All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] mm/debug_vm_pgtable: Fix corrupted PG_arch_1 by set_pmd_at()
@ 2021-07-02 10:32 Gavin Shan
  2021-07-02 18:10 ` kernel test robot
                   ` (3 more replies)
  0 siblings, 4 replies; 8+ messages in thread
From: Gavin Shan @ 2021-07-02 10:32 UTC (permalink / raw)
  To: linux-mm
  Cc: linux-kernel, anshuman.khandual, catalin.marinas, will, akpm, shan.gavin

There are two addresses selected: random virtual address and physical
address corresponding to kernel symbol @start_kernel. During the PMD
tests in pmd_advanced_tests(), the physical address is aligned down
to the starting address of the huge page, whose size is 512MB on ARM64
when we have 64KB base page size. After that, set_pmd_at() is called
to populate the PMD entry. PG_arch_1, PG_dcache_clean on ARM64, is
set to the page flags. Unforunately, the page, corresponding to the
starting address of the huge page could be owned by buddy. It means
PG_arch_1 can be unconditionally set to page owned by buddy.

Afterwards, the page with PG_arch_1 set is fetched from buddy's free
area list, but fails the checking. It leads to the following warning
on ARM64:

   BUG: Bad page state in process memhog  pfn:08000
   page:0000000015c0a628 refcount:0 mapcount:0 \
        mapping:0000000000000000 index:0x1 pfn:0x8000
   flags: 0x7ffff8000000800(arch_1|node=0|zone=0|lastcpupid=0xfffff)
   raw: 07ffff8000000800 dead000000000100 dead000000000122 0000000000000000
   raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
   page dumped because: PAGE_FLAGS_CHECK_AT_PREP flag(s) set

This fixes the issue by calling flush_dcache_page() after each call
to set_{pud, pmd, pte}_at() because PG_arch_1 isn't needed in any case.

Fixes: a5c3b9ffb0f4 ("mm/debug_vm_pgtable: add tests validating advanced arch page table helpers")
Cc: stable@vger.kernel.org # v5.9+
Signed-off-by: Gavin Shan <gshan@redhat.com>
---
 mm/debug_vm_pgtable.c | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/mm/debug_vm_pgtable.c b/mm/debug_vm_pgtable.c
index 92bfc37300df..7dedf6c6dd25 100644
--- a/mm/debug_vm_pgtable.c
+++ b/mm/debug_vm_pgtable.c
@@ -29,6 +29,8 @@
 #include <linux/start_kernel.h>
 #include <linux/sched/mm.h>
 #include <linux/io.h>
+
+#include <asm/cacheflush.h>
 #include <asm/pgalloc.h>
 #include <asm/tlbflush.h>
 
@@ -91,6 +93,7 @@ static void __init pte_advanced_tests(struct mm_struct *mm,
 				      unsigned long pfn, unsigned long vaddr,
 				      pgprot_t prot)
 {
+	struct page *page = pfn_to_page(pfn);
 	pte_t pte = pfn_pte(pfn, prot);
 
 	/*
@@ -102,6 +105,7 @@ static void __init pte_advanced_tests(struct mm_struct *mm,
 	pr_debug("Validating PTE advanced\n");
 	pte = pfn_pte(pfn, prot);
 	set_pte_at(mm, vaddr, ptep, pte);
+	flush_dcache_page(page);
 	ptep_set_wrprotect(mm, vaddr, ptep);
 	pte = ptep_get(ptep);
 	WARN_ON(pte_write(pte));
@@ -113,6 +117,7 @@ static void __init pte_advanced_tests(struct mm_struct *mm,
 	pte = pte_wrprotect(pte);
 	pte = pte_mkclean(pte);
 	set_pte_at(mm, vaddr, ptep, pte);
+	flush_dcache_page(page);
 	pte = pte_mkwrite(pte);
 	pte = pte_mkdirty(pte);
 	ptep_set_access_flags(vma, vaddr, ptep, pte, 1);
@@ -125,6 +130,7 @@ static void __init pte_advanced_tests(struct mm_struct *mm,
 	pte = pfn_pte(pfn, prot);
 	pte = pte_mkyoung(pte);
 	set_pte_at(mm, vaddr, ptep, pte);
+	flush_dcache_page(page);
 	ptep_test_and_clear_young(vma, vaddr, ptep);
 	pte = ptep_get(ptep);
 	WARN_ON(pte_young(pte));
@@ -186,6 +192,7 @@ static void __init pmd_advanced_tests(struct mm_struct *mm,
 				      unsigned long pfn, unsigned long vaddr,
 				      pgprot_t prot, pgtable_t pgtable)
 {
+	struct page *page = pfn_to_page(pfn);
 	pmd_t pmd;
 
 	if (!has_transparent_hugepage())
@@ -199,6 +206,7 @@ static void __init pmd_advanced_tests(struct mm_struct *mm,
 
 	pmd = pfn_pmd(pfn, prot);
 	set_pmd_at(mm, vaddr, pmdp, pmd);
+	flush_dcache_page(page);
 	pmdp_set_wrprotect(mm, vaddr, pmdp);
 	pmd = READ_ONCE(*pmdp);
 	WARN_ON(pmd_write(pmd));
@@ -210,6 +218,7 @@ static void __init pmd_advanced_tests(struct mm_struct *mm,
 	pmd = pmd_wrprotect(pmd);
 	pmd = pmd_mkclean(pmd);
 	set_pmd_at(mm, vaddr, pmdp, pmd);
+	flush_dcache_page(page);
 	pmd = pmd_mkwrite(pmd);
 	pmd = pmd_mkdirty(pmd);
 	pmdp_set_access_flags(vma, vaddr, pmdp, pmd, 1);
@@ -222,6 +231,7 @@ static void __init pmd_advanced_tests(struct mm_struct *mm,
 	pmd = pmd_mkhuge(pfn_pmd(pfn, prot));
 	pmd = pmd_mkyoung(pmd);
 	set_pmd_at(mm, vaddr, pmdp, pmd);
+	flush_dcache_page(page);
 	pmdp_test_and_clear_young(vma, vaddr, pmdp);
 	pmd = READ_ONCE(*pmdp);
 	WARN_ON(pmd_young(pmd));
@@ -334,6 +344,7 @@ static void __init pud_advanced_tests(struct mm_struct *mm,
 				      unsigned long pfn, unsigned long vaddr,
 				      pgprot_t prot)
 {
+	struct page *page = pfn_to_page(page);
 	pud_t pud;
 
 	if (!has_transparent_hugepage())
@@ -345,6 +356,7 @@ static void __init pud_advanced_tests(struct mm_struct *mm,
 
 	pud = pfn_pud(pfn, prot);
 	set_pud_at(mm, vaddr, pudp, pud);
+	flush_dcache_page(page);
 	pudp_set_wrprotect(mm, vaddr, pudp);
 	pud = READ_ONCE(*pudp);
 	WARN_ON(pud_write(pud));
@@ -358,6 +370,7 @@ static void __init pud_advanced_tests(struct mm_struct *mm,
 	pud = pud_wrprotect(pud);
 	pud = pud_mkclean(pud);
 	set_pud_at(mm, vaddr, pudp, pud);
+	flush_dcache_page(page);
 	pud = pud_mkwrite(pud);
 	pud = pud_mkdirty(pud);
 	pudp_set_access_flags(vma, vaddr, pudp, pud, 1);
@@ -373,6 +386,7 @@ static void __init pud_advanced_tests(struct mm_struct *mm,
 	pud = pfn_pud(pfn, prot);
 	pud = pud_mkyoung(pud);
 	set_pud_at(mm, vaddr, pudp, pud);
+	flush_dcache_page(page);
 	pudp_test_and_clear_young(vma, vaddr, pudp);
 	pud = READ_ONCE(*pudp);
 	WARN_ON(pud_young(pud));
@@ -604,6 +618,7 @@ static void __init pte_clear_tests(struct mm_struct *mm, pte_t *ptep,
 				   unsigned long pfn, unsigned long vaddr,
 				   pgprot_t prot)
 {
+	struct page *page = pfn_to_page(pfn);
 	pte_t pte = pfn_pte(pfn, prot);
 
 	pr_debug("Validating PTE clear\n");
@@ -611,6 +626,7 @@ static void __init pte_clear_tests(struct mm_struct *mm, pte_t *ptep,
 	pte = __pte(pte_val(pte) | RANDOM_ORVALUE);
 #endif
 	set_pte_at(mm, vaddr, ptep, pte);
+	flush_dcache_page(page);
 	barrier();
 	pte_clear(mm, vaddr, ptep);
 	pte = ptep_get(ptep);
-- 
2.23.0


^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [PATCH] mm/debug_vm_pgtable: Fix corrupted PG_arch_1 by set_pmd_at()
  2021-07-02 10:32 [PATCH] mm/debug_vm_pgtable: Fix corrupted PG_arch_1 by set_pmd_at() Gavin Shan
@ 2021-07-02 18:10 ` kernel test robot
  2021-07-03  0:30 ` Gavin Shan
                   ` (2 subsequent siblings)
  3 siblings, 0 replies; 8+ messages in thread
From: kernel test robot @ 2021-07-02 18:10 UTC (permalink / raw)
  To: Gavin Shan, linux-mm
  Cc: clang-built-linux, kbuild-all, linux-kernel, anshuman.khandual,
	catalin.marinas, will, akpm, shan.gavin

[-- Attachment #1: Type: text/plain, Size: 3167 bytes --]

Hi Gavin,

Thank you for the patch! Yet something to improve:

[auto build test ERROR on linus/master]
[cannot apply to hnaz-linux-mm/master linux/master v5.13 next-20210701]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]

url:    https://github.com/0day-ci/linux/commits/Gavin-Shan/mm-debug_vm_pgtable-Fix-corrupted-PG_arch_1-by-set_pmd_at/20210702-183310
base:   https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 3dbdb38e286903ec220aaf1fb29a8d94297da246
config: x86_64-randconfig-a004-20210702 (attached as .config)
compiler: clang version 13.0.0 (https://github.com/llvm/llvm-project 9eb613b2de3163686b1a4bd1160f15ac56a4b083)
reproduce (this is a W=1 build):
        wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
        chmod +x ~/bin/make.cross
        # install x86_64 cross compiling tool for clang build
        # apt-get install binutils-x86-64-linux-gnu
        # https://github.com/0day-ci/linux/commit/414db1c0feb54b545b3df56bc19ffff27580deb5
        git remote add linux-review https://github.com/0day-ci/linux
        git fetch --no-tags linux-review Gavin-Shan/mm-debug_vm_pgtable-Fix-corrupted-PG_arch_1-by-set_pmd_at/20210702-183310
        git checkout 414db1c0feb54b545b3df56bc19ffff27580deb5
        # save the attached .config to linux build tree
        COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=x86_64 

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>

All errors (new ones prefixed by >>):

>> mm/debug_vm_pgtable.c:347:22: error: invalid operands to binary expression ('struct page *' and 'struct page *')
           struct page *page = pfn_to_page(page);
                               ^~~~~~~~~~~~~~~~~
   include/asm-generic/memory_model.h:53:21: note: expanded from macro 'pfn_to_page'
   #define pfn_to_page __pfn_to_page
                       ^
   include/asm-generic/memory_model.h:25:37: note: expanded from macro '__pfn_to_page'
   #define __pfn_to_page(pfn)      (vmemmap + (pfn))
                                    ~~~~~~~ ^ ~~~~~
   1 error generated.


vim +347 mm/debug_vm_pgtable.c

   341	
   342	static void __init pud_advanced_tests(struct mm_struct *mm,
   343					      struct vm_area_struct *vma, pud_t *pudp,
   344					      unsigned long pfn, unsigned long vaddr,
   345					      pgprot_t prot)
   346	{
 > 347		struct page *page = pfn_to_page(page);
   348		pud_t pud;
   349	
   350		if (!has_transparent_hugepage())
   351			return;
   352	
   353		pr_debug("Validating PUD advanced\n");
   354		/* Align the address wrt HPAGE_PUD_SIZE */
   355		vaddr &= HPAGE_PUD_MASK;
   356	
   357		pud = pfn_pud(pfn, prot);
   358		set_pud_at(mm, vaddr, pudp, pud);
   359		flush_dcache_page(page);
   360		pudp_set_wrprotect(mm, vaddr, pudp);
   361		pud = READ_ONCE(*pudp);
   362		WARN_ON(pud_write(pud));
   363	

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org

[-- Attachment #2: .config.gz --]
[-- Type: application/gzip, Size: 41225 bytes --]

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [PATCH] mm/debug_vm_pgtable: Fix corrupted PG_arch_1 by set_pmd_at()
  2021-07-02 10:32 [PATCH] mm/debug_vm_pgtable: Fix corrupted PG_arch_1 by set_pmd_at() Gavin Shan
  2021-07-02 18:10 ` kernel test robot
@ 2021-07-03  0:30 ` Gavin Shan
  2021-07-05  3:59 ` Anshuman Khandual
  2021-07-08  0:35 ` kernel test robot
  3 siblings, 0 replies; 8+ messages in thread
From: Gavin Shan @ 2021-07-03  0:30 UTC (permalink / raw)
  To: linux-mm
  Cc: linux-kernel, anshuman.khandual, catalin.marinas, will, akpm, shan.gavin

On 7/2/21 8:32 PM, Gavin Shan wrote:
> There are two addresses selected: random virtual address and physical
> address corresponding to kernel symbol @start_kernel. During the PMD
> tests in pmd_advanced_tests(), the physical address is aligned down
> to the starting address of the huge page, whose size is 512MB on ARM64
> when we have 64KB base page size. After that, set_pmd_at() is called
> to populate the PMD entry. PG_arch_1, PG_dcache_clean on ARM64, is
> set to the page flags. Unforunately, the page, corresponding to the
> starting address of the huge page could be owned by buddy. It means
> PG_arch_1 can be unconditionally set to page owned by buddy.
> 
> Afterwards, the page with PG_arch_1 set is fetched from buddy's free
> area list, but fails the checking. It leads to the following warning
> on ARM64:
> 
>     BUG: Bad page state in process memhog  pfn:08000
>     page:0000000015c0a628 refcount:0 mapcount:0 \
>          mapping:0000000000000000 index:0x1 pfn:0x8000
>     flags: 0x7ffff8000000800(arch_1|node=0|zone=0|lastcpupid=0xfffff)
>     raw: 07ffff8000000800 dead000000000100 dead000000000122 0000000000000000
>     raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
>     page dumped because: PAGE_FLAGS_CHECK_AT_PREP flag(s) set
> 
> This fixes the issue by calling flush_dcache_page() after each call
> to set_{pud, pmd, pte}_at() because PG_arch_1 isn't needed in any case.
> 
> Fixes: a5c3b9ffb0f4 ("mm/debug_vm_pgtable: add tests validating advanced arch page table helpers")
> Cc: stable@vger.kernel.org # v5.9+
> Signed-off-by: Gavin Shan <gshan@redhat.com>
> ---
>   mm/debug_vm_pgtable.c | 16 ++++++++++++++++
>   1 file changed, 16 insertions(+)
> 
> diff --git a/mm/debug_vm_pgtable.c b/mm/debug_vm_pgtable.c
> index 92bfc37300df..7dedf6c6dd25 100644
> --- a/mm/debug_vm_pgtable.c
> +++ b/mm/debug_vm_pgtable.c
> @@ -29,6 +29,8 @@
>   #include <linux/start_kernel.h>
>   #include <linux/sched/mm.h>
>   #include <linux/io.h>
> +
> +#include <asm/cacheflush.h>
>   #include <asm/pgalloc.h>
>   #include <asm/tlbflush.h>
>   
> @@ -91,6 +93,7 @@ static void __init pte_advanced_tests(struct mm_struct *mm,
>   				      unsigned long pfn, unsigned long vaddr,
>   				      pgprot_t prot)
>   {
> +	struct page *page = pfn_to_page(pfn);
>   	pte_t pte = pfn_pte(pfn, prot);
>   
>   	/*
> @@ -102,6 +105,7 @@ static void __init pte_advanced_tests(struct mm_struct *mm,
>   	pr_debug("Validating PTE advanced\n");
>   	pte = pfn_pte(pfn, prot);
>   	set_pte_at(mm, vaddr, ptep, pte);
> +	flush_dcache_page(page);
>   	ptep_set_wrprotect(mm, vaddr, ptep);
>   	pte = ptep_get(ptep);
>   	WARN_ON(pte_write(pte));
> @@ -113,6 +117,7 @@ static void __init pte_advanced_tests(struct mm_struct *mm,
>   	pte = pte_wrprotect(pte);
>   	pte = pte_mkclean(pte);
>   	set_pte_at(mm, vaddr, ptep, pte);
> +	flush_dcache_page(page);
>   	pte = pte_mkwrite(pte);
>   	pte = pte_mkdirty(pte);
>   	ptep_set_access_flags(vma, vaddr, ptep, pte, 1);
> @@ -125,6 +130,7 @@ static void __init pte_advanced_tests(struct mm_struct *mm,
>   	pte = pfn_pte(pfn, prot);
>   	pte = pte_mkyoung(pte);
>   	set_pte_at(mm, vaddr, ptep, pte);
> +	flush_dcache_page(page);
>   	ptep_test_and_clear_young(vma, vaddr, ptep);
>   	pte = ptep_get(ptep);
>   	WARN_ON(pte_young(pte));
> @@ -186,6 +192,7 @@ static void __init pmd_advanced_tests(struct mm_struct *mm,
>   				      unsigned long pfn, unsigned long vaddr,
>   				      pgprot_t prot, pgtable_t pgtable)
>   {
> +	struct page *page = pfn_to_page(pfn);
>   	pmd_t pmd;
>   
>   	if (!has_transparent_hugepage())
> @@ -199,6 +206,7 @@ static void __init pmd_advanced_tests(struct mm_struct *mm,
>   
>   	pmd = pfn_pmd(pfn, prot);
>   	set_pmd_at(mm, vaddr, pmdp, pmd);
> +	flush_dcache_page(page);
>   	pmdp_set_wrprotect(mm, vaddr, pmdp);
>   	pmd = READ_ONCE(*pmdp);
>   	WARN_ON(pmd_write(pmd));
> @@ -210,6 +218,7 @@ static void __init pmd_advanced_tests(struct mm_struct *mm,
>   	pmd = pmd_wrprotect(pmd);
>   	pmd = pmd_mkclean(pmd);
>   	set_pmd_at(mm, vaddr, pmdp, pmd);
> +	flush_dcache_page(page);
>   	pmd = pmd_mkwrite(pmd);
>   	pmd = pmd_mkdirty(pmd);
>   	pmdp_set_access_flags(vma, vaddr, pmdp, pmd, 1);
> @@ -222,6 +231,7 @@ static void __init pmd_advanced_tests(struct mm_struct *mm,
>   	pmd = pmd_mkhuge(pfn_pmd(pfn, prot));
>   	pmd = pmd_mkyoung(pmd);
>   	set_pmd_at(mm, vaddr, pmdp, pmd);
> +	flush_dcache_page(page);
>   	pmdp_test_and_clear_young(vma, vaddr, pmdp);
>   	pmd = READ_ONCE(*pmdp);
>   	WARN_ON(pmd_young(pmd));
> @@ -334,6 +344,7 @@ static void __init pud_advanced_tests(struct mm_struct *mm,
>   				      unsigned long pfn, unsigned long vaddr,
>   				      pgprot_t prot)
>   {
> +	struct page *page = pfn_to_page(page);
>   	pud_t pud;
>   

Typo here. @page should be replaced by @pfn. I'm holding to post v2 until I
receive comments on v1.

>   	if (!has_transparent_hugepage())
> @@ -345,6 +356,7 @@ static void __init pud_advanced_tests(struct mm_struct *mm,
>   
>   	pud = pfn_pud(pfn, prot);
>   	set_pud_at(mm, vaddr, pudp, pud);
> +	flush_dcache_page(page);
>   	pudp_set_wrprotect(mm, vaddr, pudp);
>   	pud = READ_ONCE(*pudp);
>   	WARN_ON(pud_write(pud));
> @@ -358,6 +370,7 @@ static void __init pud_advanced_tests(struct mm_struct *mm,
>   	pud = pud_wrprotect(pud);
>   	pud = pud_mkclean(pud);
>   	set_pud_at(mm, vaddr, pudp, pud);
> +	flush_dcache_page(page);
>   	pud = pud_mkwrite(pud);
>   	pud = pud_mkdirty(pud);
>   	pudp_set_access_flags(vma, vaddr, pudp, pud, 1);
> @@ -373,6 +386,7 @@ static void __init pud_advanced_tests(struct mm_struct *mm,
>   	pud = pfn_pud(pfn, prot);
>   	pud = pud_mkyoung(pud);
>   	set_pud_at(mm, vaddr, pudp, pud);
> +	flush_dcache_page(page);
>   	pudp_test_and_clear_young(vma, vaddr, pudp);
>   	pud = READ_ONCE(*pudp);
>   	WARN_ON(pud_young(pud));
> @@ -604,6 +618,7 @@ static void __init pte_clear_tests(struct mm_struct *mm, pte_t *ptep,
>   				   unsigned long pfn, unsigned long vaddr,
>   				   pgprot_t prot)
>   {
> +	struct page *page = pfn_to_page(pfn);
>   	pte_t pte = pfn_pte(pfn, prot);
>   
>   	pr_debug("Validating PTE clear\n");
> @@ -611,6 +626,7 @@ static void __init pte_clear_tests(struct mm_struct *mm, pte_t *ptep,
>   	pte = __pte(pte_val(pte) | RANDOM_ORVALUE);
>   #endif
>   	set_pte_at(mm, vaddr, ptep, pte);
> +	flush_dcache_page(page);
>   	barrier();
>   	pte_clear(mm, vaddr, ptep);
>   	pte = ptep_get(ptep);
> 

Thanks,
Gavin


^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [PATCH] mm/debug_vm_pgtable: Fix corrupted PG_arch_1 by set_pmd_at()
  2021-07-02 10:32 [PATCH] mm/debug_vm_pgtable: Fix corrupted PG_arch_1 by set_pmd_at() Gavin Shan
  2021-07-02 18:10 ` kernel test robot
  2021-07-03  0:30 ` Gavin Shan
@ 2021-07-05  3:59 ` Anshuman Khandual
  2021-07-06  5:09   ` Gavin Shan
  2021-07-08  0:35 ` kernel test robot
  3 siblings, 1 reply; 8+ messages in thread
From: Anshuman Khandual @ 2021-07-05  3:59 UTC (permalink / raw)
  To: Gavin Shan, linux-mm
  Cc: linux-kernel, catalin.marinas, will, akpm, shan.gavin

Hello Gavin,

On 7/2/21 4:02 PM, Gavin Shan wrote:
> There are two addresses selected: random virtual address and physical
> address corresponding to kernel symbol @start_kernel. During the PMD
> tests in pmd_advanced_tests(), the physical address is aligned down
> to the starting address of the huge page, whose size is 512MB on ARM64
> when we have 64KB base page size. After that, set_pmd_at() is called
> to populate the PMD entry. PG_arch_1, PG_dcache_clean on ARM64, is
> set to the page flags. Unforunately, the page, corresponding to the
> starting address of the huge page could be owned by buddy. It means
> PG_arch_1 can be unconditionally set to page owned by buddy.
> 
> Afterwards, the page with PG_arch_1 set is fetched from buddy's free
> area list, but fails the checking. It leads to the following warning
> on ARM64:
> 
>    BUG: Bad page state in process memhog  pfn:08000
>    page:0000000015c0a628 refcount:0 mapcount:0 \
>         mapping:0000000000000000 index:0x1 pfn:0x8000
>    flags: 0x7ffff8000000800(arch_1|node=0|zone=0|lastcpupid=0xfffff)
>    raw: 07ffff8000000800 dead000000000100 dead000000000122 0000000000000000
>    raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
>    page dumped because: PAGE_FLAGS_CHECK_AT_PREP flag(s) set

Does this problem happen right after the boot ? OR you ran some tests
and workloads to trigger this ? IIRC never seen this before on arm64.
Does this happen on other archs too ?

> 
> This fixes the issue by calling flush_dcache_page() after each call
> to set_{pud, pmd, pte}_at() because PG_arch_1 isn't needed in any case.

This (arm64 specific solution) might cause some side effects on other
platforms ? The solution here needs to be generic enough. I will take
a look into this patch but probably later this week or next week.

- Anshuman

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [PATCH] mm/debug_vm_pgtable: Fix corrupted PG_arch_1 by set_pmd_at()
  2021-07-05  3:59 ` Anshuman Khandual
@ 2021-07-06  5:09   ` Gavin Shan
  0 siblings, 0 replies; 8+ messages in thread
From: Gavin Shan @ 2021-07-06  5:09 UTC (permalink / raw)
  To: Anshuman Khandual, linux-mm
  Cc: linux-kernel, catalin.marinas, will, akpm, shan.gavin

Hi Anshuman,

On 7/5/21 1:59 PM, Anshuman Khandual wrote:
> On 7/2/21 4:02 PM, Gavin Shan wrote:
>> There are two addresses selected: random virtual address and physical
>> address corresponding to kernel symbol @start_kernel. During the PMD
>> tests in pmd_advanced_tests(), the physical address is aligned down
>> to the starting address of the huge page, whose size is 512MB on ARM64
>> when we have 64KB base page size. After that, set_pmd_at() is called
>> to populate the PMD entry. PG_arch_1, PG_dcache_clean on ARM64, is
>> set to the page flags. Unforunately, the page, corresponding to the
>> starting address of the huge page could be owned by buddy. It means
>> PG_arch_1 can be unconditionally set to page owned by buddy.
>>
>> Afterwards, the page with PG_arch_1 set is fetched from buddy's free
>> area list, but fails the checking. It leads to the following warning
>> on ARM64:
>>
>>     BUG: Bad page state in process memhog  pfn:08000
>>     page:0000000015c0a628 refcount:0 mapcount:0 \
>>          mapping:0000000000000000 index:0x1 pfn:0x8000
>>     flags: 0x7ffff8000000800(arch_1|node=0|zone=0|lastcpupid=0xfffff)
>>     raw: 07ffff8000000800 dead000000000100 dead000000000122 0000000000000000
>>     raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
>>     page dumped because: PAGE_FLAGS_CHECK_AT_PREP flag(s) set
> 
> Does this problem happen right after the boot ? OR you ran some tests
> and workloads to trigger this ? IIRC never seen this before on arm64.
> Does this happen on other archs too ?
> 

The page flag (PG_arch_1) is corrupted during boot on ARM64 where
64KB base page size is selected, but the failing page check happens
when the page is pulled from buddy's free area list by "memhog".
I don't think other platform has same issue.

>>
>> This fixes the issue by calling flush_dcache_page() after each call
>> to set_{pud, pmd, pte}_at() because PG_arch_1 isn't needed in any case.
> 
> This (arm64 specific solution) might cause some side effects on other
> platforms ? The solution here needs to be generic enough. I will take
> a look into this patch but probably later this week or next week.
> 

Apart from the overhead of flushing the dcache introduced by flush_dcache_page().
I don't think there is any side-effect. By the way, I'm working on a series
to fix this issue and another issue. I will post the series for review pretty
soon and it's going to fix the following issues:

(1) Current code is organized in relaxed fashion. All information are maintained
     in variables in debug_vm_pgtable(). The variables are passed to test functions.
     It make the code hard to be maintained in long term. So I will introduce a
     dedicated data struct (struct vm_pgtable_debug), as place holder for various
     information.

(2) With the data struct, I'm able to allocate page, to be used by set_{pud, pmd, pte}_at()
     because the target page is accessed on ARM64. The PG_arch_1 flag is set to
     the page and the corresponding iCache is flush if execution permission is given.
     There are two issues if the page used by set_{pud, pmd, pte}_at() wasn't allocated
     from buddy: (a) the PG_arch_1 flag corruption as this patch tries to fix; (b) kernel
     crash because of invalid page fault on accessing the target page. The page isn't
     mapped if CONFIG_DEBUG_PAGEALLOC is enabled.

     start_kernel
     mm_init
     mem_init
     memblock_free_all
     free_low_memory_core_early
     __free_memory_core
     __free_pages_memory
     memblock_free_pages
     __free_pages_core
     __free_pages_ok
     free_pages_prepare
     debug_pagealloc_unmap_pages           # The page is unmapped here

Thanks,
Gavin


^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [PATCH] mm/debug_vm_pgtable: Fix corrupted PG_arch_1 by set_pmd_at()
  2021-07-02 10:32 [PATCH] mm/debug_vm_pgtable: Fix corrupted PG_arch_1 by set_pmd_at() Gavin Shan
                   ` (2 preceding siblings ...)
  2021-07-05  3:59 ` Anshuman Khandual
@ 2021-07-08  0:35 ` kernel test robot
  2021-07-12  3:21   ` Anshuman Khandual
  3 siblings, 1 reply; 8+ messages in thread
From: kernel test robot @ 2021-07-08  0:35 UTC (permalink / raw)
  To: Gavin Shan, linux-mm
  Cc: kbuild-all, linux-kernel, anshuman.khandual, catalin.marinas,
	will, akpm, shan.gavin

[-- Attachment #1: Type: text/plain, Size: 3294 bytes --]

Hi Gavin,

Thank you for the patch! Yet something to improve:

[auto build test ERROR on linus/master]
[cannot apply to hnaz-linux-mm/master linux/master v5.13 next-20210707]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]

url:    https://github.com/0day-ci/linux/commits/Gavin-Shan/mm-debug_vm_pgtable-Fix-corrupted-PG_arch_1-by-set_pmd_at/20210702-183310
base:   https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 3dbdb38e286903ec220aaf1fb29a8d94297da246
config: x86_64-allyesconfig (attached as .config)
compiler: gcc-9 (Debian 9.3.0-22) 9.3.0
reproduce (this is a W=1 build):
        # https://github.com/0day-ci/linux/commit/414db1c0feb54b545b3df56bc19ffff27580deb5
        git remote add linux-review https://github.com/0day-ci/linux
        git fetch --no-tags linux-review Gavin-Shan/mm-debug_vm_pgtable-Fix-corrupted-PG_arch_1-by-set_pmd_at/20210702-183310
        git checkout 414db1c0feb54b545b3df56bc19ffff27580deb5
        # save the attached .config to linux build tree
        make W=1 ARCH=x86_64 

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>

All errors (new ones prefixed by >>):

   In file included from arch/x86/include/asm/page.h:76,
                    from arch/x86/include/asm/thread_info.h:12,
                    from include/linux/thread_info.h:59,
                    from arch/x86/include/asm/preempt.h:7,
                    from include/linux/preempt.h:78,
                    from include/linux/spinlock.h:51,
                    from include/linux/mmzone.h:8,
                    from include/linux/gfp.h:6,
                    from mm/debug_vm_pgtable.c:13:
   mm/debug_vm_pgtable.c: In function 'pud_advanced_tests':
>> include/asm-generic/memory_model.h:25:37: error: invalid operands to binary + (have 'struct page *' and 'struct page *')
      25 | #define __pfn_to_page(pfn) (vmemmap + (pfn))
         |                                     ^
   include/asm-generic/memory_model.h:53:21: note: in expansion of macro '__pfn_to_page'
      53 | #define pfn_to_page __pfn_to_page
         |                     ^~~~~~~~~~~~~
   mm/debug_vm_pgtable.c:347:22: note: in expansion of macro 'pfn_to_page'
     347 |  struct page *page = pfn_to_page(page);
         |                      ^~~~~~~~~~~

Kconfig warnings: (for reference only)
   WARNING: unmet direct dependencies detected for PHY_SPARX5_SERDES
   Depends on (ARCH_SPARX5 || COMPILE_TEST && OF && HAS_IOMEM
   Selected by
   - SPARX5_SWITCH && NETDEVICES && ETHERNET && NET_VENDOR_MICROCHIP && NET_SWITCHDEV && HAS_IOMEM


vim +25 include/asm-generic/memory_model.h

8f6aac419bd590 Christoph Lameter  2007-10-16  23  
af901ca181d92a André Goddard Rosa 2009-11-14  24  /* memmap is virtually contiguous.  */
8f6aac419bd590 Christoph Lameter  2007-10-16 @25  #define __pfn_to_page(pfn)	(vmemmap + (pfn))
32272a26974d20 Martin Schwidefsky 2008-12-25  26  #define __page_to_pfn(page)	(unsigned long)((page) - vmemmap)
8f6aac419bd590 Christoph Lameter  2007-10-16  27  

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org

[-- Attachment #2: .config.gz --]
[-- Type: application/gzip, Size: 65461 bytes --]

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [PATCH] mm/debug_vm_pgtable: Fix corrupted PG_arch_1 by set_pmd_at()
  2021-07-08  0:35 ` kernel test robot
@ 2021-07-12  3:21   ` Anshuman Khandual
  2021-07-12  8:24     ` Gavin Shan
  0 siblings, 1 reply; 8+ messages in thread
From: Anshuman Khandual @ 2021-07-12  3:21 UTC (permalink / raw)
  To: kernel test robot, Gavin Shan, linux-mm
  Cc: kbuild-all, linux-kernel, catalin.marinas, will, akpm, shan.gavin



On 7/8/21 6:05 AM, kernel test robot wrote:
> Hi Gavin,
> 
> Thank you for the patch! Yet something to improve:
> 
> [auto build test ERROR on linus/master]
> [cannot apply to hnaz-linux-mm/master linux/master v5.13 next-20210707]
> [If your patch is applied to the wrong git tree, kindly drop us a note.
> And when submitting patch, we suggest to use '--base' as documented in
> https://git-scm.com/docs/git-format-patch]
> 
> url:    https://github.com/0day-ci/linux/commits/Gavin-Shan/mm-debug_vm_pgtable-Fix-corrupted-PG_arch_1-by-set_pmd_at/20210702-183310
> base:   https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 3dbdb38e286903ec220aaf1fb29a8d94297da246
> config: x86_64-allyesconfig (attached as .config)
> compiler: gcc-9 (Debian 9.3.0-22) 9.3.0
> reproduce (this is a W=1 build):
>         # https://github.com/0day-ci/linux/commit/414db1c0feb54b545b3df56bc19ffff27580deb5
>         git remote add linux-review https://github.com/0day-ci/linux
>         git fetch --no-tags linux-review Gavin-Shan/mm-debug_vm_pgtable-Fix-corrupted-PG_arch_1-by-set_pmd_at/20210702-183310
>         git checkout 414db1c0feb54b545b3df56bc19ffff27580deb5
>         # save the attached .config to linux build tree
>         make W=1 ARCH=x86_64 
> 
> If you fix the issue, kindly add following tag as appropriate
> Reported-by: kernel test robot <lkp@intel.com>
> 
> All errors (new ones prefixed by >>):
> 
>    In file included from arch/x86/include/asm/page.h:76,
>                     from arch/x86/include/asm/thread_info.h:12,
>                     from include/linux/thread_info.h:59,
>                     from arch/x86/include/asm/preempt.h:7,
>                     from include/linux/preempt.h:78,
>                     from include/linux/spinlock.h:51,
>                     from include/linux/mmzone.h:8,
>                     from include/linux/gfp.h:6,
>                     from mm/debug_vm_pgtable.c:13:
>    mm/debug_vm_pgtable.c: In function 'pud_advanced_tests':
>>> include/asm-generic/memory_model.h:25:37: error: invalid operands to binary + (have 'struct page *' and 'struct page *')

Hello Gavin,

So this problem has been fixed in the other series (which now
includes this patch) you have posted ?

- Anshuman

>       25 | #define __pfn_to_page(pfn) (vmemmap + (pfn))
>          |                                     ^
>    include/asm-generic/memory_model.h:53:21: note: in expansion of macro '__pfn_to_page'
>       53 | #define pfn_to_page __pfn_to_page
>          |                     ^~~~~~~~~~~~~
>    mm/debug_vm_pgtable.c:347:22: note: in expansion of macro 'pfn_to_page'
>      347 |  struct page *page = pfn_to_page(page);
>          |                      ^~~~~~~~~~~
> 
> Kconfig warnings: (for reference only)
>    WARNING: unmet direct dependencies detected for PHY_SPARX5_SERDES
>    Depends on (ARCH_SPARX5 || COMPILE_TEST && OF && HAS_IOMEM
>    Selected by
>    - SPARX5_SWITCH && NETDEVICES && ETHERNET && NET_VENDOR_MICROCHIP && NET_SWITCHDEV && HAS_IOMEM
> 
> 
> vim +25 include/asm-generic/memory_model.h
> 
> 8f6aac419bd590 Christoph Lameter  2007-10-16  23  
> af901ca181d92a André Goddard Rosa 2009-11-14  24  /* memmap is virtually contiguous.  */
> 8f6aac419bd590 Christoph Lameter  2007-10-16 @25  #define __pfn_to_page(pfn)	(vmemmap + (pfn))
> 32272a26974d20 Martin Schwidefsky 2008-12-25  26  #define __page_to_pfn(page)	(unsigned long)((page) - vmemmap)
> 8f6aac419bd590 Christoph Lameter  2007-10-16  27  
> 
> ---
> 0-DAY CI Kernel Test Service, Intel Corporation
> https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
> 

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [PATCH] mm/debug_vm_pgtable: Fix corrupted PG_arch_1 by set_pmd_at()
  2021-07-12  3:21   ` Anshuman Khandual
@ 2021-07-12  8:24     ` Gavin Shan
  0 siblings, 0 replies; 8+ messages in thread
From: Gavin Shan @ 2021-07-12  8:24 UTC (permalink / raw)
  To: Anshuman Khandual, kernel test robot, linux-mm
  Cc: kbuild-all, linux-kernel, catalin.marinas, will, akpm, shan.gavin

On 7/12/21 1:21 PM, Anshuman Khandual wrote:
> 
> 
> On 7/8/21 6:05 AM, kernel test robot wrote:
>> Hi Gavin,
>>
>> Thank you for the patch! Yet something to improve:
>>
>> [auto build test ERROR on linus/master]
>> [cannot apply to hnaz-linux-mm/master linux/master v5.13 next-20210707]
>> [If your patch is applied to the wrong git tree, kindly drop us a note.
>> And when submitting patch, we suggest to use '--base' as documented in
>> https://git-scm.com/docs/git-format-patch]
>>
>> url:    https://github.com/0day-ci/linux/commits/Gavin-Shan/mm-debug_vm_pgtable-Fix-corrupted-PG_arch_1-by-set_pmd_at/20210702-183310
>> base:   https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 3dbdb38e286903ec220aaf1fb29a8d94297da246
>> config: x86_64-allyesconfig (attached as .config)
>> compiler: gcc-9 (Debian 9.3.0-22) 9.3.0
>> reproduce (this is a W=1 build):
>>          # https://github.com/0day-ci/linux/commit/414db1c0feb54b545b3df56bc19ffff27580deb5
>>          git remote add linux-review https://github.com/0day-ci/linux
>>          git fetch --no-tags linux-review Gavin-Shan/mm-debug_vm_pgtable-Fix-corrupted-PG_arch_1-by-set_pmd_at/20210702-183310
>>          git checkout 414db1c0feb54b545b3df56bc19ffff27580deb5
>>          # save the attached .config to linux build tree
>>          make W=1 ARCH=x86_64
>>
>> If you fix the issue, kindly add following tag as appropriate
>> Reported-by: kernel test robot <lkp@intel.com>
>>
>> All errors (new ones prefixed by >>):
>>
>>     In file included from arch/x86/include/asm/page.h:76,
>>                      from arch/x86/include/asm/thread_info.h:12,
>>                      from include/linux/thread_info.h:59,
>>                      from arch/x86/include/asm/preempt.h:7,
>>                      from include/linux/preempt.h:78,
>>                      from include/linux/spinlock.h:51,
>>                      from include/linux/mmzone.h:8,
>>                      from include/linux/gfp.h:6,
>>                      from mm/debug_vm_pgtable.c:13:
>>     mm/debug_vm_pgtable.c: In function 'pud_advanced_tests':
>>>> include/asm-generic/memory_model.h:25:37: error: invalid operands to binary + (have 'struct page *' and 'struct page *')
> 
> 
> So this problem has been fixed in the other series (which now
> includes this patch) you have posted ?
> 

Yes, Anshuman. Please ignore this one. The fix has been included into
the following series. The last patch [12/12] of that series fixes the
issue.

[PATCH 00/12] mm/debug_vm_pgtable: Enhancements

Thanks,
Gavin




^ permalink raw reply	[flat|nested] 8+ messages in thread

end of thread, other threads:[~2021-07-12  9:04 UTC | newest]

Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-07-02 10:32 [PATCH] mm/debug_vm_pgtable: Fix corrupted PG_arch_1 by set_pmd_at() Gavin Shan
2021-07-02 18:10 ` kernel test robot
2021-07-03  0:30 ` Gavin Shan
2021-07-05  3:59 ` Anshuman Khandual
2021-07-06  5:09   ` Gavin Shan
2021-07-08  0:35 ` kernel test robot
2021-07-12  3:21   ` Anshuman Khandual
2021-07-12  8:24     ` Gavin Shan

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.