For stable tree 3.16.y, as regarding the page set into PAGE_NONE, the PFN will be inverted, when reference it by pmd_page, it needs to be inverted again controlling by protnone_mask(pfn).
https://github.com/linux-test-project/ltp/blob/master/testcases/kernel/mem/t...
This LTP test case thp03 will get the kernel OOPS like bellow, and it could be reproduced every time.
BUG: unable to handle kernel paging request at ffffeafffd330000 IP: [<ffffffff8117f109>] __split_huge_page_pmd+0xc9/0x270 PGD 0 Oops: 0000 [#1] PREEMPT SMP Modules linked in: iTCO_wdt iTCO_vendor_support x86_pkg_temp_thermal intel_powerclamp ioatdma coretemp crct10dif_pclmul crct10dif_common aesni_intel aes_x86_64 glue_helper lrw gf128mul ablk_helper cryptd sb_edac edac_core lpc_ich i2c_i801 dca CPU: 0 PID: 610 Comm: thp03 Not tainted 3.14.39ltsi-WR7.0.0.28_standard #1 Hardware name: Intel Corporation SandyBridge Platform/To be filled by O.E.M., BIOS CCFRCLC0.019.1308201516 08/20/2013 task: ffff8800b5a83040 ti: ffff880138b94000 task.ti: ffff880138b94000 RIP: 0010:[<ffffffff8117f109>] [<ffffffff8117f109>] __split_huge_page_pmd+0xc9/0x270 RSP: 0018:ffff880138b97d08 EFLAGS: 00010286 RAX: 0000000000000000 RBX: ffff8801b8bd7220 RCX: 0000000000000008 RDX: 000000fffd330000 RSI: 00007f30c8800000 RDI: 0000000000000001 RBP: ffff880138b97d48 R08: ffff880138b29980 R09: ffff880138bd7220 R10: 00000007f30c86c0 R11: ffffea0004e2f5f0 R12: 00007f30c8a00000 R13: ffffeafffd330000 R14: ffffea0000000000 R15: 00007f30c8800000 FS: 00007f30c8ec1700(0000) GS:ffff88013b600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffeafffd330000 CR3: 0000000236ca8000 CR4: 0000000000160770 Stack: ffff880138b29980 ffff880138bd7220 ffffea0004e2f5f0 00007f30c88c0000 ffff880138bd7220 00007f30c88c0000 ffff880138b289c0 0000000000000000 ffff880138b97d68 ffffffff8117fda6 ffff880237391f80 00007f30c88c0000 Call Trace: [<ffffffff8117fda6>] split_huge_page_pmd_mm+0x46/0x50 [<ffffffff8117fdda>] split_huge_page_address+0x2a/0x30 [<ffffffff8117fea9>] __vma_adjust_trans_huge+0xc9/0xf0 [<ffffffff81151d05>] vma_adjust+0x6a5/0x710 [<ffffffff81151f55>] __split_vma.isra.33+0x1e5/0x200 [<ffffffff81152d59>] split_vma+0x29/0x30 [<ffffffff81147e56>] SyS_madvise+0x6a6/0x720 [<ffffffff81a92105>] system_call_fastpath+0x26/0x2b
After applying these patches:
thp03 1 TPASS : system didn't crash, pass.
Tom Lendacky (1): x86/mm: Simplify p[g4um]d_page() macros
Toshi Kani (3): x86/asm: Add pud/pmd mask interfaces to handle large PAT bit x86/asm: Move PUD_PAGE macros to page_types.h x86/asm: Fix pud/pmd interfaces to handle large PAT bit
arch/x86/include/asm/page_64_types.h | 3 --- arch/x86/include/asm/page_types.h | 3 +++ arch/x86/include/asm/pgtable.h | 19 ++++++++++------- arch/x86/include/asm/pgtable_types.h | 40 ++++++++++++++++++++++++++++++++---- 4 files changed, 51 insertions(+), 14 deletions(-)