R14: ffffffffc0ef8948 R15: ffff8d00c1277560 [ 41.271296] FS: 00007fd31e556740(0000) GS:ffff8d011e400000(0000) knlGS:0000000000000000 [ 41.271297] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 41.271298] CR2: 00007f778d3ffb38 CR3: 00000000065dc000 CR4: 0000000000752ef0 [ 41.271301] PKRU: 55555554 [ 41.271302] Call Trace: [ 41.271304] <TASK> [ 41.271304] ? free_large_kmalloc+0x4d/0x80 [ 41.271306] ? __warn.cold+0x93/0xfa [ 41.271308] ? free_large_kmalloc+0x4d/0x80 [ 41.271311] ? report_bug+0xff/0x140 [ 41.271314] ? handle_bug+0x58/0x90 [ 41.271316] ? exc_invalid_op+0x17/0x70 [ 41.271317] ? asm_exc_invalid_op+0x1a/0x20 [ 41.271321] ? free_large_kmalloc+0x4d/0x80 [ 41.271323] ath12k_dp_free+0xdc/0x110 [ath12k] [ 41.271337] ath12k_core_deinit+0x8d/0xb0 [ath12k] [ 41.271345] ath12k_pci_remove+0x50/0xf0 [ath12k] [ 41.271354] pci_device_remove+0x3f/0xb0 [ 41.271356] device_release_driver_internal+0x19c/0x200 [ 41.271359] unbind_store+0xa1/0xb0 ... The issue is always reproducible from a VM because the MSI addressing initialization is failing. In order to fix the issue, just check if the buffers were already released and if they need to be released, in addition set to NULL for the checking. cc: stable(a)vger.kernel.org Fixes: d889913205cf ("wifi: ath12k: driver for Qualcomm Wi-Fi 7 devices") Signed-off-by: Jose Ignacio Tornos Martinez <jtornosm(a)redhat.com> --- v2: - Fix the commit size in Fixes v1: https://lore.kernel.org/linux-wireless/20241010175102.207324-3-jtornosm@red… drivers/net/wireless/ath/ath12k/dp.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/drivers/net/wireless/ath/ath12k/dp.c b/drivers/net/wireless/ath/ath12k/dp.c index 789d430e4455..9d878d815f3c 100644 --- a/drivers/net/wireless/ath/ath12k/dp.c +++ b/drivers/net/wireless/ath/ath12k/dp.c @@ -1277,8 +1277,12 @@ void ath12k_dp_free(struct ath12k_base *ab) ath12k_dp_rx_reo_cmd_list_cleanup(ab); - for (i = 0; i < ab->hw_params->max_tx_ring; i++) - kfree(dp->tx_ring[i].tx_status); + for (i = 0; i < ab->hw_params->max_tx_ring; i++) { + if (dp->tx_ring[i].tx_status) { + kfree(dp->tx_ring[i].tx_status); + dp->tx_ring[i].tx_status = NULL; + } + } ath12k_dp_rx_free(ab); /* Deinit any SOC level resource */ -- 2.46.2

1 year

2
2
0 0

[PATCH v2 1/2] wifi: ath12k: fix crash when unbinding

by Jose Ignacio Tornos Martinez

If there is an error during some initialization realated to firmware, the funcion ath12k_dp_cc_cleanup is already call to release resources. However this is released again when the device is unbinded (ath12k_pci), and we get: [ 382.050650] BUG: kernel NULL pointer dereference, address: 0000000000000020 [ 382.050656] #PF: supervisor read access in kernel mode [ 382.050657] #PF: error_code(0x0000) - not-present page [ 382.050659] PGD 0 P4D 0 [ 382.050661] Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI [ 382.050664] CPU: 0 UID: 0 PID: 6541 Comm: bash Kdump: loaded Not tainted 6.12.0-rc1+ #14 [ 382.050666] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014 [ 382.050667] RIP: 0010:ath12k_dp_cc_cleanup.part.0+0xb6/0x500 [ath12k] [ 382.050688] Code: 8b 76 28 48 8b 7b 10 45 31 c0 b9 02 00 00 00 e8 30 3d 35 c2 be 02 00 00 00 4c 89 f7 e8 e3 00 fb c2 49 83 c7 28 49 39 ef 74 31 <41> f6 47 20 01 75 ab 4c 89 ff e8 2b de a2 c2 84 c0 74 0e 49 8b 17 [ 382.050689] RSP: 0018:ffffa3e3c0e83990 EFLAGS: 00010297 [ 382.050691] RAX: 0000000000000000 RBX: ffff90de08750000 RCX: 0000000000000000 [ 382.050692] RDX: 0000000000000001 RSI: ffff90de08751178 RDI: ffff90de08751970 [ 382.050693] RBP: 0000000000005000 R08: 0000000000000200 R09: 000000000040003f [ 382.050694] R10: 000000000040003f R11: 0000000000000000 R12: dead000000000122 [ 382.050695] R13: dead000000000100 R14: ffffffffc0b6f948 R15: 0000000000000000 [ 382.050696] FS: 00007f216b1ab740(0000) GS:ffff90de5fc00000(0000) knlGS:0000000000000000 [ 382.050698] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 382.050699] CR2: 0000000000000020 CR3: 000000001a26c000 CR4: 0000000000752ef0 [ 382.050702] PKRU: 55555554 [ 382.050703] Call Trace: [ 382.050705] <TASK> [ 382.050707] ? __die_body.cold+0x19/0x27 [ 382.050719] ? page_fault_oops+0x15a/0x2f0 [ 382.050723] ? exc_page_fault+0x7e/0x180 [ 382.050724] ? asm_exc_page_fault+0x26/0x30 [ 382.050729] ? ath12k_dp_cc_cleanup.part.0+0xb6/0x500 [ath12k] [ 382.050740] ? delay_halt_tpause+0x1a/0x20 [ 382.050742] ath12k_dp_free+0x67/0x110 [ath12k] [ 382.050753] ath12k_core_deinit+0x8d/0xb0 [ath12k] [ 382.050762] ath12k_pci_remove+0x50/0xf0 [ath12k] [ 382.050771] pci_device_remove+0x3f/0xb0 [ 382.050773] device_release_driver_internal+0x19c/0x200 [ 382.050777] unbind_store+0xa1/0xb0 ... The issue is always reproducible from a VM because the MSI addressing initialization is failing. In order to fix the issue, just set to NULL the relaeased structure in ath12k_dp_cc_cleanup at the end. cc: stable(a)vger.kernel.org Fixes: d889913205cf ("wifi: ath12k: driver for Qualcomm Wi-Fi 7 devices") Signed-off-by: Jose Ignacio Tornos Martinez <jtornosm(a)redhat.com> --- v2: - Fix the commit size in Fixes v1: https://lore.kernel.org/linux-wireless/20241010175102.207324-2-jtornosm@red… drivers/net/wireless/ath/ath12k/dp.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/net/wireless/ath/ath12k/dp.c b/drivers/net/wireless/ath/ath12k/dp.c index 61aa78d8bd8c..789d430e4455 100644 --- a/drivers/net/wireless/ath/ath12k/dp.c +++ b/drivers/net/wireless/ath/ath12k/dp.c @@ -1241,6 +1241,7 @@ static void ath12k_dp_cc_cleanup(struct ath12k_base *ab) } kfree(dp->spt_info); + dp->spt_info = NULL; } static void ath12k_dp_reoq_lut_cleanup(struct ath12k_base *ab) -- 2.46.2

1 year

2
2
0 0

[merged mm-hotfixes-stable] mm-mglru-only-clear-kswapd_failures-if-reclaimable.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/mglru: only clear kswapd_failures if reclaimable has been removed from the -mm tree. Its filename was mm-mglru-only-clear-kswapd_failures-if-reclaimable.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Wei Xu <weixugc(a)google.com> Subject: mm/mglru: only clear kswapd_failures if reclaimable Date: Mon, 14 Oct 2024 22:12:11 +0000 lru_gen_shrink_node() unconditionally clears kswapd_failures, which can prevent kswapd from sleeping and cause 100% kswapd cpu usage even when kswapd repeatedly fails to make progress in reclaim. Only clear kswap_failures in lru_gen_shrink_node() if reclaim makes some progress, similar to shrink_node(). I happened to run into this problem in one of my tests recently. It requires a combination of several conditions: The allocator needs to allocate a right amount of pages such that it can wake up kswapd without itself being OOM killed; there is no memory for kswapd to reclaim (My test disables swap and cleans page cache first); no other process frees enough memory at the same time. Link: https://lkml.kernel.org/r/20241014221211.832591-1-weixugc@google.com Fixes: e4dde56cd208 ("mm: multi-gen LRU: per-node lru_gen_folio lists") Signed-off-by: Wei Xu <weixugc(a)google.com> Cc: Axel Rasmussen <axelrasmussen(a)google.com> Cc: Brian Geffon <bgeffon(a)google.com> Cc: Jan Alexander Steffens <heftig(a)archlinux.org> Cc: Suleiman Souhlal <suleiman(a)google.com> Cc: Yu Zhao <yuzhao(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/vmscan.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/mm/vmscan.c~mm-mglru-only-clear-kswapd_failures-if-reclaimable +++ a/mm/vmscan.c @@ -4963,8 +4963,8 @@ static void lru_gen_shrink_node(struct p blk_finish_plug(&plug); done: - /* kswapd should never fail */ - pgdat->kswapd_failures = 0; + if (sc->nr_reclaimed > reclaimed) + pgdat->kswapd_failures = 0; } /****************************************************************************** _ Patches currently in -mm which might be from weixugc(a)google.com are

1 year

1
0
0 0

[merged mm-hotfixes-stable] mm-swapfile-skip-hugetlb-pages-for-unuse_vma.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/swapfile: skip HugeTLB pages for unuse_vma has been removed from the -mm tree. Its filename was mm-swapfile-skip-hugetlb-pages-for-unuse_vma.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Liu Shixin <liushixin2(a)huawei.com> Subject: mm/swapfile: skip HugeTLB pages for unuse_vma Date: Tue, 15 Oct 2024 09:45:21 +0800 I got a bad pud error and lost a 1GB HugeTLB when calling swapoff. The problem can be reproduced by the following steps: 1. Allocate an anonymous 1GB HugeTLB and some other anonymous memory. 2. Swapout the above anonymous memory. 3. run swapoff and we will get a bad pud error in kernel message: mm/pgtable-generic.c:42: bad pud 00000000743d215d(84000001400000e7) We can tell that pud_clear_bad is called by pud_none_or_clear_bad in unuse_pud_range() by ftrace. And therefore the HugeTLB pages will never be freed because we lost it from page table. We can skip HugeTLB pages for unuse_vma to fix it. Link: https://lkml.kernel.org/r/20241015014521.570237-1-liushixin2@huawei.com Fixes: 0fe6e20b9c4c ("hugetlb, rmap: add reverse mapping for hugepage") Signed-off-by: Liu Shixin <liushixin2(a)huawei.com> Acked-by: Muchun Song <muchun.song(a)linux.dev> Cc: Naoya Horiguchi <nao.horiguchi(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/swapfile.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/mm/swapfile.c~mm-swapfile-skip-hugetlb-pages-for-unuse_vma +++ a/mm/swapfile.c @@ -2313,7 +2313,7 @@ static int unuse_mm(struct mm_struct *mm mmap_read_lock(mm); for_each_vma(vmi, vma) { - if (vma->anon_vma) { + if (vma->anon_vma && !is_vm_hugetlb_page(vma)) { ret = unuse_vma(vma, type); if (ret) break; _ Patches currently in -mm which might be from liushixin2(a)huawei.com are

1 year

1
0
0 0

[merged mm-hotfixes-stable] mm-dont-install-pmd-mappings-when-thps-are-disabled-by-the-hw-process-vma.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: don't install PMD mappings when THPs are disabled by the hw/process/vma has been removed from the -mm tree. Its filename was mm-dont-install-pmd-mappings-when-thps-are-disabled-by-the-hw-process-vma.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: David Hildenbrand <david(a)redhat.com> Subject: mm: don't install PMD mappings when THPs are disabled by the hw/process/vma Date: Fri, 11 Oct 2024 12:24:45 +0200 We (or rather, readahead logic :) ) might be allocating a THP in the pagecache and then try mapping it into a process that explicitly disabled THP: we might end up installing PMD mappings. This is a problem for s390x KVM, which explicitly remaps all PMD-mapped THPs to be PTE-mapped in s390_enable_sie()->thp_split_mm(), before starting the VM. For example, starting a VM backed on a file system with large folios supported makes the VM crash when the VM tries accessing such a mapping using KVM. Is it also a problem when the HW disabled THP using TRANSPARENT_HUGEPAGE_UNSUPPORTED? At least on x86 this would be the case without X86_FEATURE_PSE. In the future, we might be able to do better on s390x and only disallow PMD mappings -- what s390x and likely TRANSPARENT_HUGEPAGE_UNSUPPORTED really wants. For now, fix it by essentially performing the same check as would be done in __thp_vma_allowable_orders() or in shmem code, where this works as expected, and disallow PMD mappings, making us fallback to PTE mappings. Link: https://lkml.kernel.org/r/20241011102445.934409-3-david@redhat.com Fixes: 793917d997df ("mm/readahead: Add large folio readahead") Signed-off-by: David Hildenbrand <david(a)redhat.com> Reported-by: Leo Fu <bfu(a)redhat.com> Tested-by: Thomas Huth <thuth(a)redhat.com> Cc: Thomas Huth <thuth(a)redhat.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Ryan Roberts <ryan.roberts(a)arm.com> Cc: Christian Borntraeger <borntraeger(a)linux.ibm.com> Cc: Janosch Frank <frankja(a)linux.ibm.com> Cc: Claudio Imbrenda <imbrenda(a)linux.ibm.com> Cc: Hugh Dickins <hughd(a)google.com> Cc: Kefeng Wang <wangkefeng.wang(a)huawei.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/memory.c | 9 +++++++++ 1 file changed, 9 insertions(+) --- a/mm/memory.c~mm-dont-install-pmd-mappings-when-thps-are-disabled-by-the-hw-process-vma +++ a/mm/memory.c @@ -4920,6 +4920,15 @@ vm_fault_t do_set_pmd(struct vm_fault *v pmd_t entry; vm_fault_t ret = VM_FAULT_FALLBACK; + /* + * It is too late to allocate a small folio, we already have a large + * folio in the pagecache: especially s390 KVM cannot tolerate any + * PMD mappings, but PTE-mapped THP are fine. So let's simply refuse any + * PMD mappings if THPs are disabled. + */ + if (thp_disabled_by_hw() || vma_thp_disabled(vma, vma->vm_flags)) + return ret; + if (!thp_vma_suitable_order(vma, haddr, PMD_ORDER)) return ret; _ Patches currently in -mm which might be from david(a)redhat.com are mm-pagewalk-fix-usage-of-pmd_leaf-pud_leaf-without-present-check.patch selftests-mm-hugetlb_fault_after_madv-use-default-hguetlb-page-size.patch selftests-mm-hugetlb_fault_after_madv-improve-test-output.patch

1 year

1
0
0 0

[merged mm-hotfixes-stable] mm-huge_memory-add-vma_thp_disabled-and-thp_disabled_by_hw.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: huge_memory: add vma_thp_disabled() and thp_disabled_by_hw() has been removed from the -mm tree. Its filename was mm-huge_memory-add-vma_thp_disabled-and-thp_disabled_by_hw.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Kefeng Wang <wangkefeng.wang(a)huawei.com> Subject: mm: huge_memory: add vma_thp_disabled() and thp_disabled_by_hw() Date: Fri, 11 Oct 2024 12:24:44 +0200 Patch series "mm: don't install PMD mappings when THPs are disabled by the hw/process/vma". During testing, it was found that we can get PMD mappings in processes where THP (and more precisely, PMD mappings) are supposed to be disabled. While it works as expected for anon+shmem, the pagecache is the problematic bit. For s390 KVM this currently means that a VM backed by a file located on filesystem with large folio support can crash when KVM tries accessing the problematic page, because the readahead logic might decide to use a PMD-sized THP and faulting it into the page tables will install a PMD mapping, something that s390 KVM cannot tolerate. This might also be a problem with HW that does not support PMD mappings, but I did not try reproducing it. Fix it by respecting the ways to disable THPs when deciding whether we can install a PMD mapping. khugepaged should already be taking care of not collapsing if THPs are effectively disabled for the hw/process/vma. This patch (of 2): Add vma_thp_disabled() and thp_disabled_by_hw() helpers to be shared by shmem_allowable_huge_orders() and __thp_vma_allowable_orders(). [david(a)redhat.com: rename to vma_thp_disabled(), split out thp_disabled_by_hw() ] Link: https://lkml.kernel.org/r/20241011102445.934409-2-david@redhat.com Fixes: 793917d997df ("mm/readahead: Add large folio readahead") Signed-off-by: Kefeng Wang <wangkefeng.wang(a)huawei.com> Signed-off-by: David Hildenbrand <david(a)redhat.com> Reported-by: Leo Fu <bfu(a)redhat.com> Tested-by: Thomas Huth <thuth(a)redhat.com> Reviewed-by: Ryan Roberts <ryan.roberts(a)arm.com> Cc: Boqiao Fu <bfu(a)redhat.com> Cc: Christian Borntraeger <borntraeger(a)linux.ibm.com> Cc: Claudio Imbrenda <imbrenda(a)linux.ibm.com> Cc: Hugh Dickins <hughd(a)google.com> Cc: Janosch Frank <frankja(a)linux.ibm.com> Cc: Matthew Wilcox <willy(a)infradead.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/huge_mm.h | 18 ++++++++++++++++++ mm/huge_memory.c | 13 +------------ mm/shmem.c | 7 +------ 3 files changed, 20 insertions(+), 18 deletions(-) --- a/include/linux/huge_mm.h~mm-huge_memory-add-vma_thp_disabled-and-thp_disabled_by_hw +++ a/include/linux/huge_mm.h @@ -322,6 +322,24 @@ struct thpsize { (transparent_hugepage_flags & \ (1<<TRANSPARENT_HUGEPAGE_USE_ZERO_PAGE_FLAG)) +static inline bool vma_thp_disabled(struct vm_area_struct *vma, + unsigned long vm_flags) +{ + /* + * Explicitly disabled through madvise or prctl, or some + * architectures may disable THP for some mappings, for + * example, s390 kvm. + */ + return (vm_flags & VM_NOHUGEPAGE) || + test_bit(MMF_DISABLE_THP, &vma->vm_mm->flags); +} + +static inline bool thp_disabled_by_hw(void) +{ + /* If the hardware/firmware marked hugepage support disabled. */ + return transparent_hugepage_flags & (1 << TRANSPARENT_HUGEPAGE_UNSUPPORTED); +} + unsigned long thp_get_unmapped_area(struct file *filp, unsigned long addr, unsigned long len, unsigned long pgoff, unsigned long flags); unsigned long thp_get_unmapped_area_vmflags(struct file *filp, unsigned long addr, --- a/mm/huge_memory.c~mm-huge_memory-add-vma_thp_disabled-and-thp_disabled_by_hw +++ a/mm/huge_memory.c @@ -109,18 +109,7 @@ unsigned long __thp_vma_allowable_orders if (!vma->vm_mm) /* vdso */ return 0; - /* - * Explicitly disabled through madvise or prctl, or some - * architectures may disable THP for some mappings, for - * example, s390 kvm. - * */ - if ((vm_flags & VM_NOHUGEPAGE) || - test_bit(MMF_DISABLE_THP, &vma->vm_mm->flags)) - return 0; - /* - * If the hardware/firmware marked hugepage support disabled. - */ - if (transparent_hugepage_flags & (1 << TRANSPARENT_HUGEPAGE_UNSUPPORTED)) + if (thp_disabled_by_hw() || vma_thp_disabled(vma, vm_flags)) return 0; /* khugepaged doesn't collapse DAX vma, but page fault is fine. */ --- a/mm/shmem.c~mm-huge_memory-add-vma_thp_disabled-and-thp_disabled_by_hw +++ a/mm/shmem.c @@ -1664,12 +1664,7 @@ unsigned long shmem_allowable_huge_order loff_t i_size; int order; - if (vma && ((vm_flags & VM_NOHUGEPAGE) || - test_bit(MMF_DISABLE_THP, &vma->vm_mm->flags))) - return 0; - - /* If the hardware/firmware marked hugepage support disabled. */ - if (transparent_hugepage_flags & (1 << TRANSPARENT_HUGEPAGE_UNSUPPORTED)) + if (thp_disabled_by_hw() || (vma && vma_thp_disabled(vma, vm_flags))) return 0; global_huge = shmem_huge_global_enabled(inode, index, write_end, _ Patches currently in -mm which might be from wangkefeng.wang(a)huawei.com are mm-remove-unused-hugepage-for-vma_alloc_folio.patch

1 year

1
0
0 0

[merged mm-hotfixes-stable] mm-khugepaged-fix-the-arguments-order-in-khugepaged_collapse_file-trace-point.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: khugepaged: fix the arguments order in khugepaged_collapse_file trace point has been removed from the -mm tree. Its filename was mm-khugepaged-fix-the-arguments-order-in-khugepaged_collapse_file-trace-point.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Yang Shi <yang(a)os.amperecomputing.com> Subject: mm: khugepaged: fix the arguments order in khugepaged_collapse_file trace point Date: Fri, 11 Oct 2024 18:17:02 -0700 The "addr" and "is_shmem" arguments have different order in TP_PROTO and TP_ARGS. This resulted in the incorrect trace result: text-hugepage-644429 [276] 392092.878683: mm_khugepaged_collapse_file: mm=0xffff20025d52c440, hpage_pfn=0x200678c00, index=512, addr=1, is_shmem=0, filename=text-hugepage, nr=512, result=failed The value of "addr" is wrong because it was treated as bool value, the type of is_shmem. Fix the order in TP_PROTO to keep "addr" is before "is_shmem" since the original patch review suggested this order to achieve best packing. And use "lx" for "addr" instead of "ld" in TP_printk because address is typically shown in hex. After the fix, the trace result looks correct: text-hugepage-7291 [004] 128.627251: mm_khugepaged_collapse_file: mm=0xffff0001328f9500, hpage_pfn=0x20016ea00, index=512, addr=0x400000, is_shmem=0, filename=text-hugepage, nr=512, result=failed Link: https://lkml.kernel.org/r/20241012011702.1084846-1-yang@os.amperecomputing.… Fixes: 4c9473e87e75 ("mm/khugepaged: add tracepoint to collapse_file()") Signed-off-by: Yang Shi <yang(a)os.amperecomputing.com> Cc: Gautam Menghani <gautammenghani201(a)gmail.com> Cc: Steven Rostedt (Google) <rostedt(a)goodmis.org> Cc: <stable(a)vger.kernel.org> [6.2+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/trace/events/huge_memory.h | 4 ++-- mm/khugepaged.c | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) --- a/include/trace/events/huge_memory.h~mm-khugepaged-fix-the-arguments-order-in-khugepaged_collapse_file-trace-point +++ a/include/trace/events/huge_memory.h @@ -208,7 +208,7 @@ TRACE_EVENT(mm_khugepaged_scan_file, TRACE_EVENT(mm_khugepaged_collapse_file, TP_PROTO(struct mm_struct *mm, struct folio *new_folio, pgoff_t index, - bool is_shmem, unsigned long addr, struct file *file, + unsigned long addr, bool is_shmem, struct file *file, int nr, int result), TP_ARGS(mm, new_folio, index, addr, is_shmem, file, nr, result), TP_STRUCT__entry( @@ -233,7 +233,7 @@ TRACE_EVENT(mm_khugepaged_collapse_file, __entry->result = result; ), - TP_printk("mm=%p, hpage_pfn=0x%lx, index=%ld, addr=%ld, is_shmem=%d, filename=%s, nr=%d, result=%s", + TP_printk("mm=%p, hpage_pfn=0x%lx, index=%ld, addr=%lx, is_shmem=%d, filename=%s, nr=%d, result=%s", __entry->mm, __entry->hpfn, __entry->index, --- a/mm/khugepaged.c~mm-khugepaged-fix-the-arguments-order-in-khugepaged_collapse_file-trace-point +++ a/mm/khugepaged.c @@ -2227,7 +2227,7 @@ rollback: folio_put(new_folio); out: VM_BUG_ON(!list_empty(&pagelist)); - trace_mm_khugepaged_collapse_file(mm, new_folio, index, is_shmem, addr, file, HPAGE_PMD_NR, result); + trace_mm_khugepaged_collapse_file(mm, new_folio, index, addr, is_shmem, file, HPAGE_PMD_NR, result); return result; } _ Patches currently in -mm which might be from yang(a)os.amperecomputing.com are

1 year

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror October 2024