diff for duplicates of <5050805753ac469e8d727c797c2218a9d780d434.camel@mediatek.com>
diff --git a/N1/1.bin b/N1/1.bin
new file mode 100644
index 0000000..b9067a6
--- /dev/null
+++ b/N1/1.bin
@@ -0,0 +1,136 @@
+<pre>
+Hi,
+
+We meet the mass MTE errors happened in Android T with kernel-6.1.
+
+When the system is under memory pressure, the MTE often triggers some
+error reporting in userspace.
+
+Like the tombstone below, there are many reports with the acllocation
+tags of 0:
+
+Build fingerprint:
+'alps/vext_k6897v1_64/k6897v1_64:13/TP1A.220624.014/mp2ofp23:userdebug/
+dev-keys'
+Revision: '0'
+ABI: 'arm64'
+Timestamp: 2023-03-14 06:39:40.344251744+0800
+Process uptime: 0s
+Cmdline: /vendor/bin/hw/camerahalserver
+pid: 988, tid: 1395, name: binder:988_3  >>>
+/vendor/bin/hw/camerahalserver <<<
+uid: 1047
+tagged_addr_ctrl: 000000000007fff3 (PR_TAGGED_ADDR_ENABLE,
+PR_MTE_TCF_SYNC, mask 0xfffe)
+signal 11 (SIGSEGV), code 9 (SEGV_MTESERR), fault addr
+0x0d000075f1d8d7f0
+    x0  00000075018d3fb0  x1  00000000c0306201  x2  00000075018d3ae8  x
+3  000000000000720c
+    x4  0000000000000000  x5  0000000000000000  x6  00000642000004fe  x
+7  0000054600000630
+    x8  00000000fffffff2  x9  b34a1094e7e33c3f  x10
+00000075018d3a80  x11 00000075018d3a50
+    x12 ffffff80ffffffd0  x13 0000061e0000072c  x14
+0000000000000004  x15 0000000000000000
+    x16 00000077f2dfcd78  x17 00000077da3a8ff0  x18
+00000075011bc000  x19 0d000075f1d8d898
+    x20 0d000075f1d8d7f0  x21 0d000075f1d8d910  x22
+0000000000000000  x23 00000000fffffff7
+    x24 00000075018d4000  x25 0000000000000000  x26
+00000075018d3ff8  x27 00000000000fc000
+    x28 00000000000fe000  x29 00000075018d3b20
+    lr  00000077f2d9f164  sp  00000075018d3ad0  pc  00000077f2d9f134  p
+st 0000000080001000
+
+backtrace:
+      #00 pc 000000000005d134  /system/lib64/libbinder.so
+(android::IPCThreadState::talkWithDriver(bool)+244) (BuildId:
+8b5612259e4a42521c430456ec5939c7)
+      #01 pc 000000000005d448  /system/lib64/libbinder.so
+(android::IPCThreadState::getAndExecuteCommand()+24) (BuildId:
+8b5612259e4a42521c430456ec5939c7)
+      #02 pc 000000000005dd64  /system/lib64/libbinder.so
+(android::IPCThreadState::joinThreadPool(bool)+68) (BuildId:
+8b5612259e4a42521c430456ec5939c7)
+      #03 pc 000000000008dba8  /system/lib64/libbinder.so
+(android::PoolThread::threadLoop()+24) (BuildId:
+8b5612259e4a42521c430456ec5939c7)
+      #04 pc 0000000000013440  /system/lib64/libutils.so
+(android::Thread::_threadLoop(void*)+416) (BuildId:
+10aac5d4a671e4110bc00c9b69d83d8a)
+      #05 pc
+00000000000c14cc  /apex/com.android.runtime/lib64/bionic/libc.so
+(__pthread_start(void*)+204) (BuildId:
+718ecc04753b519b0f6289a7a2fcf117)
+      #06 pc
+0000000000054930  /apex/com.android.runtime/lib64/bionic/libc.so
+(__start_thread+64) (BuildId: 718ecc04753b519b0f6289a7a2fcf117)
+
+Memory tags around the fault address (0xd000075f1d8d7f0), one tag per
+16 bytes:
+      0x75f1d8cf00: 0  0  0  0  0  0  0  0  0  0  0  0  0  0  0  0
+      0x75f1d8d000: 0  0  0  0  0  0  0  0  0  0  0  0  0  0  0  0
+      0x75f1d8d100: 0  0  0  0  0  0  0  0  0  0  0  0  0  0  0  0
+      0x75f1d8d200: 0  0  0  0  0  0  0  0  0  0  0  0  0  0  0  0
+      0x75f1d8d300: 0  0  0  0  0  0  0  0  0  0  0  0  0  0  0  0
+      0x75f1d8d400: 0  0  0  0  0  0  0  0  0  0  0  0  0  0  0  0
+      0x75f1d8d500: 0  0  0  0  0  0  0  0  0  0  0  0  0  0  0  0
+      0x75f1d8d600: 0  0  0  0  0  0  0  0  0  0  0  0  0  0  0  0
+    =>0x75f1d8d700: 0  0  0  0  0  0  0  0  0  0  0  0  0  0  0 [0]
+      0x75f1d8d800: 0  0  0  0  0  0  0  0  0  0  0  0  0  0  0  0
+      0x75f1d8d900: 0  0  0  0  0  0  0  0  0  0  0  0  0  0  0  0
+      0x75f1d8da00: 0  0  0  0  0  0  0  0  0  0  0  0  0  0  0  0
+      0x75f1d8db00: 0  0  0  0  0  0  0  0  0  0  0  0  0  0  0  0
+      0x75f1d8dc00: 0  0  0  0  0  0  0  0  0  0  0  0  0  0  0  0
+      0x75f1d8dd00: 0  0  0  0  0  0  0  0  0  0  0  0  0  0  0  0
+      0x75f1d8de00: 0  0  0  0  0  0  0  0  0  0  0  0  0  0  0  0
+
+Also happens in coredump.
+
+This problem only occurs when ZRAM is enabled, so we think there are
+some issues regarding swap in/out.
+
+Having compared the differences between Kernel-5.15 and Kernel-6.1,
+We found the order of swap_free() and set_pte_at() is changed in
+do_swap_page().
+
+When fault in, do_swap_page() will call swap_free() first:
+do_swap_page() -> swap_free() -> __swap_entry_free() ->
+free_swap_slot() -> swapcache_free_entries() -> swap_entry_free() ->
+swap_range_free() -> arch_swap_invalidate_page() ->
+mte_invalidate_tags_area() ->  mte_invalidate_tags() -> xa_erase()
+
+and then call set_pte_at():
+do_swap_page() -> set_pte_at() -> __set_pte_at() -> mte_sync_tags() ->
+mte_sync_page_tags() -> mte_restore_tags() -> xa_load()
+
+This means that the swap slot is invalidated before pte mapping, and
+this will cause the mte tag in XArray to be released before tag
+restore.
+
+After I moved swap_free() to the next line of set_pte_at(), the problem
+is disappeared.
+
+We suspect that the following patches, which have changed the order, do
+not consider the mte tag restoring in page fault flow:
+https://lore.kernel.org/all/20220131162940.210846-5-david@redhat.com/
+
+Any suggestion is appreciated.
+
+Thank you.
+
+</pre><!--type:text--><!--{--><pre>*********** MEDIATEK Confidentiality Notice
+ ***********
+The information contained in this e-mail message (including any
+attachments) may be confidential, proprietary, privileged, or
+otherwise exempt from disclosure under applicable laws. It is
+intended to be conveyed only to the designated recipient(s). Any
+use, dissemination, distribution, printing, retaining or copying
+of this e-mail (including its attachments) by unintended recipient(s)
+is strictly prohibited and may be unlawful. If you are not an
+intended recipient of this e-mail, or believe that you have received
+this e-mail in error, please notify the sender immediately
+(by replying to this e-mail), delete any and all copies of this
+e-mail (including any attachments) from your system, and do not
+disclose the content of this e-mail to any other person. Thank you!
+</pre><!--}-->
\ No newline at end of file
diff --git a/N1/2.hdr b/N1/2.hdr
new file mode 100644
index 0000000..45d76fc
--- /dev/null
+++ b/N1/2.hdr
@@ -0,0 +1,3 @@
+Content-Type: text/plain;
+ charset="utf-8"
+Content-Transfer-Encoding: base64
diff --git a/a/1.txt b/N1/2.txt
similarity index 100%
rename from a/1.txt
rename to N1/2.txt
diff --git a/a/content_digest b/N1/content_digest
index a182728..9e7d403 100644
--- a/a/content_digest
+++ b/N1/content_digest
@@ -23,7 +23,151 @@
" gregkh\@linuxfoundation.org <gregkh\@linuxfoundation.org>\0"
]
[
- "\0000:1\0"
+ "\0001:1\0"
+]
+[
+ "b\0"
+]
+[
+ "<pre>\r\n",
+ "Hi,\r\n",
+ "\r\n",
+ "We meet the mass MTE errors happened in Android T with kernel-6.1.\r\n",
+ "\r\n",
+ "When the system is under memory pressure, the MTE often triggers some\r\n",
+ "error reporting in userspace.\r\n",
+ "\r\n",
+ "Like the tombstone below, there are many reports with the acllocation\r\n",
+ "tags of 0:\r\n",
+ "\r\n",
+ "Build fingerprint:\r\n",
+ "'alps/vext_k6897v1_64/k6897v1_64:13/TP1A.220624.014/mp2ofp23:userdebug/\r\n",
+ "dev-keys'\r\n",
+ "Revision: '0'\r\n",
+ "ABI: 'arm64'\r\n",
+ "Timestamp: 2023-03-14 06:39:40.344251744+0800\r\n",
+ "Process uptime: 0s\r\n",
+ "Cmdline: /vendor/bin/hw/camerahalserver\r\n",
+ "pid: 988, tid: 1395, name: binder:988_3  >>>\r\n",
+ "/vendor/bin/hw/camerahalserver <<<\r\n",
+ "uid: 1047\r\n",
+ "tagged_addr_ctrl: 000000000007fff3 (PR_TAGGED_ADDR_ENABLE,\r\n",
+ "PR_MTE_TCF_SYNC, mask 0xfffe)\r\n",
+ "signal 11 (SIGSEGV), code 9 (SEGV_MTESERR), fault addr\r\n",
+ "0x0d000075f1d8d7f0\r\n",
+ "    x0  00000075018d3fb0  x1  00000000c0306201  x2  00000075018d3ae8  x\r\n",
+ "3  000000000000720c\r\n",
+ "    x4  0000000000000000  x5  0000000000000000  x6  00000642000004fe  x\r\n",
+ "7  0000054600000630\r\n",
+ "    x8  00000000fffffff2  x9  b34a1094e7e33c3f  x10\r\n",
+ "00000075018d3a80  x11 00000075018d3a50\r\n",
+ "    x12 ffffff80ffffffd0  x13 0000061e0000072c  x14\r\n",
+ "0000000000000004  x15 0000000000000000\r\n",
+ "    x16 00000077f2dfcd78  x17 00000077da3a8ff0  x18\r\n",
+ "00000075011bc000  x19 0d000075f1d8d898\r\n",
+ "    x20 0d000075f1d8d7f0  x21 0d000075f1d8d910  x22\r\n",
+ "0000000000000000  x23 00000000fffffff7\r\n",
+ "    x24 00000075018d4000  x25 0000000000000000  x26\r\n",
+ "00000075018d3ff8  x27 00000000000fc000\r\n",
+ "    x28 00000000000fe000  x29 00000075018d3b20\r\n",
+ "    lr  00000077f2d9f164  sp  00000075018d3ad0  pc  00000077f2d9f134  p\r\n",
+ "st 0000000080001000\r\n",
+ "\r\n",
+ "backtrace:\r\n",
+ "      #00 pc 000000000005d134  /system/lib64/libbinder.so\r\n",
+ "(android::IPCThreadState::talkWithDriver(bool)+244) (BuildId:\r\n",
+ "8b5612259e4a42521c430456ec5939c7)\r\n",
+ "      #01 pc 000000000005d448  /system/lib64/libbinder.so\r\n",
+ "(android::IPCThreadState::getAndExecuteCommand()+24) (BuildId:\r\n",
+ "8b5612259e4a42521c430456ec5939c7)\r\n",
+ "      #02 pc 000000000005dd64  /system/lib64/libbinder.so\r\n",
+ "(android::IPCThreadState::joinThreadPool(bool)+68) (BuildId:\r\n",
+ "8b5612259e4a42521c430456ec5939c7)\r\n",
+ "      #03 pc 000000000008dba8  /system/lib64/libbinder.so\r\n",
+ "(android::PoolThread::threadLoop()+24) (BuildId:\r\n",
+ "8b5612259e4a42521c430456ec5939c7)\r\n",
+ "      #04 pc 0000000000013440  /system/lib64/libutils.so\r\n",
+ "(android::Thread::_threadLoop(void*)+416) (BuildId:\r\n",
+ "10aac5d4a671e4110bc00c9b69d83d8a)\r\n",
+ "      #05 pc\r\n",
+ "00000000000c14cc  /apex/com.android.runtime/lib64/bionic/libc.so\r\n",
+ "(__pthread_start(void*)+204) (BuildId:\r\n",
+ "718ecc04753b519b0f6289a7a2fcf117)\r\n",
+ "      #06 pc\r\n",
+ "0000000000054930  /apex/com.android.runtime/lib64/bionic/libc.so\r\n",
+ "(__start_thread+64) (BuildId: 718ecc04753b519b0f6289a7a2fcf117)\r\n",
+ "\r\n",
+ "Memory tags around the fault address (0xd000075f1d8d7f0), one tag per\r\n",
+ "16 bytes:\r\n",
+ "      0x75f1d8cf00: 0  0  0  0  0  0  0  0  0  0  0  0  0  0  0  0\r\n",
+ "      0x75f1d8d000: 0  0  0  0  0  0  0  0  0  0  0  0  0  0  0  0\r\n",
+ "      0x75f1d8d100: 0  0  0  0  0  0  0  0  0  0  0  0  0  0  0  0\r\n",
+ "      0x75f1d8d200: 0  0  0  0  0  0  0  0  0  0  0  0  0  0  0  0\r\n",
+ "      0x75f1d8d300: 0  0  0  0  0  0  0  0  0  0  0  0  0  0  0  0\r\n",
+ "      0x75f1d8d400: 0  0  0  0  0  0  0  0  0  0  0  0  0  0  0  0\r\n",
+ "      0x75f1d8d500: 0  0  0  0  0  0  0  0  0  0  0  0  0  0  0  0\r\n",
+ "      0x75f1d8d600: 0  0  0  0  0  0  0  0  0  0  0  0  0  0  0  0\r\n",
+ "    =>0x75f1d8d700: 0  0  0  0  0  0  0  0  0  0  0  0  0  0  0 [0]\r\n",
+ "      0x75f1d8d800: 0  0  0  0  0  0  0  0  0  0  0  0  0  0  0  0\r\n",
+ "      0x75f1d8d900: 0  0  0  0  0  0  0  0  0  0  0  0  0  0  0  0\r\n",
+ "      0x75f1d8da00: 0  0  0  0  0  0  0  0  0  0  0  0  0  0  0  0\r\n",
+ "      0x75f1d8db00: 0  0  0  0  0  0  0  0  0  0  0  0  0  0  0  0\r\n",
+ "      0x75f1d8dc00: 0  0  0  0  0  0  0  0  0  0  0  0  0  0  0  0\r\n",
+ "      0x75f1d8dd00: 0  0  0  0  0  0  0  0  0  0  0  0  0  0  0  0\r\n",
+ "      0x75f1d8de00: 0  0  0  0  0  0  0  0  0  0  0  0  0  0  0  0\r\n",
+ "\r\n",
+ "Also happens in coredump.\r\n",
+ "\r\n",
+ "This problem only occurs when ZRAM is enabled, so we think there are\r\n",
+ "some issues regarding swap in/out.\r\n",
+ "\r\n",
+ "Having compared the differences between Kernel-5.15 and Kernel-6.1,\r\n",
+ "We found the order of swap_free() and set_pte_at() is changed in\r\n",
+ "do_swap_page().\r\n",
+ "\r\n",
+ "When fault in, do_swap_page() will call swap_free() first:\r\n",
+ "do_swap_page() -> swap_free() -> __swap_entry_free() ->\r\n",
+ "free_swap_slot() -> swapcache_free_entries() -> swap_entry_free() ->\r\n",
+ "swap_range_free() -> arch_swap_invalidate_page() ->\r\n",
+ "mte_invalidate_tags_area() ->  mte_invalidate_tags() -> xa_erase()\r\n",
+ "\r\n",
+ "and then call set_pte_at():\r\n",
+ "do_swap_page() -> set_pte_at() -> __set_pte_at() -> mte_sync_tags() ->\r\n",
+ "mte_sync_page_tags() -> mte_restore_tags() -> xa_load()\r\n",
+ "\r\n",
+ "This means that the swap slot is invalidated before pte mapping, and\r\n",
+ "this will cause the mte tag in XArray to be released before tag\r\n",
+ "restore.\r\n",
+ "\r\n",
+ "After I moved swap_free() to the next line of set_pte_at(), the problem\r\n",
+ "is disappeared.\r\n",
+ "\r\n",
+ "We suspect that the following patches, which have changed the order, do\r\n",
+ "not consider the mte tag restoring in page fault flow:\r\n",
+ "https://lore.kernel.org/all/20220131162940.210846-5-david\@redhat.com/\r\n",
+ "\r\n",
+ "Any suggestion is appreciated.\r\n",
+ "\r\n",
+ "Thank you.\r\n",
+ "\r\n",
+ "</pre><!--type:text--><!--{--><pre>*********** MEDIATEK Confidentiality Notice\r\n",
+ " ***********\r\n",
+ "The information contained in this e-mail message (including any \r\n",
+ "attachments) may be confidential, proprietary, privileged, or \r\n",
+ "otherwise exempt from disclosure under applicable laws. It is \r\n",
+ "intended to be conveyed only to the designated recipient(s). Any \r\n",
+ "use, dissemination, distribution, printing, retaining or copying \r\n",
+ "of this e-mail (including its attachments) by unintended recipient(s) \r\n",
+ "is strictly prohibited and may be unlawful. If you are not an \r\n",
+ "intended recipient of this e-mail, or believe that you have received \r\n",
+ "this e-mail in error, please notify the sender immediately \r\n",
+ "(by replying to this e-mail), delete any and all copies of this \r\n",
+ "e-mail (including any attachments) from your system, and do not \r\n",
+ "disclose the content of this e-mail to any other person. Thank you!\r\n",
+ "</pre><!--}-->"
+]
+[
+ "\0001:2\0"
]
[
"b\0"
@@ -150,4 +294,4 @@
"Thank you."
]
-988f384ef3d532272c83ccf4030f815c7dfbb61abf8d8fa174384d72c855a3db
+df2332e744a263820e8601467bbb8c4767ae193266534411caabedfa1d4a6596
diff --git a/a/1.txt b/N2/1.txt
index 8af6e49..9d0ae1c 100644
--- a/a/1.txt
+++ b/N2/1.txt
@@ -116,4 +116,8 @@ https://lore.kernel.org/all/20220131162940.210846-5-david@redhat.com/
Any suggestion is appreciated.
-Thank you.
\ No newline at end of file
+Thank you.
+_______________________________________________
+linux-arm-kernel mailing list
+linux-arm-kernel@lists.infradead.org
+http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
\ No newline at end of file
diff --git a/a/content_digest b/N2/content_digest
index a182728..e320f15 100644
--- a/a/content_digest
+++ b/N2/content_digest
@@ -147,7 +147,11 @@
"\n",
"Any suggestion is appreciated.\n",
"\n",
- "Thank you."
+ "Thank you.\n",
+ "_______________________________________________\n",
+ "linux-arm-kernel mailing list\n",
+ "linux-arm-kernel\@lists.infradead.org\n",
+ "http://lists.infradead.org/mailman/listinfo/linux-arm-kernel"
]
-988f384ef3d532272c83ccf4030f815c7dfbb61abf8d8fa174384d72c855a3db
+7da219fe959aba163b4899f81bcc9c6d109d971e13bbc6b8cf7f1daaf14d9f34
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.