From: Anshuman Khandual <anshuman.khandual@arm.com>
To: Christophe Leroy <christophe.leroy@c-s.fr>,
Rong Chen <rong.a.chen@intel.com>,
kernel test robot <lkp@intel.com>
Cc: Ingo Molnar <mingo@kernel.org>,
Andrew Morton <akpm@linux-foundation.org>,
Linux Memory Management List <linux-mm@kvack.org>,
LKP <lkp@lists.01.org>
Subject: Re: [LKP] Re: 87c4696d57 ("mm/debug: Add tests validating architecture page .."): [ 1.395296] kernel BUG at include/linux/mm.h:2007!
Date: Mon, 27 Jan 2020 13:34:50 +0530 [thread overview]
Message-ID: <628ec098-9343-5b92-7bca-ad330533e828@arm.com> (raw)
In-Reply-To: <1077e260-d2c3-fcc6-1150-fb46b6273db3@c-s.fr>
On 01/24/2020 02:22 PM, Christophe Leroy wrote:
>
>
> Le 24/01/2020 à 08:17, Anshuman Khandual a écrit :
>>
>> On 01/07/2020 12:00 PM, Rong Chen wrote:
>>>
>>>
>>> On 1/7/20 1:57 PM, Anshuman Khandual wrote:
>>>> On 12/26/2019 02:19 PM, kernel test robot wrote:
>> ...............................................
>> p4d_free(mm, saved_p4dp);
>> pud_free(mm, saved_pudp);
>> pmd_free(mm, saved_pmdp);
>> pte_free(mm, saved_ptep);
>> mm_dec_nr_puds(mm);
>> mm_dec_nr_pmds(mm);
>> mm_dec_nr_ptes(mm);
>> __mmdrop(mm);
>> ..............................................
>>
>
> You should use mmdrop() instead of __mmdrop(), shouldn't you ?
Yes, though I am afraid that it does not change much as mm->mm_count
gets initialized to 1 through mm_alloc()->mm_init(). But will fix
this next time around.
Coming back to the original problem, seems like both the reported bugs
are probably related and because of CONFIG_X86_PAE. On X86 PAE systems,
there are these additional user and kernel PMD pages which are stored
in the page table (PREALLOCATED_USER_PMDS and MAX_PREALLOCATED_PMDS).
pgd_alloc()
preallocate_pmds()
__get_free_page()
pgtable_pmd_page_ctor()
pgd_prepopulate_pmd()
p4d = p4d_offset(pgd, 0);
pud = pud_offset(p4d, 0);
pud_populate(mm, pud, pmd); /* For each pre-allocated PMD */
The test case explicitly allocates and frees intermittent level page
table pages for any given vaddr. So when __mmdrop() --> pgd_free() -->
mop_up_pmds() --> mop_up_one_pmd() --> pmd_free(), it tries to free some
possible garbage memory (probably caused by the test case) and hits
VM_BUG_ON().
The test assumes a bare bones page table to conduct the test and the PAE
based page table setup violates that assumption. Will disable this test
on x86 platform when CONFIG_X86_PAE is enabled.
>
> Christophe
>
WARNING: multiple messages have this Message-ID (diff)
From: Anshuman Khandual <anshuman.khandual@arm.com>
To: lkp@lists.01.org
Subject: Re: 87c4696d57 ("mm/debug: Add tests validating architecture page .."): [ 1.395296] kernel BUG at include/linux/mm.h:2007!
Date: Mon, 27 Jan 2020 13:34:50 +0530 [thread overview]
Message-ID: <628ec098-9343-5b92-7bca-ad330533e828@arm.com> (raw)
In-Reply-To: <1077e260-d2c3-fcc6-1150-fb46b6273db3@c-s.fr>
[-- Attachment #1: Type: text/plain, Size: 2030 bytes --]
On 01/24/2020 02:22 PM, Christophe Leroy wrote:
>
>
> Le 24/01/2020 à 08:17, Anshuman Khandual a écrit :
>>
>> On 01/07/2020 12:00 PM, Rong Chen wrote:
>>>
>>>
>>> On 1/7/20 1:57 PM, Anshuman Khandual wrote:
>>>> On 12/26/2019 02:19 PM, kernel test robot wrote:
>> ...............................................
>> p4d_free(mm, saved_p4dp);
>> pud_free(mm, saved_pudp);
>> pmd_free(mm, saved_pmdp);
>> pte_free(mm, saved_ptep);
>> mm_dec_nr_puds(mm);
>> mm_dec_nr_pmds(mm);
>> mm_dec_nr_ptes(mm);
>> __mmdrop(mm);
>> ..............................................
>>
>
> You should use mmdrop() instead of __mmdrop(), shouldn't you ?
Yes, though I am afraid that it does not change much as mm->mm_count
gets initialized to 1 through mm_alloc()->mm_init(). But will fix
this next time around.
Coming back to the original problem, seems like both the reported bugs
are probably related and because of CONFIG_X86_PAE. On X86 PAE systems,
there are these additional user and kernel PMD pages which are stored
in the page table (PREALLOCATED_USER_PMDS and MAX_PREALLOCATED_PMDS).
pgd_alloc()
preallocate_pmds()
__get_free_page()
pgtable_pmd_page_ctor()
pgd_prepopulate_pmd()
p4d = p4d_offset(pgd, 0);
pud = pud_offset(p4d, 0);
pud_populate(mm, pud, pmd); /* For each pre-allocated PMD */
The test case explicitly allocates and frees intermittent level page
table pages for any given vaddr. So when __mmdrop() --> pgd_free() -->
mop_up_pmds() --> mop_up_one_pmd() --> pmd_free(), it tries to free some
possible garbage memory (probably caused by the test case) and hits
VM_BUG_ON().
The test assumes a bare bones page table to conduct the test and the PAE
based page table setup violates that assumption. Will disable this test
on x86 platform when CONFIG_X86_PAE is enabled.
>
> Christophe
>
next prev parent reply other threads:[~2020-01-27 8:04 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-12-26 8:49 87c4696d57 ("mm/debug: Add tests validating architecture page .."): [ 1.395296] kernel BUG at include/linux/mm.h:2007! kernel test robot
2019-12-26 8:49 ` kernel test robot
2020-01-07 5:57 ` Anshuman Khandual
2020-01-07 5:57 ` Anshuman Khandual
2020-01-07 6:30 ` [LKP] " Rong Chen
2020-01-07 6:30 ` Rong Chen
2020-01-24 7:17 ` [LKP] " Anshuman Khandual
2020-01-24 7:17 ` Anshuman Khandual
2020-01-24 8:52 ` [LKP] " Christophe Leroy
2020-01-24 8:52 ` Christophe Leroy
2020-01-27 8:04 ` Anshuman Khandual [this message]
2020-01-27 8:04 ` Anshuman Khandual
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=628ec098-9343-5b92-7bca-ad330533e828@arm.com \
--to=anshuman.khandual@arm.com \
--cc=akpm@linux-foundation.org \
--cc=christophe.leroy@c-s.fr \
--cc=linux-mm@kvack.org \
--cc=lkp@intel.com \
--cc=lkp@lists.01.org \
--cc=mingo@kernel.org \
--cc=rong.a.chen@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.