Introduce and use {pgd,p4d}_populate_kernel() in core MM code when populating PGD and P4D entries for the kernel address space. These helpers ensure proper synchronization of page tables when updating the kernel portion of top-level page tables.
Until now, the kernel has relied on each architecture to handle synchronization of top-level page tables in an ad-hoc manner. For example, see commit 9b861528a801 ("x86-64, mem: Update all PGDs for direct mapping and vmemmap mapping changes").
However, this approach has proven fragile for following reasons:
1) It is easy to forget to perform the necessary page table synchronization when introducing new changes. For instance, commit 4917f55b4ef9 ("mm/sparse-vmemmap: improve memory savings for compound devmaps") overlooked the need to synchronize page tables for the vmemmap area.
2) It is also easy to overlook that the vmemmap and direct mapping areas must not be accessed before explicit page table synchronization. For example, commit 8d400913c231 ("x86/vmemmap: handle unpopulated sub-pmd ranges")) caused crashes by accessing the vmemmap area before calling sync_global_pgds().
To address this, as suggested by Dave Hansen, introduce _kernel() variants of the page table population helpers, which invoke architecture-specific hooks to properly synchronize page tables. These are introduced in a new header file, include/linux/pgalloc.h, so they can be called from common code.
They reuse existing infrastructure for vmalloc and ioremap. Synchronization requirements are determined by ARCH_PAGE_TABLE_SYNC_MASK, and the actual synchronization is performed by arch_sync_kernel_mappings().
This change currently targets only x86_64, so only PGD and P4D level helpers are introduced. Currently, these helpers are no-ops since no architecture sets PGTBL_{PGD,P4D}_MODIFIED in ARCH_PAGE_TABLE_SYNC_MASK.
In theory, PUD and PMD level helpers can be added later if needed by other architectures. For now, 32-bit architectures (x86-32 and arm) only handle PGTBL_PMD_MODIFIED, so p*d_populate_kernel() will never affect them unless we introduce a PMD level helper.
Cc: stable@vger.kernel.org Fixes: 8d400913c231 ("x86/vmemmap: handle unpopulated sub-pmd ranges") Suggested-by: Dave Hansen dave.hansen@linux.intel.com Acked-by: Kiryl Shutsemau kas@kernel.org Reviewed-by: Mike Rapoport (Microsoft) rppt@kernel.org Reviewed-by: Lorenzo Stoakes lorenzo.stoakes@oracle.com Signed-off-by: Harry Yoo harry.yoo@oracle.com --- include/linux/pgalloc.h | 24 ++++++++++++++++++++++++ include/linux/pgtable.h | 13 +++++++------ mm/kasan/init.c | 12 ++++++------ mm/percpu.c | 6 +++--- mm/sparse-vmemmap.c | 6 +++--- 5 files changed, 43 insertions(+), 18 deletions(-) create mode 100644 include/linux/pgalloc.h
diff --git a/include/linux/pgalloc.h b/include/linux/pgalloc.h new file mode 100644 index 000000000000..290ab864320f --- /dev/null +++ b/include/linux/pgalloc.h @@ -0,0 +1,24 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +#ifndef _LINUX_PGALLOC_H +#define _LINUX_PGALLOC_H + +#include <linux/pgtable.h> +#include <asm/pgalloc.h> + +static inline void pgd_populate_kernel(unsigned long addr, pgd_t *pgd, + p4d_t *p4d) +{ + pgd_populate(&init_mm, pgd, p4d); + if (ARCH_PAGE_TABLE_SYNC_MASK & PGTBL_PGD_MODIFIED) + arch_sync_kernel_mappings(addr, addr); +} + +static inline void p4d_populate_kernel(unsigned long addr, p4d_t *p4d, + pud_t *pud) +{ + p4d_populate(&init_mm, p4d, pud); + if (ARCH_PAGE_TABLE_SYNC_MASK & PGTBL_P4D_MODIFIED) + arch_sync_kernel_mappings(addr, addr); +} + +#endif /* _LINUX_PGALLOC_H */ diff --git a/include/linux/pgtable.h b/include/linux/pgtable.h index ba699df6ef69..2b80fd456c8b 100644 --- a/include/linux/pgtable.h +++ b/include/linux/pgtable.h @@ -1469,8 +1469,8 @@ static inline void modify_prot_commit_ptes(struct vm_area_struct *vma, unsigned
/* * Architectures can set this mask to a combination of PGTBL_P?D_MODIFIED values - * and let generic vmalloc and ioremap code know when arch_sync_kernel_mappings() - * needs to be called. + * and let generic vmalloc, ioremap and page table update code know when + * arch_sync_kernel_mappings() needs to be called. */ #ifndef ARCH_PAGE_TABLE_SYNC_MASK #define ARCH_PAGE_TABLE_SYNC_MASK 0 @@ -1954,10 +1954,11 @@ static inline bool arch_has_pfn_modify_check(void) /* * Page Table Modification bits for pgtbl_mod_mask. * - * These are used by the p?d_alloc_track*() set of functions an in the generic - * vmalloc/ioremap code to track at which page-table levels entries have been - * modified. Based on that the code can better decide when vmalloc and ioremap - * mapping changes need to be synchronized to other page-tables in the system. + * These are used by the p?d_alloc_track*() and p*d_populate_kernel() + * functions in the generic vmalloc, ioremap and page table update code + * to track at which page-table levels entries have been modified. + * Based on that the code can better decide when page table changes need + * to be synchronized to other page-tables in the system. */ #define __PGTBL_PGD_MODIFIED 0 #define __PGTBL_P4D_MODIFIED 1 diff --git a/mm/kasan/init.c b/mm/kasan/init.c index ced6b29fcf76..8fce3370c84e 100644 --- a/mm/kasan/init.c +++ b/mm/kasan/init.c @@ -13,9 +13,9 @@ #include <linux/mm.h> #include <linux/pfn.h> #include <linux/slab.h> +#include <linux/pgalloc.h>
#include <asm/page.h> -#include <asm/pgalloc.h>
#include "kasan.h"
@@ -191,7 +191,7 @@ static int __ref zero_p4d_populate(pgd_t *pgd, unsigned long addr, pud_t *pud; pmd_t *pmd;
- p4d_populate(&init_mm, p4d, + p4d_populate_kernel(addr, p4d, lm_alias(kasan_early_shadow_pud)); pud = pud_offset(p4d, addr); pud_populate(&init_mm, pud, @@ -212,7 +212,7 @@ static int __ref zero_p4d_populate(pgd_t *pgd, unsigned long addr, } else { p = early_alloc(PAGE_SIZE, NUMA_NO_NODE); pud_init(p); - p4d_populate(&init_mm, p4d, p); + p4d_populate_kernel(addr, p4d, p); } } zero_pud_populate(p4d, addr, next); @@ -251,10 +251,10 @@ int __ref kasan_populate_early_shadow(const void *shadow_start, * puds,pmds, so pgd_populate(), pud_populate() * is noops. */ - pgd_populate(&init_mm, pgd, + pgd_populate_kernel(addr, pgd, lm_alias(kasan_early_shadow_p4d)); p4d = p4d_offset(pgd, addr); - p4d_populate(&init_mm, p4d, + p4d_populate_kernel(addr, p4d, lm_alias(kasan_early_shadow_pud)); pud = pud_offset(p4d, addr); pud_populate(&init_mm, pud, @@ -273,7 +273,7 @@ int __ref kasan_populate_early_shadow(const void *shadow_start, if (!p) return -ENOMEM; } else { - pgd_populate(&init_mm, pgd, + pgd_populate_kernel(addr, pgd, early_alloc(PAGE_SIZE, NUMA_NO_NODE)); } } diff --git a/mm/percpu.c b/mm/percpu.c index d9cbaee92b60..a56f35dcc417 100644 --- a/mm/percpu.c +++ b/mm/percpu.c @@ -3108,7 +3108,7 @@ int __init pcpu_embed_first_chunk(size_t reserved_size, size_t dyn_size, #endif /* BUILD_EMBED_FIRST_CHUNK */
#ifdef BUILD_PAGE_FIRST_CHUNK -#include <asm/pgalloc.h> +#include <linux/pgalloc.h>
#ifndef P4D_TABLE_SIZE #define P4D_TABLE_SIZE PAGE_SIZE @@ -3134,13 +3134,13 @@ void __init __weak pcpu_populate_pte(unsigned long addr)
if (pgd_none(*pgd)) { p4d = memblock_alloc_or_panic(P4D_TABLE_SIZE, P4D_TABLE_SIZE); - pgd_populate(&init_mm, pgd, p4d); + pgd_populate_kernel(addr, pgd, p4d); }
p4d = p4d_offset(pgd, addr); if (p4d_none(*p4d)) { pud = memblock_alloc_or_panic(PUD_TABLE_SIZE, PUD_TABLE_SIZE); - p4d_populate(&init_mm, p4d, pud); + p4d_populate_kernel(addr, p4d, pud); }
pud = pud_offset(p4d, addr); diff --git a/mm/sparse-vmemmap.c b/mm/sparse-vmemmap.c index 41aa0493eb03..dbd8daccade2 100644 --- a/mm/sparse-vmemmap.c +++ b/mm/sparse-vmemmap.c @@ -27,9 +27,9 @@ #include <linux/spinlock.h> #include <linux/vmalloc.h> #include <linux/sched.h> +#include <linux/pgalloc.h>
#include <asm/dma.h> -#include <asm/pgalloc.h> #include <asm/tlbflush.h>
#include "hugetlb_vmemmap.h" @@ -229,7 +229,7 @@ p4d_t * __meminit vmemmap_p4d_populate(pgd_t *pgd, unsigned long addr, int node) if (!p) return NULL; pud_init(p); - p4d_populate(&init_mm, p4d, p); + p4d_populate_kernel(addr, p4d, p); } return p4d; } @@ -241,7 +241,7 @@ pgd_t * __meminit vmemmap_pgd_populate(unsigned long addr, int node) void *p = vmemmap_alloc_block_zero(PAGE_SIZE, node); if (!p) return NULL; - pgd_populate(&init_mm, pgd, p); + pgd_populate_kernel(addr, pgd, p); } return pgd; }
On 18.08.25 04:02, Harry Yoo wrote:
Introduce and use {pgd,p4d}_populate_kernel() in core MM code when populating PGD and P4D entries for the kernel address space. These helpers ensure proper synchronization of page tables when updating the kernel portion of top-level page tables.
Until now, the kernel has relied on each architecture to handle synchronization of top-level page tables in an ad-hoc manner. For example, see commit 9b861528a801 ("x86-64, mem: Update all PGDs for direct mapping and vmemmap mapping changes").
However, this approach has proven fragile for following reasons:
It is easy to forget to perform the necessary page table synchronization when introducing new changes. For instance, commit 4917f55b4ef9 ("mm/sparse-vmemmap: improve memory savings for compound devmaps") overlooked the need to synchronize page tables for the vmemmap area.
It is also easy to overlook that the vmemmap and direct mapping areas must not be accessed before explicit page table synchronization. For example, commit 8d400913c231 ("x86/vmemmap: handle unpopulated sub-pmd ranges")) caused crashes by accessing the vmemmap area before calling sync_global_pgds().
To address this, as suggested by Dave Hansen, introduce _kernel() variants of the page table population helpers, which invoke architecture-specific hooks to properly synchronize page tables. These are introduced in a new header file, include/linux/pgalloc.h, so they can be called from common code.
They reuse existing infrastructure for vmalloc and ioremap. Synchronization requirements are determined by ARCH_PAGE_TABLE_SYNC_MASK, and the actual synchronization is performed by arch_sync_kernel_mappings().
This change currently targets only x86_64, so only PGD and P4D level helpers are introduced. Currently, these helpers are no-ops since no architecture sets PGTBL_{PGD,P4D}_MODIFIED in ARCH_PAGE_TABLE_SYNC_MASK.
In theory, PUD and PMD level helpers can be added later if needed by other architectures. For now, 32-bit architectures (x86-32 and arm) only handle PGTBL_PMD_MODIFIED, so p*d_populate_kernel() will never affect them unless we introduce a PMD level helper.
Cc: stable@vger.kernel.org Fixes: 8d400913c231 ("x86/vmemmap: handle unpopulated sub-pmd ranges") Suggested-by: Dave Hansen dave.hansen@linux.intel.com Acked-by: Kiryl Shutsemau kas@kernel.org Reviewed-by: Mike Rapoport (Microsoft) rppt@kernel.org Reviewed-by: Lorenzo Stoakes lorenzo.stoakes@oracle.com Signed-off-by: Harry Yoo harry.yoo@oracle.com
Acked-by: David Hildenbrand david@redhat.com
KASAN unconditionally references kasan_early_shadow_{p4d,pud}. However, these global variables may not exist depending on the number of page table levels. For example, if CONFIG_PGTABLE_LEVELS=3, both variables do not exist. Although KASAN may refernce non-existent variables, it didn't break builds because calls to {pgd,p4d}_populate() are optimized away at compile time.
However, {pgd,p4d}_populate_kernel() is defined as a function regardless of the number of page table levels, so the compiler may not optimize them away. In this case, the following linker error occurs:
ld.lld: error: undefined symbol: kasan_early_shadow_p4d
referenced by init.c:260 (/home/hyeyoo/mm-new/mm/kasan/init.c:260) mm/kasan/init.o:(kasan_populate_early_shadow) in archive vmlinux.a referenced by init.c:260 (/home/hyeyoo/mm-new/mm/kasan/init.c:260) mm/kasan/init.o:(kasan_populate_early_shadow) in archive vmlinux.a did you mean: kasan_early_shadow_pmd defined in: vmlinux.a(mm/kasan/init.o)
ld.lld: error: undefined symbol: kasan_early_shadow_pud
referenced by init.c:263 (/home/hyeyoo/mm-new/mm/kasan/init.c:263) mm/kasan/init.o:(kasan_populate_early_shadow) in archive vmlinux.a referenced by init.c:263 (/home/hyeyoo/mm-new/mm/kasan/init.c:263) mm/kasan/init.o:(kasan_populate_early_shadow) in archive vmlinux.a referenced by init.c:200 (/home/hyeyoo/mm-new/mm/kasan/init.c:200) mm/kasan/init.o:(zero_p4d_populate) in archive vmlinux.a referenced 1 more times
Therefore, to allow calls to {pgd,p4d}_populate_kernel() to be optimized out at compile time, define {pgd,p4d}_populate_kernel() as macros. This way, when pgd_populate() or p4d_populate() are simply empty macros, the corresponding *_populate_kernel() functions can also be optimized away.
Signed-off-by: Harry Yoo harry.yoo@oracle.com ---
While the description is quite verbose, it is intended to be fold-merged into patch [1] of the page table sync series V5.
[1] https://lore.kernel.org/linux-mm/20250818020206.4517-3-harry.yoo@oracle.com/
include/linux/pgalloc.h | 26 ++++++++++++-------------- 1 file changed, 12 insertions(+), 14 deletions(-)
diff --git a/include/linux/pgalloc.h b/include/linux/pgalloc.h index 290ab864320f..8812f842978f 100644 --- a/include/linux/pgalloc.h +++ b/include/linux/pgalloc.h @@ -5,20 +5,18 @@ #include <linux/pgtable.h> #include <asm/pgalloc.h>
-static inline void pgd_populate_kernel(unsigned long addr, pgd_t *pgd, - p4d_t *p4d) -{ - pgd_populate(&init_mm, pgd, p4d); - if (ARCH_PAGE_TABLE_SYNC_MASK & PGTBL_PGD_MODIFIED) - arch_sync_kernel_mappings(addr, addr); -} +#define pgd_populate_kernel(addr, pgd, p4d) \ + do { \ + pgd_populate(&init_mm, pgd, p4d); \ + if (ARCH_PAGE_TABLE_SYNC_MASK & PGTBL_PGD_MODIFIED) \ + arch_sync_kernel_mappings(addr, addr); \ + } while (0)
-static inline void p4d_populate_kernel(unsigned long addr, p4d_t *p4d, - pud_t *pud) -{ - p4d_populate(&init_mm, p4d, pud); - if (ARCH_PAGE_TABLE_SYNC_MASK & PGTBL_P4D_MODIFIED) - arch_sync_kernel_mappings(addr, addr); -} +#define p4d_populate_kernel(addr, p4d, pud) \ + do { \ + p4d_populate(&init_mm, p4d, pud); \ + if (ARCH_PAGE_TABLE_SYNC_MASK & PGTBL_P4D_MODIFIED) \ + arch_sync_kernel_mappings(addr, addr); \ + } while (0)
#endif /* _LINUX_PGALLOC_H */
Hi,
Thanks for your patch.
FYI: kernel test robot notices the stable kernel rule is not satisfied.
The check is based on https://www.kernel.org/doc/html/latest/process/stable-kernel-rules.html#opti...
Rule: add the tag "Cc: stable@vger.kernel.org" in the sign-off area to have the patch automatically included in the stable tree. Subject: [PATCH] mm: fix KASAN build error due to p*d_populate_kernel() Link: https://lore.kernel.org/stable/20250821093542.37844-1-harry.yoo%40oracle.com
On Thu, Aug 21, 2025 at 06:35:42PM +0900, Harry Yoo wrote:
KASAN unconditionally references kasan_early_shadow_{p4d,pud}. However, these global variables may not exist depending on the number of page table levels. For example, if CONFIG_PGTABLE_LEVELS=3, both variables do not exist. Although KASAN may refernce non-existent variables, it didn't break builds because calls to {pgd,p4d}_populate() are optimized away at compile time.
However, {pgd,p4d}_populate_kernel() is defined as a function regardless of the number of page table levels, so the compiler may not optimize them away. In this case, the following linker error occurs:
ld.lld: error: undefined symbol: kasan_early_shadow_p4d
referenced by init.c:260 (/home/hyeyoo/mm-new/mm/kasan/init.c:260) mm/kasan/init.o:(kasan_populate_early_shadow) in archive vmlinux.a referenced by init.c:260 (/home/hyeyoo/mm-new/mm/kasan/init.c:260) mm/kasan/init.o:(kasan_populate_early_shadow) in archive vmlinux.a did you mean: kasan_early_shadow_pmd defined in: vmlinux.a(mm/kasan/init.o)
ld.lld: error: undefined symbol: kasan_early_shadow_pud
referenced by init.c:263 (/home/hyeyoo/mm-new/mm/kasan/init.c:263) mm/kasan/init.o:(kasan_populate_early_shadow) in archive vmlinux.a referenced by init.c:263 (/home/hyeyoo/mm-new/mm/kasan/init.c:263) mm/kasan/init.o:(kasan_populate_early_shadow) in archive vmlinux.a referenced by init.c:200 (/home/hyeyoo/mm-new/mm/kasan/init.c:200) mm/kasan/init.o:(zero_p4d_populate) in archive vmlinux.a referenced 1 more times
Therefore, to allow calls to {pgd,p4d}_populate_kernel() to be optimized out at compile time, define {pgd,p4d}_populate_kernel() as macros. This way, when pgd_populate() or p4d_populate() are simply empty macros, the corresponding *_populate_kernel() functions can also be optimized away.
Signed-off-by: Harry Yoo harry.yoo@oracle.com
This looks good, other than the nit below re: a comment, I think when we are doing this kind of thing it's necessary to spell out plainly why exactly we're doing it because it's not obvious at first glance.
Anyway have checked locally and all good and LGTM code-wise so aside from above:
Reviewed-by: Lorenzo Stoakes lorenzo.stoakes@oracle.com
While the description is quite verbose, it is intended to be fold-merged into patch [1] of the page table sync series V5.
[1] https://lore.kernel.org/linux-mm/20250818020206.4517-3-harry.yoo@oracle.com/
include/linux/pgalloc.h | 26 ++++++++++++-------------- 1 file changed, 12 insertions(+), 14 deletions(-)
diff --git a/include/linux/pgalloc.h b/include/linux/pgalloc.h index 290ab864320f..8812f842978f 100644 --- a/include/linux/pgalloc.h +++ b/include/linux/pgalloc.h @@ -5,20 +5,18 @@ #include <linux/pgtable.h> #include <asm/pgalloc.h>
-static inline void pgd_populate_kernel(unsigned long addr, pgd_t *pgd,
p4d_t *p4d)-{
- pgd_populate(&init_mm, pgd, p4d);
- if (ARCH_PAGE_TABLE_SYNC_MASK & PGTBL_PGD_MODIFIED)
arch_sync_kernel_mappings(addr, addr);-} +#define pgd_populate_kernel(addr, pgd, p4d) \
- do { \
pgd_populate(&init_mm, pgd, p4d); \if (ARCH_PAGE_TABLE_SYNC_MASK & PGTBL_PGD_MODIFIED) \arch_sync_kernel_mappings(addr, addr); \- } while (0)
-static inline void p4d_populate_kernel(unsigned long addr, p4d_t *p4d,
pud_t *pud)-{
- p4d_populate(&init_mm, p4d, pud);
- if (ARCH_PAGE_TABLE_SYNC_MASK & PGTBL_P4D_MODIFIED)
arch_sync_kernel_mappings(addr, addr);-} +#define p4d_populate_kernel(addr, p4d, pud) \
- do { \
p4d_populate(&init_mm, p4d, pud); \if (ARCH_PAGE_TABLE_SYNC_MASK & PGTBL_P4D_MODIFIED) \arch_sync_kernel_mappings(addr, addr); \- } while (0)
Can we have a quick comment above these explaining why they have to be macros? Thanks!
#endif /* _LINUX_PGALLOC_H */
2.43.0
On Thu, Aug 21, 2025 at 11:10:39AM +0100, Lorenzo Stoakes wrote:
On Thu, Aug 21, 2025 at 06:35:42PM +0900, Harry Yoo wrote:
KASAN unconditionally references kasan_early_shadow_{p4d,pud}. However, these global variables may not exist depending on the number of page table levels. For example, if CONFIG_PGTABLE_LEVELS=3, both variables do not exist. Although KASAN may refernce non-existent variables, it didn't break builds because calls to {pgd,p4d}_populate() are optimized away at compile time.
However, {pgd,p4d}_populate_kernel() is defined as a function regardless of the number of page table levels, so the compiler may not optimize them away. In this case, the following linker error occurs:
ld.lld: error: undefined symbol: kasan_early_shadow_p4d
referenced by init.c:260 (/home/hyeyoo/mm-new/mm/kasan/init.c:260) mm/kasan/init.o:(kasan_populate_early_shadow) in archive vmlinux.a referenced by init.c:260 (/home/hyeyoo/mm-new/mm/kasan/init.c:260) mm/kasan/init.o:(kasan_populate_early_shadow) in archive vmlinux.a did you mean: kasan_early_shadow_pmd defined in: vmlinux.a(mm/kasan/init.o)
ld.lld: error: undefined symbol: kasan_early_shadow_pud
referenced by init.c:263 (/home/hyeyoo/mm-new/mm/kasan/init.c:263) mm/kasan/init.o:(kasan_populate_early_shadow) in archive vmlinux.a referenced by init.c:263 (/home/hyeyoo/mm-new/mm/kasan/init.c:263) mm/kasan/init.o:(kasan_populate_early_shadow) in archive vmlinux.a referenced by init.c:200 (/home/hyeyoo/mm-new/mm/kasan/init.c:200) mm/kasan/init.o:(zero_p4d_populate) in archive vmlinux.a referenced 1 more times
Therefore, to allow calls to {pgd,p4d}_populate_kernel() to be optimized out at compile time, define {pgd,p4d}_populate_kernel() as macros. This way, when pgd_populate() or p4d_populate() are simply empty macros, the corresponding *_populate_kernel() functions can also be optimized away.
Signed-off-by: Harry Yoo harry.yoo@oracle.com
This looks good, other than the nit below re: a comment, I think when we are doing this kind of thing it's necessary to spell out plainly why exactly we're doing it because it's not obvious at first glance.
Good point, will do:
/* * {pgd,p4d}_populate_kernel() are defined as macros to allow * compile-time optimization based on the configured page table levels. * Without this, linking may fail because callers (e.g., KASAN) may rely * on calls to these functions being optimized away when passing symbols * that exist only for certain page table levels. */
Anyway have checked locally and all good and LGTM code-wise so aside from above:
Reviewed-by: Lorenzo Stoakes lorenzo.stoakes@oracle.com
Thanks!
On Thu, Aug 21, 2025 at 07:42:06PM +0900, Harry Yoo wrote:
Signed-off-by: Harry Yoo harry.yoo@oracle.com
This looks good, other than the nit below re: a comment, I think when we are doing this kind of thing it's necessary to spell out plainly why exactly we're doing it because it's not obvious at first glance.
Good point, will do:
/*
- {pgd,p4d}_populate_kernel() are defined as macros to allow
- compile-time optimization based on the configured page table levels.
- Without this, linking may fail because callers (e.g., KASAN) may rely
- on calls to these functions being optimized away when passing symbols
- that exist only for certain page table levels.
*/
Thanks LGTM!
KASAN unconditionally references kasan_early_shadow_{p4d,pud}. However, these global variables may not exist depending on the number of page table levels. For example, if CONFIG_PGTABLE_LEVELS=3, both variables do not exist. Although KASAN may refernce non-existent variables, it didn't break builds because calls to {pgd,p4d}_populate() are optimized away at compile time.
However, {pgd,p4d}_populate_kernel() is defined as a function regardless of the number of page table levels, so the compiler may not optimize them away. In this case, the following linker error occurs:
ld.lld: error: undefined symbol: kasan_early_shadow_p4d
referenced by init.c:260 (/home/hyeyoo/mm-new/mm/kasan/init.c:260) mm/kasan/init.o:(kasan_populate_early_shadow) in archive vmlinux.a referenced by init.c:260 (/home/hyeyoo/mm-new/mm/kasan/init.c:260) mm/kasan/init.o:(kasan_populate_early_shadow) in archive vmlinux.a did you mean: kasan_early_shadow_pmd defined in: vmlinux.a(mm/kasan/init.o)
ld.lld: error: undefined symbol: kasan_early_shadow_pud
referenced by init.c:263 (/home/hyeyoo/mm-new/mm/kasan/init.c:263) mm/kasan/init.o:(kasan_populate_early_shadow) in archive vmlinux.a referenced by init.c:263 (/home/hyeyoo/mm-new/mm/kasan/init.c:263) mm/kasan/init.o:(kasan_populate_early_shadow) in archive vmlinux.a referenced by init.c:200 (/home/hyeyoo/mm-new/mm/kasan/init.c:200) mm/kasan/init.o:(zero_p4d_populate) in archive vmlinux.a referenced 1 more times
Therefore, to allow calls to {pgd,p4d}_populate_kernel() to be optimized out at compile time, define {pgd,p4d}_populate_kernel() as macros. This way, when pgd_populate() or p4d_populate() are simply empty macros, the corresponding *_populate_kernel() functions can also be optimized away.
Reviewed-by: Lorenzo Stoakes lorenzo.stoakes@oracle.com Signed-off-by: Harry Yoo harry.yoo@oracle.com ---
v1 -> v2: added comment per Lorenzo's comment.
include/linux/pgalloc.h | 33 +++++++++++++++++++-------------- 1 file changed, 19 insertions(+), 14 deletions(-)
diff --git a/include/linux/pgalloc.h b/include/linux/pgalloc.h index 290ab864320f..9174fa59bbc5 100644 --- a/include/linux/pgalloc.h +++ b/include/linux/pgalloc.h @@ -5,20 +5,25 @@ #include <linux/pgtable.h> #include <asm/pgalloc.h>
-static inline void pgd_populate_kernel(unsigned long addr, pgd_t *pgd, - p4d_t *p4d) -{ - pgd_populate(&init_mm, pgd, p4d); - if (ARCH_PAGE_TABLE_SYNC_MASK & PGTBL_PGD_MODIFIED) - arch_sync_kernel_mappings(addr, addr); -} +/* + * {pgd,p4d}_populate_kernel() are defined as macros to allow + * compile-time optimization based on the configured page table levels. + * Without this, linking may fail because callers (e.g., KASAN) may rely + * on calls to these functions being optimized away when passing symbols + * that exist only for certain page table levels. + */ +#define pgd_populate_kernel(addr, pgd, p4d) \ + do { \ + pgd_populate(&init_mm, pgd, p4d); \ + if (ARCH_PAGE_TABLE_SYNC_MASK & PGTBL_PGD_MODIFIED) \ + arch_sync_kernel_mappings(addr, addr); \ + } while (0)
-static inline void p4d_populate_kernel(unsigned long addr, p4d_t *p4d, - pud_t *pud) -{ - p4d_populate(&init_mm, p4d, pud); - if (ARCH_PAGE_TABLE_SYNC_MASK & PGTBL_P4D_MODIFIED) - arch_sync_kernel_mappings(addr, addr); -} +#define p4d_populate_kernel(addr, p4d, pud) \ + do { \ + p4d_populate(&init_mm, p4d, pud); \ + if (ARCH_PAGE_TABLE_SYNC_MASK & PGTBL_P4D_MODIFIED) \ + arch_sync_kernel_mappings(addr, addr); \ + } while (0)
#endif /* _LINUX_PGALLOC_H */
Hi,
Thanks for your patch.
FYI: kernel test robot notices the stable kernel rule is not satisfied.
The check is based on https://www.kernel.org/doc/html/latest/process/stable-kernel-rules.html#opti...
Rule: add the tag "Cc: stable@vger.kernel.org" in the sign-off area to have the patch automatically included in the stable tree. Subject: [PATCH v2] mm: fix KASAN build error due to p*d_populate_kernel() Link: https://lore.kernel.org/stable/20250821115731.137284-1-harry.yoo%40oracle.co...
On 8/21/25 04:57, Harry Yoo wrote:
However, {pgd,p4d}_populate_kernel() is defined as a function regardless of the number of page table levels, so the compiler may not optimize them away. In this case, the following linker error occurs:
This part of the changelog confused me. I think it's focusing on the wrong thing.
The code that's triggering this is literally:
pgd_populate(&init_mm, pgd, lm_alias(kasan_early_shadow_p4d));
It sure _looks_ like it's unconditionally referencing the 'kasan_early_shadow_p4d' symbol. I think it's wrong to hide that with macro magic and just assume that the macros won't reference it.
If a symbol isn't being defined, it shouldn't be referenced in C code.:q
The right way to do it is to have an #ifdef in a header that avoids compiling in the reference to the symbol.
But just changing the 'static inline' to a #define seems like a fragile hack to me.
On Thu, Aug 21, 2025 at 10:36:12AM -0700, Dave Hansen wrote:
On 8/21/25 04:57, Harry Yoo wrote:
However, {pgd,p4d}_populate_kernel() is defined as a function regardless of the number of page table levels, so the compiler may not optimize them away. In this case, the following linker error occurs:
Hi, thanks for taking a look, Dave!
First of all, this is a fix-up patch of a mm-hotfixes patch series that fixes a bug (I should have explained that in the changelog) [1].
[1] https://lore.kernel.org/linux-mm/20250818020206.4517-1-harry.yoo@oracle.com
I think we can continue discussing it and perhaps do that as part of a follow-up series, because the current patch series need to be backported to -stable and your suggestion to improve existing code doesn't require -stable backports.
Does that sound fine?
This part of the changelog confused me. I think it's focusing on the wrong thing.
The code that's triggering this is literally:
pgd_populate(&init_mm, pgd, lm_alias(kasan_early_shadow_p4d));It sure _looks_ like it's unconditionally referencing the 'kasan_early_shadow_p4d' symbol. I think it's wrong to hide that with macro magic and just assume that the macros won't reference it.
If a symbol isn't being defined, it shouldn't be referenced in C code.:q
A fair point, and that's what KASAN code has been doing for years.
The right way to do it is to have an #ifdef in a header that avoids compiling in the reference to the symbol.
You mean defining some wrapper functions for p*d_populate_kernel() in KASAN with different implementations based on ifdeffery?
Just to clarify, what should be the exact ifdeffery to cover these cases? #if CONFIG_PGTABLE_LEVELS == 4 and 5, or #ifdef __PAGETABLE_P4D_FOLDED and __PAGETABLE_PUD_FOLDED ?
I have no strong opinion on this, let's hear what KASAN folks think.
But just changing the 'static inline' to a #define seems like a fragile hack to me.
At least that's what KASAN has relied on p*d_populate() to do...
On 8/22/25 3:11 AM, Harry Yoo wrote:
On Thu, Aug 21, 2025 at 10:36:12AM -0700, Dave Hansen wrote:
On 8/21/25 04:57, Harry Yoo wrote:
However, {pgd,p4d}_populate_kernel() is defined as a function regardless of the number of page table levels, so the compiler may not optimize them away. In this case, the following linker error occurs:
Hi, thanks for taking a look, Dave!
First of all, this is a fix-up patch of a mm-hotfixes patch series that fixes a bug (I should have explained that in the changelog) [1].
[1] https://lore.kernel.org/linux-mm/20250818020206.4517-1-harry.yoo@oracle.com
I think we can continue discussing it and perhaps do that as part of a follow-up series, because the current patch series need to be backported to -stable and your suggestion to improve existing code doesn't require -stable backports.
Does that sound fine?
This part of the changelog confused me. I think it's focusing on the wrong thing.
The code that's triggering this is literally:
pgd_populate(&init_mm, pgd, lm_alias(kasan_early_shadow_p4d));It sure _looks_ like it's unconditionally referencing the 'kasan_early_shadow_p4d' symbol. I think it's wrong to hide that with macro magic and just assume that the macros won't reference it.
If a symbol isn't being defined, it shouldn't be referenced in C code.:q
That's not exactly the case for the kernel. It historically relied on being compiled with optimization and compiler being able to eliminate unused references. AFAIR BUILD_BUG_ON() works like that, there are also plenty of code like
if (IS_ENABLED(CONFIG_SOMETHING)) ptr = &something; else ptr = &something_else;
e.g. irq_remaping_prepare();
A fair point, and that's what KASAN code has been doing for years.
The right way to do it is to have an #ifdef in a header that avoids compiling in the reference to the symbol.
You mean defining some wrapper functions for p*d_populate_kernel() in KASAN with different implementations based on ifdeffery?
Just to clarify, what should be the exact ifdeffery to cover these cases? #if CONFIG_PGTABLE_LEVELS == 4 and 5, or #ifdef __PAGETABLE_P4D_FOLDED and __PAGETABLE_PUD_FOLDED ?
I think ifdef should be the same as for symbol, so '#if CONFIG_PGTABLE_LEVELS > 4' for *_p4d and '#if CONFIG_PGTABLE_LEVELS > 3' for *_pud
I have no strong opinion on this, let's hear what KASAN folks think.
So, I think we have following options:
1. Macros as you did. 2. Hide references in function under '#if CONFIG_PGTABLE_LEVELS > x', like Dave suggested. 3. It should be enough to just add if in code like if (CONFIG_PGTABLE_LEVELS > 4) pgd_populate_kernel(addr, pgd, lm_alias(kasan_early_shadow_p4d)); Compiler should be able to optimize it away.
4. I guess that the link error is due to enabled CONFIG_DEBUG_VIRTUAL=y lm_alias() ends up with __phys_addr_symbol() function call which compiler can't optimize away. Technically we can declare __phys_addr_symbol() with __attribute__((pure)), so compiler will be able to optimize away this call, because the result should be unused. But I'm not sure we really want that, because it's debug function and even if the result is unused we might want to still have a check if symbol address is correct.
I would probably prefer 3rd option, but I don't really have very strong opinion, so either way is fine.
On Fri, Aug 22, 2025 at 06:02:40PM +0200, Andrey Ryabinin wrote:
On 8/22/25 3:11 AM, Harry Yoo wrote:
On Thu, Aug 21, 2025 at 10:36:12AM -0700, Dave Hansen wrote:
On 8/21/25 04:57, Harry Yoo wrote:
However, {pgd,p4d}_populate_kernel() is defined as a function regardless of the number of page table levels, so the compiler may not optimize them away. In this case, the following linker error occurs:
Hi, thanks for taking a look, Dave!
First of all, this is a fix-up patch of a mm-hotfixes patch series that fixes a bug (I should have explained that in the changelog) [1].
[1] https://lore.kernel.org/linux-mm/20250818020206.4517-1-harry.yoo@oracle.com
I think we can continue discussing it and perhaps do that as part of a follow-up series, because the current patch series need to be backported to -stable and your suggestion to improve existing code doesn't require -stable backports.
Does that sound fine?
This part of the changelog confused me. I think it's focusing on the wrong thing.
The code that's triggering this is literally:
pgd_populate(&init_mm, pgd, lm_alias(kasan_early_shadow_p4d));It sure _looks_ like it's unconditionally referencing the 'kasan_early_shadow_p4d' symbol. I think it's wrong to hide that with macro magic and just assume that the macros won't reference it.
If a symbol isn't being defined, it shouldn't be referenced in C code.:q
That's not exactly the case for the kernel. It historically relied on being compiled with optimization and compiler being able to eliminate unused references. AFAIR BUILD_BUG_ON() works like that, there are also plenty of code like
if (IS_ENABLED(CONFIG_SOMETHING)) ptr = &something; else ptr = &something_else;
e.g. irq_remaping_prepare();
Agreed. I've seen this pattern in many places.
A fair point, and that's what KASAN code has been doing for years.
The right way to do it is to have an #ifdef in a header that avoids compiling in the reference to the symbol.
You mean defining some wrapper functions for p*d_populate_kernel() in KASAN with different implementations based on ifdeffery?
Just to clarify, what should be the exact ifdeffery to cover these cases? #if CONFIG_PGTABLE_LEVELS == 4 and 5, or #ifdef __PAGETABLE_P4D_FOLDED and __PAGETABLE_PUD_FOLDED ?
I think ifdef should be the same as for symbol, so '#if CONFIG_PGTABLE_LEVELS > 4' for *_p4d and '#if CONFIG_PGTABLE_LEVELS > 3' for *_pud
Right.
I have no strong opinion on this, let's hear what KASAN folks think.
So, I think we have following options:
- Macros as you did.
- Hide references in function under '#if CONFIG_PGTABLE_LEVELS > x', like Dave suggested.
- It should be enough to just add if in code like if (CONFIG_PGTABLE_LEVELS > 4) pgd_populate_kernel(addr, pgd, lm_alias(kasan_early_shadow_p4d));
Compiler should be able to optimize it away.
- I guess that the link error is due to enabled CONFIG_DEBUG_VIRTUAL=y
lm_alias() ends up with __phys_addr_symbol() function call which compiler can't optimize away. Technically we can declare __phys_addr_symbol() with __attribute__((pure)), so compiler will be able to optimize away this call, because the result should be unused. But I'm not sure we really want that, because it's debug function and even if the result is unused we might want to still have a check if symbol address is correct.
I would probably prefer 3rd option, but I don't really have very strong opinion, so either way is fine.
I also prefer 3rd option (but 1st or 2nd is also fine to me)
That's two votes, I'll do 2nd option in the follow-up series unless Dave or somebody else objects?
On 8/21/25 18:11, Harry Yoo wrote:
On Thu, Aug 21, 2025 at 10:36:12AM -0700, Dave Hansen wrote:
On 8/21/25 04:57, Harry Yoo wrote:
However, {pgd,p4d}_populate_kernel() is defined as a function regardless of the number of page table levels, so the compiler may not optimize them away. In this case, the following linker error occurs:
Hi, thanks for taking a look, Dave!
First of all, this is a fix-up patch of a mm-hotfixes patch series that fixes a bug (I should have explained that in the changelog) [1].
[1] https://lore.kernel.org/linux-mm/20250818020206.4517-1-harry.yoo@oracle.com
I think we can continue discussing it and perhaps do that as part of a follow-up series, because the current patch series need to be backported to -stable and your suggestion to improve existing code doesn't require -stable backports.
Does that sound fine?
This part of the changelog confused me. I think it's focusing on the wrong thing.
The code that's triggering this is literally:
pgd_populate(&init_mm, pgd, lm_alias(kasan_early_shadow_p4d));It sure _looks_ like it's unconditionally referencing the 'kasan_early_shadow_p4d' symbol. I think it's wrong to hide that with macro magic and just assume that the macros won't reference it.
If a symbol isn't being defined, it shouldn't be referenced in C code.:q
A fair point, and that's what KASAN code has been doing for years.
The right way to do it is to have an #ifdef in a header that avoids compiling in the reference to the symbol.
You mean defining some wrapper functions for p*d_populate_kernel() in KASAN with different implementations based on ifdeffery?
That would work.
So would something like:
#if CONFIG_PGTABLE_LEVELS >= 4 extern p4d_t kasan_early_shadow_p4d[MAX_PTRS_PER_P4D]; #else #define kasan_early_shadow_p4d NULL #endif
Just to clarify, what should be the exact ifdeffery to cover these cases? #if CONFIG_PGTABLE_LEVELS == 4 and 5, or #ifdef __PAGETABLE_P4D_FOLDED and __PAGETABLE_PUD_FOLDED ?
I have no strong opinion on this, let's hear what KASAN folks think.
I think CONFIG_PGTABLE_LEVELS works, but in the end I'm not picky about the specific #ifdefs that work.
On 8/22/25 7:08 PM, Dave Hansen wrote:
On 8/21/25 18:11, Harry Yoo wrote:
On Thu, Aug 21, 2025 at 10:36:12AM -0700, Dave Hansen wrote:
On 8/21/25 04:57, Harry Yoo wrote:
However, {pgd,p4d}_populate_kernel() is defined as a function regardless of the number of page table levels, so the compiler may not optimize them away. In this case, the following linker error occurs:
Hi, thanks for taking a look, Dave!
First of all, this is a fix-up patch of a mm-hotfixes patch series that fixes a bug (I should have explained that in the changelog) [1].
[1] https://lore.kernel.org/linux-mm/20250818020206.4517-1-harry.yoo@oracle.com
I think we can continue discussing it and perhaps do that as part of a follow-up series, because the current patch series need to be backported to -stable and your suggestion to improve existing code doesn't require -stable backports.
Does that sound fine?
This part of the changelog confused me. I think it's focusing on the wrong thing.
The code that's triggering this is literally:
pgd_populate(&init_mm, pgd, lm_alias(kasan_early_shadow_p4d));It sure _looks_ like it's unconditionally referencing the 'kasan_early_shadow_p4d' symbol. I think it's wrong to hide that with macro magic and just assume that the macros won't reference it.
If a symbol isn't being defined, it shouldn't be referenced in C code.:q
A fair point, and that's what KASAN code has been doing for years.
The right way to do it is to have an #ifdef in a header that avoids compiling in the reference to the symbol.
You mean defining some wrapper functions for p*d_populate_kernel() in KASAN with different implementations based on ifdeffery?
That would work.
So would something like:
#if CONFIG_PGTABLE_LEVELS >= 4 extern p4d_t kasan_early_shadow_p4d[MAX_PTRS_PER_P4D]; #else #define kasan_early_shadow_p4d NULL #endif
This won't work. It will fix the linker error, but will introduce runtime bug instead:
lm_alias(kasan_early_shadow_p4d) -> __va(__phys_addr_symbol(NULL))
On arm64:
phys_addr_t __phys_addr_symbol(unsigned long x) VIRTUAL_BUG_ON(x < (unsigned long) KERNEL_START || x > (unsigned long) KERNEL_END);
And NULL is < KERNEL_START.
Since __phys_addr_symbol() isn't pure or const, compiler has no right to eliminate such call even though the return value is unused.
Address a linker error introduced by a patch currently in mm-hotfixes: "mm: introduce and use {pgd,p4d}_populate_kernel" [1].
KASAN unconditionally references kasan_early_shadow_{p4d,pud}. However, these global variables may not exist depending on the number of page table levels. For example, if CONFIG_PGTABLE_LEVELS=3, both variables do not exist. Although KASAN may refernce non-existent variables, it didn't break builds because calls to {pgd,p4d}_populate() are optimized away at compile time.
However, {pgd,p4d}_populate_kernel() is defined as a function regardless of the number of page table levels, so the compiler may not optimize them away. In this case, the following linker error occurs:
ld.lld: error: undefined symbol: kasan_early_shadow_p4d
referenced by init.c:260 (/home/hyeyoo/mm-new/mm/kasan/init.c:260) mm/kasan/init.o:(kasan_populate_early_shadow) in archive vmlinux.a referenced by init.c:260 (/home/hyeyoo/mm-new/mm/kasan/init.c:260) mm/kasan/init.o:(kasan_populate_early_shadow) in archive vmlinux.a did you mean: kasan_early_shadow_pmd defined in: vmlinux.a(mm/kasan/init.o)
ld.lld: error: undefined symbol: kasan_early_shadow_pud
referenced by init.c:263 (/home/hyeyoo/mm-new/mm/kasan/init.c:263) mm/kasan/init.o:(kasan_populate_early_shadow) in archive vmlinux.a referenced by init.c:263 (/home/hyeyoo/mm-new/mm/kasan/init.c:263) mm/kasan/init.o:(kasan_populate_early_shadow) in archive vmlinux.a referenced by init.c:200 (/home/hyeyoo/mm-new/mm/kasan/init.c:200) mm/kasan/init.o:(zero_p4d_populate) in archive vmlinux.a referenced 1 more times
Therefore, to allow calls to {pgd,p4d}_populate_kernel() to be optimized out at compile time, define {pgd,p4d}_populate_kernel() as macros. This way, when pgd_populate() or p4d_populate() are simply empty macros, the corresponding *_populate_kernel() functions can also be optimized away.
Reported-by: kernel test robot lkp@intel.com Closes: https://lore.kernel.org/oe-kbuild-all/202508181636.0Rtk0T7x-lkp@intel.com Reported-by: Stephen Rothwell sfr@canb.auug.org.au Closes: https://lore.kernel.org/lkml/20250821160515.611d191e@canb.auug.org.au Link: https://lore.kernel.org/linux-mm/20250818020206.4517-3-harry.yoo@oracle.com [1] Reviewed-by: Lorenzo Stoakes lorenzo.stoakes@oracle.com Signed-off-by: Harry Yoo harry.yoo@oracle.com ---
This is intended to be fold-merged into the patch "mm: introduce and use {pgd,p4d}_populate_kernel".
v2 -> v3: - Explained that this fixes a linker error of a patch in mm-hotfixes. - Added links to error reports (Closes:) and Reported-by:
include/linux/pgalloc.h | 33 +++++++++++++++++++-------------- 1 file changed, 19 insertions(+), 14 deletions(-)
diff --git a/include/linux/pgalloc.h b/include/linux/pgalloc.h index 290ab864320f..9174fa59bbc5 100644 --- a/include/linux/pgalloc.h +++ b/include/linux/pgalloc.h @@ -5,20 +5,25 @@ #include <linux/pgtable.h> #include <asm/pgalloc.h>
-static inline void pgd_populate_kernel(unsigned long addr, pgd_t *pgd, - p4d_t *p4d) -{ - pgd_populate(&init_mm, pgd, p4d); - if (ARCH_PAGE_TABLE_SYNC_MASK & PGTBL_PGD_MODIFIED) - arch_sync_kernel_mappings(addr, addr); -} +/* + * {pgd,p4d}_populate_kernel() are defined as macros to allow + * compile-time optimization based on the configured page table levels. + * Without this, linking may fail because callers (e.g., KASAN) may rely + * on calls to these functions being optimized away when passing symbols + * that exist only for certain page table levels. + */ +#define pgd_populate_kernel(addr, pgd, p4d) \ + do { \ + pgd_populate(&init_mm, pgd, p4d); \ + if (ARCH_PAGE_TABLE_SYNC_MASK & PGTBL_PGD_MODIFIED) \ + arch_sync_kernel_mappings(addr, addr); \ + } while (0)
-static inline void p4d_populate_kernel(unsigned long addr, p4d_t *p4d, - pud_t *pud) -{ - p4d_populate(&init_mm, p4d, pud); - if (ARCH_PAGE_TABLE_SYNC_MASK & PGTBL_P4D_MODIFIED) - arch_sync_kernel_mappings(addr, addr); -} +#define p4d_populate_kernel(addr, p4d, pud) \ + do { \ + p4d_populate(&init_mm, p4d, pud); \ + if (ARCH_PAGE_TABLE_SYNC_MASK & PGTBL_P4D_MODIFIED) \ + arch_sync_kernel_mappings(addr, addr); \ + } while (0)
#endif /* _LINUX_PGALLOC_H */
linux-stable-mirror@lists.linaro.org
-
Andrey Ryabinin -
Dave Hansen -
David Hildenbrand -
Harry Yoo -
kernel test robot -
Lorenzo Stoakes