2021-04-16 08:50:54

by Zhou Yanjie

[permalink] [raw]
Subject: [PATCH] Revert "MIPS: make userspace mapping young by default".

This reverts commit f685a533a7fab35c5d069dcd663f59c8e4171a75.

It cause kernel panic on Ingenic X1830, so let's revert it.

Signed-off-by: 周琰杰 (Zhou Yanjie) <[email protected]>
---
arch/mips/mm/cache.c | 31 ++++++++++++++-----------------
1 file changed, 14 insertions(+), 17 deletions(-)

diff --git a/arch/mips/mm/cache.c b/arch/mips/mm/cache.c
index 7719d63..9cfd432 100644
--- a/arch/mips/mm/cache.c
+++ b/arch/mips/mm/cache.c
@@ -21,7 +21,6 @@
#include <asm/cpu.h>
#include <asm/cpu-features.h>
#include <asm/setup.h>
-#include <asm/pgtable.h>

/* Cache operations. */
void (*flush_cache_all)(void);
@@ -157,31 +156,29 @@ unsigned long _page_cachable_default;
EXPORT_SYMBOL(_page_cachable_default);

#define PM(p) __pgprot(_page_cachable_default | (p))
-#define PVA(p) PM(_PAGE_VALID | _PAGE_ACCESSED | (p))

static inline void setup_protection_map(void)
{
protection_map[0] = PM(_PAGE_PRESENT | _PAGE_NO_EXEC | _PAGE_NO_READ);
- protection_map[1] = PVA(_PAGE_PRESENT | _PAGE_NO_EXEC);
- protection_map[2] = PVA(_PAGE_PRESENT | _PAGE_NO_EXEC | _PAGE_NO_READ);
- protection_map[3] = PVA(_PAGE_PRESENT | _PAGE_NO_EXEC);
- protection_map[4] = PVA(_PAGE_PRESENT);
- protection_map[5] = PVA(_PAGE_PRESENT);
- protection_map[6] = PVA(_PAGE_PRESENT);
- protection_map[7] = PVA(_PAGE_PRESENT);
+ protection_map[1] = PM(_PAGE_PRESENT | _PAGE_NO_EXEC);
+ protection_map[2] = PM(_PAGE_PRESENT | _PAGE_NO_EXEC | _PAGE_NO_READ);
+ protection_map[3] = PM(_PAGE_PRESENT | _PAGE_NO_EXEC);
+ protection_map[4] = PM(_PAGE_PRESENT);
+ protection_map[5] = PM(_PAGE_PRESENT);
+ protection_map[6] = PM(_PAGE_PRESENT);
+ protection_map[7] = PM(_PAGE_PRESENT);

protection_map[8] = PM(_PAGE_PRESENT | _PAGE_NO_EXEC | _PAGE_NO_READ);
- protection_map[9] = PVA(_PAGE_PRESENT | _PAGE_NO_EXEC);
- protection_map[10] = PVA(_PAGE_PRESENT | _PAGE_NO_EXEC | _PAGE_WRITE |
+ protection_map[9] = PM(_PAGE_PRESENT | _PAGE_NO_EXEC);
+ protection_map[10] = PM(_PAGE_PRESENT | _PAGE_NO_EXEC | _PAGE_WRITE |
_PAGE_NO_READ);
- protection_map[11] = PVA(_PAGE_PRESENT | _PAGE_NO_EXEC | _PAGE_WRITE);
- protection_map[12] = PVA(_PAGE_PRESENT);
- protection_map[13] = PVA(_PAGE_PRESENT);
- protection_map[14] = PVA(_PAGE_PRESENT);
- protection_map[15] = PVA(_PAGE_PRESENT);
+ protection_map[11] = PM(_PAGE_PRESENT | _PAGE_NO_EXEC | _PAGE_WRITE);
+ protection_map[12] = PM(_PAGE_PRESENT);
+ protection_map[13] = PM(_PAGE_PRESENT);
+ protection_map[14] = PM(_PAGE_PRESENT | _PAGE_WRITE);
+ protection_map[15] = PM(_PAGE_PRESENT | _PAGE_WRITE);
}

-#undef _PVA
#undef PM

void cpu_cache_init(void)
--
2.7.4


2021-04-16 12:00:29

by Huang Pei

[permalink] [raw]
Subject: Re: [PATCH] Revert "MIPS: make userspace mapping young by default".

Is there any log about the panic?

  Original Message  
From: 周琰杰 (Zhou Yanjie)
Sent: 2021年4月16日星期五 16:48
To: [email protected]
Cc: [email protected]; [email protected]; [email protected]; [email protected]; [email protected]; [email protected]; [email protected]; [email protected]; [email protected]; [email protected]; [email protected]; [email protected]; [email protected]; [email protected]; [email protected]
Subject: [PATCH] Revert "MIPS: make userspace mapping young by default".

This reverts commit f685a533a7fab35c5d069dcd663f59c8e4171a75.

It cause kernel panic on Ingenic X1830, so let's revert it.

Signed-off-by: 周琰杰 (Zhou Yanjie) <[email protected]>
---
arch/mips/mm/cache.c | 31 ++++++++++++++-----------------
1 file changed, 14 insertions(+), 17 deletions(-)

diff --git a/arch/mips/mm/cache.c b/arch/mips/mm/cache.c
index 7719d63..9cfd432 100644
--- a/arch/mips/mm/cache.c
+++ b/arch/mips/mm/cache.c
@@ -21,7 +21,6 @@
#include <asm/cpu.h>
#include <asm/cpu-features.h>
#include <asm/setup.h>
-#include <asm/pgtable.h>

/* Cache operations. */
void (*flush_cache_all)(void);
@@ -157,31 +156,29 @@ unsigned long _page_cachable_default;
EXPORT_SYMBOL(_page_cachable_default);

#define PM(p) __pgprot(_page_cachable_default | (p))
-#define PVA(p) PM(_PAGE_VALID | _PAGE_ACCESSED | (p))

static inline void setup_protection_map(void)
{
protection_map[0] = PM(_PAGE_PRESENT | _PAGE_NO_EXEC | _PAGE_NO_READ);
- protection_map[1] = PVA(_PAGE_PRESENT | _PAGE_NO_EXEC);
- protection_map[2] = PVA(_PAGE_PRESENT | _PAGE_NO_EXEC | _PAGE_NO_READ);
- protection_map[3] = PVA(_PAGE_PRESENT | _PAGE_NO_EXEC);
- protection_map[4] = PVA(_PAGE_PRESENT);
- protection_map[5] = PVA(_PAGE_PRESENT);
- protection_map[6] = PVA(_PAGE_PRESENT);
- protection_map[7] = PVA(_PAGE_PRESENT);
+ protection_map[1] = PM(_PAGE_PRESENT | _PAGE_NO_EXEC);
+ protection_map[2] = PM(_PAGE_PRESENT | _PAGE_NO_EXEC | _PAGE_NO_READ);
+ protection_map[3] = PM(_PAGE_PRESENT | _PAGE_NO_EXEC);
+ protection_map[4] = PM(_PAGE_PRESENT);
+ protection_map[5] = PM(_PAGE_PRESENT);
+ protection_map[6] = PM(_PAGE_PRESENT);
+ protection_map[7] = PM(_PAGE_PRESENT);

protection_map[8] = PM(_PAGE_PRESENT | _PAGE_NO_EXEC | _PAGE_NO_READ);
- protection_map[9] = PVA(_PAGE_PRESENT | _PAGE_NO_EXEC);
- protection_map[10] = PVA(_PAGE_PRESENT | _PAGE_NO_EXEC | _PAGE_WRITE |
+ protection_map[9] = PM(_PAGE_PRESENT | _PAGE_NO_EXEC);
+ protection_map[10] = PM(_PAGE_PRESENT | _PAGE_NO_EXEC | _PAGE_WRITE |
_PAGE_NO_READ);
- protection_map[11] = PVA(_PAGE_PRESENT | _PAGE_NO_EXEC | _PAGE_WRITE);
- protection_map[12] = PVA(_PAGE_PRESENT);
- protection_map[13] = PVA(_PAGE_PRESENT);
- protection_map[14] = PVA(_PAGE_PRESENT);
- protection_map[15] = PVA(_PAGE_PRESENT);
+ protection_map[11] = PM(_PAGE_PRESENT | _PAGE_NO_EXEC | _PAGE_WRITE);
+ protection_map[12] = PM(_PAGE_PRESENT);
+ protection_map[13] = PM(_PAGE_PRESENT);
+ protection_map[14] = PM(_PAGE_PRESENT | _PAGE_WRITE);
+ protection_map[15] = PM(_PAGE_PRESENT | _PAGE_WRITE);
}

-#undef _PVA
#undef PM

void cpu_cache_init(void)
--
2.7.4

2021-04-19 04:57:29

by Huang Pei

[permalink] [raw]
Subject: Re: [PATCH] Revert "MIPS: make userspace mapping young by default".

On Sat, Apr 17, 2021 at 12:45:59AM +0800, Zhou Yanjie wrote:
>
> On 2021/4/16 下午5:20, 黄沛 wrote:
> > Is there any log about the panic?
>
>
> Yes, below is the log:
>
>
> [  195.436017] CPU 0 Unable to handle kernel paging request at virtual
> address 77eb8000, epc == 80117868, ra == 80118208
> [  195.446709] Oops[#1]:
> [  195.448977] CPU: 0 PID: 1461 Comm: Xsession Not tainted
> 5.12.0-rc6-00227-gc8fc6defbd2e-dirty #1
> [  195.457661] $ 0   : 00000000 00000001 80117864 77eb9000
> [  195.462888] $ 4   : 77eb8000 82419600 838ea000 82482ba0
> [  195.468116] $ 8   : 826f8b18 8306f800 000072d5 8306f800
> [  195.473343] $12   : 00000002 00000a03 00000001 00000402
> [  195.478568] $16   : 77eb8000 809faf60 00000004 82482ba0
> [  195.483794] $20   : 77eb8000 82419600 82482ba0 80860000
> [  195.489021] $24   : 8086121c 80117864
> [  195.494248] $28   : 838ea000 838ebd70 00000000 80118208
> [  195.499475] Hi    : 00008c4e
> [  195.502343] Lo    : 00004627
> [  195.505212] epc   : 80117868 r4k_blast_dcache_page_dc32+0x4/0x9c
> [  195.511217] ra    : 80118208 local_r4k_flush_cache_page+0x120/0x1b8
> [  195.517476] Status: 10001403 KERNEL EXL IE
> [  195.521657] Cause : 4080800c (ExcCode 03)
> [  195.525654] BadVA : 77eb8000
> [  195.528523] PrId  : 00d00100 (Ingenic XBurst)
> [  195.532866] Modules linked in:
> [  195.535911] Process Xsession (pid: 1461, threadinfo=00975a3e,
> task=3724fd66, tls=77ebd690)
> [  195.544162] Stack : 808a05ec f7edcbfd 8306f800 00000000 80860000 809faf60
> 80990a3c 80117f90
> [  195.552524]         809faf60 82419600 8306f800 801fd84c 00000000 801180b4
> 838ebe80 80110b7c
> [  195.560887]         80990a3c 82482ba0 82482ba0 77eb8000 00004627 f7edcbfd
> 838ebe80 801cbc08
> [  195.569249]         00000001 181b2000 00000000 801fa06c 00000000 83999ae0
> 80860000 00000004
> [  195.577610]         80990a3c f7edcbfd 80990a3c 838ebe80 00000004 80990a3c
> 82482ba0 04627685
> [  195.585973]         ...
> [  195.588413] Call Trace:
> [  195.590849] [<80117868>] r4k_blast_dcache_page_dc32+0x4/0x9c
> [  195.596501] [<80118208>] local_r4k_flush_cache_page+0x120/0x1b8
> [  195.602413] [<80117f90>] r4k_on_each_cpu.isra.8+0x24/0x58
> [  195.607805] [<801180b4>] r4k_flush_cache_page+0x34/0x58
> [  195.613023] [<801cbc08>] wp_page_copy+0x3a8/0x56c
> [  195.617723] [<801ce944>] do_swap_page+0x4cc/0x558
> [  195.622419] [<801cf3f8>] handle_mm_fault+0x790/0x93c
> [  195.627374] [<8011025c>] do_page_fault+0x19c/0x540
> [  195.632159] [<801142f0>] tlb_do_page_fault_1+0x10c/0x11c
> [  195.637465]
> [  195.638947] Code: 03e00008  00000000  24831000 <bc950000> bc950020 
> bc950040  bc950060  bc950080  bc9500a0
> [  195.648706]
> [  195.650243] ---[ end trace 7cc7d7f611932c42 ]---
> [  195.654857] Kernel panic - not syncing: Fatal exception
> [  195.660072] Rebooting in 10 seconds..
>
>
> this problem can be triggered stably (by use Microsoft Remote Desktop client
> to login to debian9 running on CU1830-Neo).
>
Could you print out the PTE value at 0x77eb8000 ?

I really have no idea of how the page_prot setting affecting the swap
handling.

>
> Thanks and best regards!
>
>
> >
> >   Original Message
> > From: 周琰杰 (Zhou Yanjie)
> > Sent: 2021年4月16日星期五 16:48
> > To: [email protected]
> > Cc: [email protected]; [email protected]; [email protected]; [email protected]; [email protected]; [email protected]; [email protected]; [email protected]; [email protected]; [email protected]; [email protected]; [email protected]; [email protected]; [email protected]; [email protected]
> > Subject: [PATCH] Revert "MIPS: make userspace mapping young by default".
> >
> > This reverts commit f685a533a7fab35c5d069dcd663f59c8e4171a75.
> >
> > It cause kernel panic on Ingenic X1830, so let's revert it.
> >
> > Signed-off-by: 周琰杰 (Zhou Yanjie) <[email protected]>
> > ---
> > arch/mips/mm/cache.c | 31 ++++++++++++++-----------------
> > 1 file changed, 14 insertions(+), 17 deletions(-)
> >
> > diff --git a/arch/mips/mm/cache.c b/arch/mips/mm/cache.c
> > index 7719d63..9cfd432 100644
> > --- a/arch/mips/mm/cache.c
> > +++ b/arch/mips/mm/cache.c
> > @@ -21,7 +21,6 @@
> > #include <asm/cpu.h>
> > #include <asm/cpu-features.h>
> > #include <asm/setup.h>
> > -#include <asm/pgtable.h>
> >
> > /* Cache operations. */
> > void (*flush_cache_all)(void);
> > @@ -157,31 +156,29 @@ unsigned long _page_cachable_default;
> > EXPORT_SYMBOL(_page_cachable_default);
> >
> > #define PM(p) __pgprot(_page_cachable_default | (p))
> > -#define PVA(p) PM(_PAGE_VALID | _PAGE_ACCESSED | (p))
> >
> > static inline void setup_protection_map(void)
> > {
> > protection_map[0] = PM(_PAGE_PRESENT | _PAGE_NO_EXEC | _PAGE_NO_READ);
> > - protection_map[1] = PVA(_PAGE_PRESENT | _PAGE_NO_EXEC);
> > - protection_map[2] = PVA(_PAGE_PRESENT | _PAGE_NO_EXEC | _PAGE_NO_READ);
> > - protection_map[3] = PVA(_PAGE_PRESENT | _PAGE_NO_EXEC);
> > - protection_map[4] = PVA(_PAGE_PRESENT);
> > - protection_map[5] = PVA(_PAGE_PRESENT);
> > - protection_map[6] = PVA(_PAGE_PRESENT);
> > - protection_map[7] = PVA(_PAGE_PRESENT);
> > + protection_map[1] = PM(_PAGE_PRESENT | _PAGE_NO_EXEC);
> > + protection_map[2] = PM(_PAGE_PRESENT | _PAGE_NO_EXEC | _PAGE_NO_READ);
> > + protection_map[3] = PM(_PAGE_PRESENT | _PAGE_NO_EXEC);
> > + protection_map[4] = PM(_PAGE_PRESENT);
> > + protection_map[5] = PM(_PAGE_PRESENT);
> > + protection_map[6] = PM(_PAGE_PRESENT);
> > + protection_map[7] = PM(_PAGE_PRESENT);
> >
> > protection_map[8] = PM(_PAGE_PRESENT | _PAGE_NO_EXEC | _PAGE_NO_READ);
> > - protection_map[9] = PVA(_PAGE_PRESENT | _PAGE_NO_EXEC);
> > - protection_map[10] = PVA(_PAGE_PRESENT | _PAGE_NO_EXEC | _PAGE_WRITE |
> > + protection_map[9] = PM(_PAGE_PRESENT | _PAGE_NO_EXEC);
> > + protection_map[10] = PM(_PAGE_PRESENT | _PAGE_NO_EXEC | _PAGE_WRITE |
> > _PAGE_NO_READ);
> > - protection_map[11] = PVA(_PAGE_PRESENT | _PAGE_NO_EXEC | _PAGE_WRITE);
> > - protection_map[12] = PVA(_PAGE_PRESENT);
> > - protection_map[13] = PVA(_PAGE_PRESENT);
> > - protection_map[14] = PVA(_PAGE_PRESENT);
> > - protection_map[15] = PVA(_PAGE_PRESENT);
> > + protection_map[11] = PM(_PAGE_PRESENT | _PAGE_NO_EXEC | _PAGE_WRITE);
> > + protection_map[12] = PM(_PAGE_PRESENT);
> > + protection_map[13] = PM(_PAGE_PRESENT);
> > + protection_map[14] = PM(_PAGE_PRESENT | _PAGE_WRITE);
> > + protection_map[15] = PM(_PAGE_PRESENT | _PAGE_WRITE);
> > }
> >
> > -#undef _PVA
> > #undef PM
> >
> > void cpu_cache_init(void)

2021-04-19 18:53:57

by Zhou Yanjie

[permalink] [raw]
Subject: Re: [PATCH] Revert "MIPS: make userspace mapping young by default".

Hi

On 2021/4/19 下午12:56, Huang Pei wrote:
> On Sat, Apr 17, 2021 at 12:45:59AM +0800, Zhou Yanjie wrote:
>> On 2021/4/16 下午5:20, 黄沛 wrote:
>>> Is there any log about the panic?
>>
>> Yes, below is the log:
>>
>>
>> [  195.436017] CPU 0 Unable to handle kernel paging request at virtual
>> address 77eb8000, epc == 80117868, ra == 80118208
>> [  195.446709] Oops[#1]:
>> [  195.448977] CPU: 0 PID: 1461 Comm: Xsession Not tainted
>> 5.12.0-rc6-00227-gc8fc6defbd2e-dirty #1
>> [  195.457661] $ 0   : 00000000 00000001 80117864 77eb9000
>> [  195.462888] $ 4   : 77eb8000 82419600 838ea000 82482ba0
>> [  195.468116] $ 8   : 826f8b18 8306f800 000072d5 8306f800
>> [  195.473343] $12   : 00000002 00000a03 00000001 00000402
>> [  195.478568] $16   : 77eb8000 809faf60 00000004 82482ba0
>> [  195.483794] $20   : 77eb8000 82419600 82482ba0 80860000
>> [  195.489021] $24   : 8086121c 80117864
>> [  195.494248] $28   : 838ea000 838ebd70 00000000 80118208
>> [  195.499475] Hi    : 00008c4e
>> [  195.502343] Lo    : 00004627
>> [  195.505212] epc   : 80117868 r4k_blast_dcache_page_dc32+0x4/0x9c
>> [  195.511217] ra    : 80118208 local_r4k_flush_cache_page+0x120/0x1b8
>> [  195.517476] Status: 10001403 KERNEL EXL IE
>> [  195.521657] Cause : 4080800c (ExcCode 03)
>> [  195.525654] BadVA : 77eb8000
>> [  195.528523] PrId  : 00d00100 (Ingenic XBurst)
>> [  195.532866] Modules linked in:
>> [  195.535911] Process Xsession (pid: 1461, threadinfo=00975a3e,
>> task=3724fd66, tls=77ebd690)
>> [  195.544162] Stack : 808a05ec f7edcbfd 8306f800 00000000 80860000 809faf60
>> 80990a3c 80117f90
>> [  195.552524]         809faf60 82419600 8306f800 801fd84c 00000000 801180b4
>> 838ebe80 80110b7c
>> [  195.560887]         80990a3c 82482ba0 82482ba0 77eb8000 00004627 f7edcbfd
>> 838ebe80 801cbc08
>> [  195.569249]         00000001 181b2000 00000000 801fa06c 00000000 83999ae0
>> 80860000 00000004
>> [  195.577610]         80990a3c f7edcbfd 80990a3c 838ebe80 00000004 80990a3c
>> 82482ba0 04627685
>> [  195.585973]         ...
>> [  195.588413] Call Trace:
>> [  195.590849] [<80117868>] r4k_blast_dcache_page_dc32+0x4/0x9c
>> [  195.596501] [<80118208>] local_r4k_flush_cache_page+0x120/0x1b8
>> [  195.602413] [<80117f90>] r4k_on_each_cpu.isra.8+0x24/0x58
>> [  195.607805] [<801180b4>] r4k_flush_cache_page+0x34/0x58
>> [  195.613023] [<801cbc08>] wp_page_copy+0x3a8/0x56c
>> [  195.617723] [<801ce944>] do_swap_page+0x4cc/0x558
>> [  195.622419] [<801cf3f8>] handle_mm_fault+0x790/0x93c
>> [  195.627374] [<8011025c>] do_page_fault+0x19c/0x540
>> [  195.632159] [<801142f0>] tlb_do_page_fault_1+0x10c/0x11c
>> [  195.637465]
>> [  195.638947] Code: 03e00008  00000000  24831000 <bc950000> bc950020
>> bc950040  bc950060  bc950080  bc9500a0
>> [  195.648706]
>> [  195.650243] ---[ end trace 7cc7d7f611932c42 ]---
>> [  195.654857] Kernel panic - not syncing: Fatal exception
>> [  195.660072] Rebooting in 10 seconds..
>>
>>
>> this problem can be triggered stably (by use Microsoft Remote Desktop client
>> to login to debian9 running on CU1830-Neo).
>>
> Could you print out the PTE value at 0x77eb8000 ?


Here is the new log:


[   33.681712] CPU 0 Unable to handle kernel paging request at virtual
address 77ea4000, epc == 801178ac, ra == 80118250
[   33.692395] Oops[#1]:
[   33.694662] CPU: 0 PID: 1389 Comm: Xsession Not tainted
5.12.0-rc8-dirty #2
[   33.701612] $ 0   : 00000000 00000001 801178a8 77ea5000
[   33.706839] $ 4   : 77ea4000 81bcd220 80118130 856712a0
[   33.712066] $ 8   : 833e4a80 8544b800 000070a8 8544b800
[   33.717293] $12   : 00000002 000005b7 00000001 00000000
[   33.722518] $16   : 81bcd220 77ea4000 80a11ad8 00000004
[   33.727745] $20   : 77ea4000 81bcd220 856712a0 80860000
[   33.732972] $24   : 0000001c 801178a8
[   33.738197] $28   : 82564000 82565d68 00000000 80118250
[   33.743424] Hi    : 0000f0cc
[   33.746293] Lo    : 00007866
[   33.749162] epc   : 801178ac r4k_blast_dcache_page_dc32+0x4/0x9c
[   33.755166] ra    : 80118250 local_r4k_flush_cache_page+0x120/0x2c8
[   33.761425] Status: 10001403 KERNEL EXL IE
[   33.765605] Cause : 4080800c (ExcCode 03)
[   33.769603] BadVA : 77ea4000
[   33.772472] PrId  : 00d00100 (Ingenic XBurst)
[   33.776816] Modules linked in:
[   33.779861] Process Xsession (pid: 1389, threadinfo=c8bdf64c,
task=2372d853, tls=77ea9690)
[   33.788111] Stack : 808a256c 00000000 808a256c bfa6939a 8544b800
80860000 8094d308 80a11ad8
[   33.796474]         856712a0 80117fd8 8094d308 81bcd220 8544b800
801fdb10 80945ce8 801180fc
[   33.804838]         82565e80 80110b8c 80a11ad8 856712a0 856712a0
77ea4000 00007866 bfa6939a
[   33.813201]         82565e80 801cbe38 00000000 bfa6939a 80863494
801fa2c0 856712a0 82562a90
[   33.821564]         80860000 00000000 80a11ad8 bfa6939a 80a11ad8
82565e80 00000000 80a11ad8
[   33.829927]         ...
[   33.832367] Call Trace:
[   33.834803] [<801178ac>] r4k_blast_dcache_page_dc32+0x4/0x9c
[   33.840455] [<80118250>] local_r4k_flush_cache_page+0x120/0x2c8
[   33.846367] [<80117fd8>] r4k_on_each_cpu.isra.10+0x24/0x58
[   33.851845] [<801180fc>] r4k_flush_cache_page+0x34/0x58
[   33.857062] [<801cbe38>] wp_page_copy+0x3a8/0x56c
[   33.861763] [<801ceb74>] do_swap_page+0x4cc/0x558
[   33.866458] [<801cf628>] handle_mm_fault+0x790/0x93c
[   33.871414] [<8011026c>] do_page_fault+0x19c/0x540
[   33.876199] [<80114300>] tlb_do_page_fault_1+0x10c/0x11c
[   33.881506]
[   33.882987] Index:  5 pgmask=4kb va=77ea2000 asid=fd
[   33.882987]  [pa=02a99000 c=3 d=1 v=1 g=0] [pa=0690d000 c=3 d=0 v=0 g=0]
[   33.894635] Index:  6 pgmask=4kb va=77dc4000 asid=fd
[   33.894635]  [pa=01d30000 c=3 d=0 v=1 g=0] [pa=01d31000 c=3 d=0 v=1 g=0]
[   33.906281] Index:  7 pgmask=4kb va=77dc0000 asid=fd
[   33.906281]  [pa=01d2c000 c=3 d=0 v=1 g=0] [pa=01d2d000 c=3 d=0 v=1 g=0]
[   33.917928] Index:  8 pgmask=4kb va=77dc2000 asid=fd
[   33.917928]  [pa=01d2e000 c=3 d=0 v=1 g=0] [pa=01d2f000 c=3 d=0 v=1 g=0]
[   33.929574] Index:  9 pgmask=4kb va=77dc6000 asid=fd
[   33.929574]  [pa=01d32000 c=3 d=0 v=1 g=0] [pa=01d33000 c=3 d=0 v=1 g=0]
[   33.941220] Index: 10 pgmask=4kb va=77dc8000 asid=fd
[   33.941220]  [pa=01d34000 c=3 d=0 v=1 g=0] [pa=01d35000 c=3 d=0 v=1 g=0]
[   33.952866] Index: 11 pgmask=4kb va=77dca000 asid=fd
[   33.952866]  [pa=01d36000 c=3 d=0 v=1 g=0] [pa=01d37000 c=3 d=0 v=1 g=0]
[   33.964512] Index: 12 pgmask=4kb va=77dcc000 asid=fd
[   33.964512]  [pa=01d38000 c=3 d=0 v=1 g=0] [pa=01d39000 c=3 d=0 v=1 g=0]
[   33.976159] Index: 13 pgmask=4kb va=77dce000 asid=fd
[   33.976159]  [pa=01d3a000 c=3 d=0 v=1 g=0] [pa=01d3b000 c=3 d=0 v=1 g=0]
[   33.987805] Index: 14 pgmask=4kb va=77d82000 asid=fd
[   33.987805]  [pa=01dbd000 c=3 d=0 v=1 g=0] [pa=01dbe000 c=3 d=0 v=1 g=0]
[   33.999451] Index: 15 pgmask=4kb va=77d80000 asid=fd
[   33.999451]  [pa=01dbb000 c=3 d=0 v=1 g=0] [pa=01dbc000 c=3 d=0 v=1 g=0]
[   34.011097] Index: 16 pgmask=4kb va=77d84000 asid=fd
[   34.011097]  [pa=01dbf000 c=3 d=0 v=1 g=0] [pa=01dc0000 c=3 d=0 v=1 g=0]
[   34.022743] Index: 17 pgmask=4kb va=77d86000 asid=fd
[   34.022743]  [pa=01dc1000 c=3 d=0 v=1 g=0] [pa=01dc2000 c=3 d=0 v=1 g=0]
[   34.034389] Index: 18 pgmask=4kb va=77d88000 asid=fd
[   34.034389]  [pa=01dc3000 c=3 d=0 v=1 g=0] [pa=01dc4000 c=3 d=0 v=1 g=0]
[   34.046035] Index: 19 pgmask=4kb va=77d8a000 asid=fd
[   34.046035]  [pa=01dc5000 c=3 d=0 v=1 g=0] [pa=01dc6000 c=3 d=0 v=1 g=0]
[   34.057682] Index: 20 pgmask=4kb va=77d8c000 asid=fd
[   34.057682]  [pa=01dc7000 c=3 d=0 v=1 g=0] [pa=01dc8000 c=3 d=0 v=1 g=0]
[   34.069328] Index: 21 pgmask=4kb va=77d8e000 asid=fd
[   34.069328]  [pa=01dc9000 c=3 d=0 v=1 g=0] [pa=01dca000 c=3 d=0 v=1 g=0]
[   34.080975] Index: 22 pgmask=4kb va=7f7b0000 asid=fd
[   34.080975]  [pa=078ea000 c=3 d=0 v=1 g=0] [pa=07801000 c=3 d=0 v=0 g=0]
[   34.092621] Index: 23 pgmask=4kb va=77e5a000 asid=fd
[   34.092621]  [pa=07ece000 c=3 d=0 v=1 g=0] [pa=077fb000 c=3 d=0 v=1 g=0]
[   34.104267] Index: 24 pgmask=4kb va=77e5c000 asid=fd
[   34.104267]  [pa=0775f000 c=3 d=0 v=1 g=0] [pa=07314000 c=3 d=0 v=0 g=0]
[   34.115913] Index: 25 pgmask=4kb va=77ea4000 asid=fd
[   34.115913]  [pa=18122000 c=0 d=0 v=0 g=0] [pa=00000000 c=0 d=0 v=0 g=0]
[   34.127559] Index: 26 pgmask=4kb va=c0096000 asid=fd
[   34.127559]  [pa=0302f000 c=3 d=1 v=1 g=1] [pa=03008000 c=3 d=1 v=1 g=1]
[   34.139205]
[   34.140686] Code: 03e00008  00000000  24831000 <bc950000> bc950020 
bc950040  bc950060  bc950080  bc9500a0
[   34.150445]
[   34.151987] ---[ end trace 30089d2c358ff363 ]---
[   34.156614] Kernel panic - not syncing: Fatal exception
[   34.161831] Rebooting in 10 seconds..

>
> I really have no idea of how the page_prot setting affecting the swap
> handling.
>
>> Thanks and best regards!
>>
>>
>>>   Original Message
>>> From: 周琰杰 (Zhou Yanjie)
>>> Sent: 2021年4月16日星期五 16:48
>>> To: [email protected]
>>> Cc: [email protected]; [email protected]; [email protected]; [email protected]; [email protected]; [email protected]; [email protected]; [email protected]; [email protected]; [email protected]; [email protected]; [email protected]; [email protected]; [email protected]; [email protected]
>>> Subject: [PATCH] Revert "MIPS: make userspace mapping young by default".
>>>
>>> This reverts commit f685a533a7fab35c5d069dcd663f59c8e4171a75.
>>>
>>> It cause kernel panic on Ingenic X1830, so let's revert it.
>>>
>>> Signed-off-by: 周琰杰 (Zhou Yanjie) <[email protected]>
>>> ---
>>> arch/mips/mm/cache.c | 31 ++++++++++++++-----------------
>>> 1 file changed, 14 insertions(+), 17 deletions(-)
>>>
>>> diff --git a/arch/mips/mm/cache.c b/arch/mips/mm/cache.c
>>> index 7719d63..9cfd432 100644
>>> --- a/arch/mips/mm/cache.c
>>> +++ b/arch/mips/mm/cache.c
>>> @@ -21,7 +21,6 @@
>>> #include <asm/cpu.h>
>>> #include <asm/cpu-features.h>
>>> #include <asm/setup.h>
>>> -#include <asm/pgtable.h>
>>>
>>> /* Cache operations. */
>>> void (*flush_cache_all)(void);
>>> @@ -157,31 +156,29 @@ unsigned long _page_cachable_default;
>>> EXPORT_SYMBOL(_page_cachable_default);
>>>
>>> #define PM(p) __pgprot(_page_cachable_default | (p))
>>> -#define PVA(p) PM(_PAGE_VALID | _PAGE_ACCESSED | (p))
>>>
>>> static inline void setup_protection_map(void)
>>> {
>>> protection_map[0] = PM(_PAGE_PRESENT | _PAGE_NO_EXEC | _PAGE_NO_READ);
>>> - protection_map[1] = PVA(_PAGE_PRESENT | _PAGE_NO_EXEC);
>>> - protection_map[2] = PVA(_PAGE_PRESENT | _PAGE_NO_EXEC | _PAGE_NO_READ);
>>> - protection_map[3] = PVA(_PAGE_PRESENT | _PAGE_NO_EXEC);
>>> - protection_map[4] = PVA(_PAGE_PRESENT);
>>> - protection_map[5] = PVA(_PAGE_PRESENT);
>>> - protection_map[6] = PVA(_PAGE_PRESENT);
>>> - protection_map[7] = PVA(_PAGE_PRESENT);
>>> + protection_map[1] = PM(_PAGE_PRESENT | _PAGE_NO_EXEC);
>>> + protection_map[2] = PM(_PAGE_PRESENT | _PAGE_NO_EXEC | _PAGE_NO_READ);
>>> + protection_map[3] = PM(_PAGE_PRESENT | _PAGE_NO_EXEC);
>>> + protection_map[4] = PM(_PAGE_PRESENT);
>>> + protection_map[5] = PM(_PAGE_PRESENT);
>>> + protection_map[6] = PM(_PAGE_PRESENT);
>>> + protection_map[7] = PM(_PAGE_PRESENT);
>>>
>>> protection_map[8] = PM(_PAGE_PRESENT | _PAGE_NO_EXEC | _PAGE_NO_READ);
>>> - protection_map[9] = PVA(_PAGE_PRESENT | _PAGE_NO_EXEC);
>>> - protection_map[10] = PVA(_PAGE_PRESENT | _PAGE_NO_EXEC | _PAGE_WRITE |
>>> + protection_map[9] = PM(_PAGE_PRESENT | _PAGE_NO_EXEC);
>>> + protection_map[10] = PM(_PAGE_PRESENT | _PAGE_NO_EXEC | _PAGE_WRITE |
>>> _PAGE_NO_READ);
>>> - protection_map[11] = PVA(_PAGE_PRESENT | _PAGE_NO_EXEC | _PAGE_WRITE);
>>> - protection_map[12] = PVA(_PAGE_PRESENT);
>>> - protection_map[13] = PVA(_PAGE_PRESENT);
>>> - protection_map[14] = PVA(_PAGE_PRESENT);
>>> - protection_map[15] = PVA(_PAGE_PRESENT);
>>> + protection_map[11] = PM(_PAGE_PRESENT | _PAGE_NO_EXEC | _PAGE_WRITE);
>>> + protection_map[12] = PM(_PAGE_PRESENT);
>>> + protection_map[13] = PM(_PAGE_PRESENT);
>>> + protection_map[14] = PM(_PAGE_PRESENT | _PAGE_WRITE);
>>> + protection_map[15] = PM(_PAGE_PRESENT | _PAGE_WRITE);
>>> }
>>>
>>> -#undef _PVA
>>> #undef PM
>>>
>>> void cpu_cache_init(void)

2021-04-20 02:49:50

by Huang Pei

[permalink] [raw]
Subject: Re: [PATCH] Revert "MIPS: make userspace mapping young by default".

Hi,
On Mon, Apr 19, 2021 at 10:21:40PM +0800, Zhou Yanjie wrote:
> Hi
>
> On 2021/4/19 下午12:56, Huang Pei wrote:
> > On Sat, Apr 17, 2021 at 12:45:59AM +0800, Zhou Yanjie wrote:
> > > On 2021/4/16 下午5:20, 黄沛 wrote:
> > > > Is there any log about the panic?
> > >
> > > Yes, below is the log:
> > >
> > >
> > > [  195.436017] CPU 0 Unable to handle kernel paging request at virtual
> > > address 77eb8000, epc == 80117868, ra == 80118208
> > > [  195.446709] Oops[#1]:
> > > [  195.448977] CPU: 0 PID: 1461 Comm: Xsession Not tainted
> > > 5.12.0-rc6-00227-gc8fc6defbd2e-dirty #1
> > > [  195.457661] $ 0   : 00000000 00000001 80117864 77eb9000
> > > [  195.462888] $ 4   : 77eb8000 82419600 838ea000 82482ba0
> > > [  195.468116] $ 8   : 826f8b18 8306f800 000072d5 8306f800
> > > [  195.473343] $12   : 00000002 00000a03 00000001 00000402
> > > [  195.478568] $16   : 77eb8000 809faf60 00000004 82482ba0
> > > [  195.483794] $20   : 77eb8000 82419600 82482ba0 80860000
> > > [  195.489021] $24   : 8086121c 80117864
> > > [  195.494248] $28   : 838ea000 838ebd70 00000000 80118208
> > > [  195.499475] Hi    : 00008c4e
> > > [  195.502343] Lo    : 00004627
> > > [  195.505212] epc   : 80117868 r4k_blast_dcache_page_dc32+0x4/0x9c
> > > [  195.511217] ra    : 80118208 local_r4k_flush_cache_page+0x120/0x1b8
> > > [  195.517476] Status: 10001403 KERNEL EXL IE
> > > [  195.521657] Cause : 4080800c (ExcCode 03)
> > > [  195.525654] BadVA : 77eb8000
> > > [  195.528523] PrId  : 00d00100 (Ingenic XBurst)
> > > [  195.532866] Modules linked in:
> > > [  195.535911] Process Xsession (pid: 1461, threadinfo=00975a3e,
> > > task=3724fd66, tls=77ebd690)
> > > [  195.544162] Stack : 808a05ec f7edcbfd 8306f800 00000000 80860000 809faf60
> > > 80990a3c 80117f90
> > > [  195.552524]         809faf60 82419600 8306f800 801fd84c 00000000 801180b4
> > > 838ebe80 80110b7c
> > > [  195.560887]         80990a3c 82482ba0 82482ba0 77eb8000 00004627 f7edcbfd
> > > 838ebe80 801cbc08
> > > [  195.569249]         00000001 181b2000 00000000 801fa06c 00000000 83999ae0
> > > 80860000 00000004
> > > [  195.577610]         80990a3c f7edcbfd 80990a3c 838ebe80 00000004 80990a3c
> > > 82482ba0 04627685
> > > [  195.585973]         ...
> > > [  195.588413] Call Trace:
> > > [  195.590849] [<80117868>] r4k_blast_dcache_page_dc32+0x4/0x9c
> > > [  195.596501] [<80118208>] local_r4k_flush_cache_page+0x120/0x1b8
> > > [  195.602413] [<80117f90>] r4k_on_each_cpu.isra.8+0x24/0x58
> > > [  195.607805] [<801180b4>] r4k_flush_cache_page+0x34/0x58
> > > [  195.613023] [<801cbc08>] wp_page_copy+0x3a8/0x56c
> > > [  195.617723] [<801ce944>] do_swap_page+0x4cc/0x558
> > > [  195.622419] [<801cf3f8>] handle_mm_fault+0x790/0x93c
> > > [  195.627374] [<8011025c>] do_page_fault+0x19c/0x540
> > > [  195.632159] [<801142f0>] tlb_do_page_fault_1+0x10c/0x11c
> > > [  195.637465]
> > > [  195.638947] Code: 03e00008  00000000  24831000 <bc950000> bc950020
> > > bc950040  bc950060  bc950080  bc9500a0
> > > [  195.648706]
> > > [  195.650243] ---[ end trace 7cc7d7f611932c42 ]---
> > > [  195.654857] Kernel panic - not syncing: Fatal exception
> > > [  195.660072] Rebooting in 10 seconds..
> > >
> > >
> > > this problem can be triggered stably (by use Microsoft Remote Desktop client
> > > to login to debian9 running on CU1830-Neo).
> > >
> > Could you print out the PTE value at 0x77eb8000 ?
>
>
> Here is the new log:
>
>
> [   33.681712] CPU 0 Unable to handle kernel paging request at virtual
> address 77ea4000, epc == 801178ac, ra == 80118250
> [   33.692395] Oops[#1]:
> [   33.694662] CPU: 0 PID: 1389 Comm: Xsession Not tainted 5.12.0-rc8-dirty
> #2
> [   33.701612] $ 0   : 00000000 00000001 801178a8 77ea5000
> [   33.706839] $ 4   : 77ea4000 81bcd220 80118130 856712a0
> [   33.712066] $ 8   : 833e4a80 8544b800 000070a8 8544b800
> [   33.717293] $12   : 00000002 000005b7 00000001 00000000
> [   33.722518] $16   : 81bcd220 77ea4000 80a11ad8 00000004
> [   33.727745] $20   : 77ea4000 81bcd220 856712a0 80860000
> [   33.732972] $24   : 0000001c 801178a8
> [   33.738197] $28   : 82564000 82565d68 00000000 80118250
> [   33.743424] Hi    : 0000f0cc
> [   33.746293] Lo    : 00007866
> [   33.749162] epc   : 801178ac r4k_blast_dcache_page_dc32+0x4/0x9c
> [   33.755166] ra    : 80118250 local_r4k_flush_cache_page+0x120/0x2c8
> [   33.761425] Status: 10001403 KERNEL EXL IE
> [   33.765605] Cause : 4080800c (ExcCode 03)
> [   33.769603] BadVA : 77ea4000
> [   33.772472] PrId  : 00d00100 (Ingenic XBurst)
> [   33.776816] Modules linked in:
> [   33.779861] Process Xsession (pid: 1389, threadinfo=c8bdf64c,
> task=2372d853, tls=77ea9690)
> [   33.788111] Stack : 808a256c 00000000 808a256c bfa6939a 8544b800 80860000
> 8094d308 80a11ad8
> [   33.796474]         856712a0 80117fd8 8094d308 81bcd220 8544b800 801fdb10
> 80945ce8 801180fc
> [   33.804838]         82565e80 80110b8c 80a11ad8 856712a0 856712a0 77ea4000
> 00007866 bfa6939a
> [   33.813201]         82565e80 801cbe38 00000000 bfa6939a 80863494 801fa2c0
> 856712a0 82562a90
> [   33.821564]         80860000 00000000 80a11ad8 bfa6939a 80a11ad8 82565e80
> 00000000 80a11ad8
> [   33.829927]         ...
> [   33.832367] Call Trace:
> [   33.834803] [<801178ac>] r4k_blast_dcache_page_dc32+0x4/0x9c
> [   33.840455] [<80118250>] local_r4k_flush_cache_page+0x120/0x2c8
> [   33.846367] [<80117fd8>] r4k_on_each_cpu.isra.10+0x24/0x58
> [   33.851845] [<801180fc>] r4k_flush_cache_page+0x34/0x58
> [   33.857062] [<801cbe38>] wp_page_copy+0x3a8/0x56c
> [   33.861763] [<801ceb74>] do_swap_page+0x4cc/0x558
> [   33.866458] [<801cf628>] handle_mm_fault+0x790/0x93c
> [   33.871414] [<8011026c>] do_page_fault+0x19c/0x540
> [   33.876199] [<80114300>] tlb_do_page_fault_1+0x10c/0x11c
> [   33.881506]
> [   33.882987] Index:  5 pgmask=4kb va=77ea2000 asid=fd
> [   33.882987]  [pa=02a99000 c=3 d=1 v=1 g=0] [pa=0690d000 c=3 d=0 v=0 g=0]
> [   33.894635] Index:  6 pgmask=4kb va=77dc4000 asid=fd
> [   33.894635]  [pa=01d30000 c=3 d=0 v=1 g=0] [pa=01d31000 c=3 d=0 v=1 g=0]
> [   33.906281] Index:  7 pgmask=4kb va=77dc0000 asid=fd
> [   33.906281]  [pa=01d2c000 c=3 d=0 v=1 g=0] [pa=01d2d000 c=3 d=0 v=1 g=0]
> [   33.917928] Index:  8 pgmask=4kb va=77dc2000 asid=fd
> [   33.917928]  [pa=01d2e000 c=3 d=0 v=1 g=0] [pa=01d2f000 c=3 d=0 v=1 g=0]
> [   33.929574] Index:  9 pgmask=4kb va=77dc6000 asid=fd
> [   33.929574]  [pa=01d32000 c=3 d=0 v=1 g=0] [pa=01d33000 c=3 d=0 v=1 g=0]
> [   33.941220] Index: 10 pgmask=4kb va=77dc8000 asid=fd
> [   33.941220]  [pa=01d34000 c=3 d=0 v=1 g=0] [pa=01d35000 c=3 d=0 v=1 g=0]
> [   33.952866] Index: 11 pgmask=4kb va=77dca000 asid=fd
> [   33.952866]  [pa=01d36000 c=3 d=0 v=1 g=0] [pa=01d37000 c=3 d=0 v=1 g=0]
> [   33.964512] Index: 12 pgmask=4kb va=77dcc000 asid=fd
> [   33.964512]  [pa=01d38000 c=3 d=0 v=1 g=0] [pa=01d39000 c=3 d=0 v=1 g=0]
> [   33.976159] Index: 13 pgmask=4kb va=77dce000 asid=fd
> [   33.976159]  [pa=01d3a000 c=3 d=0 v=1 g=0] [pa=01d3b000 c=3 d=0 v=1 g=0]
> [   33.987805] Index: 14 pgmask=4kb va=77d82000 asid=fd
> [   33.987805]  [pa=01dbd000 c=3 d=0 v=1 g=0] [pa=01dbe000 c=3 d=0 v=1 g=0]
> [   33.999451] Index: 15 pgmask=4kb va=77d80000 asid=fd
> [   33.999451]  [pa=01dbb000 c=3 d=0 v=1 g=0] [pa=01dbc000 c=3 d=0 v=1 g=0]
> [   34.011097] Index: 16 pgmask=4kb va=77d84000 asid=fd
> [   34.011097]  [pa=01dbf000 c=3 d=0 v=1 g=0] [pa=01dc0000 c=3 d=0 v=1 g=0]
> [   34.022743] Index: 17 pgmask=4kb va=77d86000 asid=fd
> [   34.022743]  [pa=01dc1000 c=3 d=0 v=1 g=0] [pa=01dc2000 c=3 d=0 v=1 g=0]
> [   34.034389] Index: 18 pgmask=4kb va=77d88000 asid=fd
> [   34.034389]  [pa=01dc3000 c=3 d=0 v=1 g=0] [pa=01dc4000 c=3 d=0 v=1 g=0]
> [   34.046035] Index: 19 pgmask=4kb va=77d8a000 asid=fd
> [   34.046035]  [pa=01dc5000 c=3 d=0 v=1 g=0] [pa=01dc6000 c=3 d=0 v=1 g=0]
> [   34.057682] Index: 20 pgmask=4kb va=77d8c000 asid=fd
> [   34.057682]  [pa=01dc7000 c=3 d=0 v=1 g=0] [pa=01dc8000 c=3 d=0 v=1 g=0]
> [   34.069328] Index: 21 pgmask=4kb va=77d8e000 asid=fd
> [   34.069328]  [pa=01dc9000 c=3 d=0 v=1 g=0] [pa=01dca000 c=3 d=0 v=1 g=0]
> [   34.080975] Index: 22 pgmask=4kb va=7f7b0000 asid=fd
> [   34.080975]  [pa=078ea000 c=3 d=0 v=1 g=0] [pa=07801000 c=3 d=0 v=0 g=0]
> [   34.092621] Index: 23 pgmask=4kb va=77e5a000 asid=fd
> [   34.092621]  [pa=07ece000 c=3 d=0 v=1 g=0] [pa=077fb000 c=3 d=0 v=1 g=0]
> [   34.104267] Index: 24 pgmask=4kb va=77e5c000 asid=fd
> [   34.104267]  [pa=0775f000 c=3 d=0 v=1 g=0] [pa=07314000 c=3 d=0 v=0 g=0]
> [   34.115913] Index: 25 pgmask=4kb va=77ea4000 asid=fd
> [   34.115913]  [pa=18122000 c=0 d=0 v=0 g=0] [pa=00000000 c=0 d=0 v=0 g=0]
C = 0, pa = 18122000, it is weird,

+. pa is too high for 32bit SOC here;

+. C=0 is not a valid cache attribute;

I think this is "not" a PTE for memory, maybe a swap entry?

Could you print the PTE value, not the value in TLB?

tTLB value lost software PTE bits

> [   34.127559] Index: 26 pgmask=4kb va=c0096000 asid=fd
> [   34.127559]  [pa=0302f000 c=3 d=1 v=1 g=1] [pa=03008000 c=3 d=1 v=1 g=1]
> [   34.139205]
> [   34.140686] Code: 03e00008  00000000  24831000 <bc950000> bc950020 
> bc950040  bc950060  bc950080  bc9500a0
> [   34.150445]
> [   34.151987] ---[ end trace 30089d2c358ff363 ]---
> [   34.156614] Kernel panic - not syncing: Fatal exception
> [   34.161831] Rebooting in 10 seconds..
>
> >
> > I really have no idea of how the page_prot setting affecting the swap
> > handling.
> >
> > > Thanks and best regards!
> > >
> > >
> > > >   Original Message
> > > > From: 周琰杰 (Zhou Yanjie)
> > > > Sent: 2021年4月16日星期五 16:48
> > > > To: [email protected]
> > > > Cc: [email protected]; [email protected]; [email protected]; [email protected]; [email protected]; [email protected]; [email protected]; [email protected]; [email protected]; [email protected]; [email protected]; [email protected]; [email protected]; [email protected]; [email protected]
> > > > Subject: [PATCH] Revert "MIPS: make userspace mapping young by default".
> > > >
> > > > This reverts commit f685a533a7fab35c5d069dcd663f59c8e4171a75.
> > > >
> > > > It cause kernel panic on Ingenic X1830, so let's revert it.
> > > >
> > > > Signed-off-by: 周琰杰 (Zhou Yanjie) <[email protected]>
> > > > ---
> > > > arch/mips/mm/cache.c | 31 ++++++++++++++-----------------
> > > > 1 file changed, 14 insertions(+), 17 deletions(-)
> > > >
> > > > diff --git a/arch/mips/mm/cache.c b/arch/mips/mm/cache.c
> > > > index 7719d63..9cfd432 100644
> > > > --- a/arch/mips/mm/cache.c
> > > > +++ b/arch/mips/mm/cache.c
> > > > @@ -21,7 +21,6 @@
> > > > #include <asm/cpu.h>
> > > > #include <asm/cpu-features.h>
> > > > #include <asm/setup.h>
> > > > -#include <asm/pgtable.h>
> > > >
> > > > /* Cache operations. */
> > > > void (*flush_cache_all)(void);
> > > > @@ -157,31 +156,29 @@ unsigned long _page_cachable_default;
> > > > EXPORT_SYMBOL(_page_cachable_default);
> > > >
> > > > #define PM(p) __pgprot(_page_cachable_default | (p))
> > > > -#define PVA(p) PM(_PAGE_VALID | _PAGE_ACCESSED | (p))
> > > >
> > > > static inline void setup_protection_map(void)
> > > > {
> > > > protection_map[0] = PM(_PAGE_PRESENT | _PAGE_NO_EXEC | _PAGE_NO_READ);
> > > > - protection_map[1] = PVA(_PAGE_PRESENT | _PAGE_NO_EXEC);
> > > > - protection_map[2] = PVA(_PAGE_PRESENT | _PAGE_NO_EXEC | _PAGE_NO_READ);
> > > > - protection_map[3] = PVA(_PAGE_PRESENT | _PAGE_NO_EXEC);
> > > > - protection_map[4] = PVA(_PAGE_PRESENT);
> > > > - protection_map[5] = PVA(_PAGE_PRESENT);
> > > > - protection_map[6] = PVA(_PAGE_PRESENT);
> > > > - protection_map[7] = PVA(_PAGE_PRESENT);
> > > > + protection_map[1] = PM(_PAGE_PRESENT | _PAGE_NO_EXEC);
> > > > + protection_map[2] = PM(_PAGE_PRESENT | _PAGE_NO_EXEC | _PAGE_NO_READ);
> > > > + protection_map[3] = PM(_PAGE_PRESENT | _PAGE_NO_EXEC);
> > > > + protection_map[4] = PM(_PAGE_PRESENT);
> > > > + protection_map[5] = PM(_PAGE_PRESENT);
> > > > + protection_map[6] = PM(_PAGE_PRESENT);
> > > > + protection_map[7] = PM(_PAGE_PRESENT);
> > > >
> > > > protection_map[8] = PM(_PAGE_PRESENT | _PAGE_NO_EXEC | _PAGE_NO_READ);
> > > > - protection_map[9] = PVA(_PAGE_PRESENT | _PAGE_NO_EXEC);
> > > > - protection_map[10] = PVA(_PAGE_PRESENT | _PAGE_NO_EXEC | _PAGE_WRITE |
> > > > + protection_map[9] = PM(_PAGE_PRESENT | _PAGE_NO_EXEC);
> > > > + protection_map[10] = PM(_PAGE_PRESENT | _PAGE_NO_EXEC | _PAGE_WRITE |
> > > > _PAGE_NO_READ);
> > > > - protection_map[11] = PVA(_PAGE_PRESENT | _PAGE_NO_EXEC | _PAGE_WRITE);
> > > > - protection_map[12] = PVA(_PAGE_PRESENT);
> > > > - protection_map[13] = PVA(_PAGE_PRESENT);
> > > > - protection_map[14] = PVA(_PAGE_PRESENT);
> > > > - protection_map[15] = PVA(_PAGE_PRESENT);
> > > > + protection_map[11] = PM(_PAGE_PRESENT | _PAGE_NO_EXEC | _PAGE_WRITE);
> > > > + protection_map[12] = PM(_PAGE_PRESENT);
> > > > + protection_map[13] = PM(_PAGE_PRESENT);
> > > > + protection_map[14] = PM(_PAGE_PRESENT | _PAGE_WRITE);
> > > > + protection_map[15] = PM(_PAGE_PRESENT | _PAGE_WRITE);
> > > > }
> > > >
> > > > -#undef _PVA
> > > > #undef PM
> > > >
> > > > void cpu_cache_init(void)

2021-04-20 13:50:12

by Zhou Yanjie

[permalink] [raw]
Subject: Re: [PATCH] Revert "MIPS: make userspace mapping young by default".

Hi,

On 2021/4/20 上午10:48, Huang Pei wrote:
> Hi,
> On Mon, Apr 19, 2021 at 10:21:40PM +0800, Zhou Yanjie wrote:
>> Hi
>>
>> On 2021/4/19 下午12:56, Huang Pei wrote:
>>> On Sat, Apr 17, 2021 at 12:45:59AM +0800, Zhou Yanjie wrote:
>>>> On 2021/4/16 下午5:20, 黄沛 wrote:
>>>>> Is there any log about the panic?
>>>> Yes, below is the log:
>>>>
>>>>
>>>> [  195.436017] CPU 0 Unable to handle kernel paging request at virtual
>>>> address 77eb8000, epc == 80117868, ra == 80118208
>>>> [  195.446709] Oops[#1]:
>>>> [  195.448977] CPU: 0 PID: 1461 Comm: Xsession Not tainted
>>>> 5.12.0-rc6-00227-gc8fc6defbd2e-dirty #1
>>>> [  195.457661] $ 0   : 00000000 00000001 80117864 77eb9000
>>>> [  195.462888] $ 4   : 77eb8000 82419600 838ea000 82482ba0
>>>> [  195.468116] $ 8   : 826f8b18 8306f800 000072d5 8306f800
>>>> [  195.473343] $12   : 00000002 00000a03 00000001 00000402
>>>> [  195.478568] $16   : 77eb8000 809faf60 00000004 82482ba0
>>>> [  195.483794] $20   : 77eb8000 82419600 82482ba0 80860000
>>>> [  195.489021] $24   : 8086121c 80117864
>>>> [  195.494248] $28   : 838ea000 838ebd70 00000000 80118208
>>>> [  195.499475] Hi    : 00008c4e
>>>> [  195.502343] Lo    : 00004627
>>>> [  195.505212] epc   : 80117868 r4k_blast_dcache_page_dc32+0x4/0x9c
>>>> [  195.511217] ra    : 80118208 local_r4k_flush_cache_page+0x120/0x1b8
>>>> [  195.517476] Status: 10001403 KERNEL EXL IE
>>>> [  195.521657] Cause : 4080800c (ExcCode 03)
>>>> [  195.525654] BadVA : 77eb8000
>>>> [  195.528523] PrId  : 00d00100 (Ingenic XBurst)
>>>> [  195.532866] Modules linked in:
>>>> [  195.535911] Process Xsession (pid: 1461, threadinfo=00975a3e,
>>>> task=3724fd66, tls=77ebd690)
>>>> [  195.544162] Stack : 808a05ec f7edcbfd 8306f800 00000000 80860000 809faf60
>>>> 80990a3c 80117f90
>>>> [  195.552524]         809faf60 82419600 8306f800 801fd84c 00000000 801180b4
>>>> 838ebe80 80110b7c
>>>> [  195.560887]         80990a3c 82482ba0 82482ba0 77eb8000 00004627 f7edcbfd
>>>> 838ebe80 801cbc08
>>>> [  195.569249]         00000001 181b2000 00000000 801fa06c 00000000 83999ae0
>>>> 80860000 00000004
>>>> [  195.577610]         80990a3c f7edcbfd 80990a3c 838ebe80 00000004 80990a3c
>>>> 82482ba0 04627685
>>>> [  195.585973]         ...
>>>> [  195.588413] Call Trace:
>>>> [  195.590849] [<80117868>] r4k_blast_dcache_page_dc32+0x4/0x9c
>>>> [  195.596501] [<80118208>] local_r4k_flush_cache_page+0x120/0x1b8
>>>> [  195.602413] [<80117f90>] r4k_on_each_cpu.isra.8+0x24/0x58
>>>> [  195.607805] [<801180b4>] r4k_flush_cache_page+0x34/0x58
>>>> [  195.613023] [<801cbc08>] wp_page_copy+0x3a8/0x56c
>>>> [  195.617723] [<801ce944>] do_swap_page+0x4cc/0x558
>>>> [  195.622419] [<801cf3f8>] handle_mm_fault+0x790/0x93c
>>>> [  195.627374] [<8011025c>] do_page_fault+0x19c/0x540
>>>> [  195.632159] [<801142f0>] tlb_do_page_fault_1+0x10c/0x11c
>>>> [  195.637465]
>>>> [  195.638947] Code: 03e00008  00000000  24831000 <bc950000> bc950020
>>>> bc950040  bc950060  bc950080  bc9500a0
>>>> [  195.648706]
>>>> [  195.650243] ---[ end trace 7cc7d7f611932c42 ]---
>>>> [  195.654857] Kernel panic - not syncing: Fatal exception
>>>> [  195.660072] Rebooting in 10 seconds..
>>>>
>>>>
>>>> this problem can be triggered stably (by use Microsoft Remote Desktop client
>>>> to login to debian9 running on CU1830-Neo).
>>>>
>>> Could you print out the PTE value at 0x77eb8000 ?
>>
>> Here is the new log:
>>
>>
>> [   33.681712] CPU 0 Unable to handle kernel paging request at virtual
>> address 77ea4000, epc == 801178ac, ra == 80118250
>> [   33.692395] Oops[#1]:
>> [   33.694662] CPU: 0 PID: 1389 Comm: Xsession Not tainted 5.12.0-rc8-dirty
>> #2
>> [   33.701612] $ 0   : 00000000 00000001 801178a8 77ea5000
>> [   33.706839] $ 4   : 77ea4000 81bcd220 80118130 856712a0
>> [   33.712066] $ 8   : 833e4a80 8544b800 000070a8 8544b800
>> [   33.717293] $12   : 00000002 000005b7 00000001 00000000
>> [   33.722518] $16   : 81bcd220 77ea4000 80a11ad8 00000004
>> [   33.727745] $20   : 77ea4000 81bcd220 856712a0 80860000
>> [   33.732972] $24   : 0000001c 801178a8
>> [   33.738197] $28   : 82564000 82565d68 00000000 80118250
>> [   33.743424] Hi    : 0000f0cc
>> [   33.746293] Lo    : 00007866
>> [   33.749162] epc   : 801178ac r4k_blast_dcache_page_dc32+0x4/0x9c
>> [   33.755166] ra    : 80118250 local_r4k_flush_cache_page+0x120/0x2c8
>> [   33.761425] Status: 10001403 KERNEL EXL IE
>> [   33.765605] Cause : 4080800c (ExcCode 03)
>> [   33.769603] BadVA : 77ea4000
>> [   33.772472] PrId  : 00d00100 (Ingenic XBurst)
>> [   33.776816] Modules linked in:
>> [   33.779861] Process Xsession (pid: 1389, threadinfo=c8bdf64c,
>> task=2372d853, tls=77ea9690)
>> [   33.788111] Stack : 808a256c 00000000 808a256c bfa6939a 8544b800 80860000
>> 8094d308 80a11ad8
>> [   33.796474]         856712a0 80117fd8 8094d308 81bcd220 8544b800 801fdb10
>> 80945ce8 801180fc
>> [   33.804838]         82565e80 80110b8c 80a11ad8 856712a0 856712a0 77ea4000
>> 00007866 bfa6939a
>> [   33.813201]         82565e80 801cbe38 00000000 bfa6939a 80863494 801fa2c0
>> 856712a0 82562a90
>> [   33.821564]         80860000 00000000 80a11ad8 bfa6939a 80a11ad8 82565e80
>> 00000000 80a11ad8
>> [   33.829927]         ...
>> [   33.832367] Call Trace:
>> [   33.834803] [<801178ac>] r4k_blast_dcache_page_dc32+0x4/0x9c
>> [   33.840455] [<80118250>] local_r4k_flush_cache_page+0x120/0x2c8
>> [   33.846367] [<80117fd8>] r4k_on_each_cpu.isra.10+0x24/0x58
>> [   33.851845] [<801180fc>] r4k_flush_cache_page+0x34/0x58
>> [   33.857062] [<801cbe38>] wp_page_copy+0x3a8/0x56c
>> [   33.861763] [<801ceb74>] do_swap_page+0x4cc/0x558
>> [   33.866458] [<801cf628>] handle_mm_fault+0x790/0x93c
>> [   33.871414] [<8011026c>] do_page_fault+0x19c/0x540
>> [   33.876199] [<80114300>] tlb_do_page_fault_1+0x10c/0x11c
>> [   33.881506]
>> [   33.882987] Index:  5 pgmask=4kb va=77ea2000 asid=fd
>> [   33.882987]  [pa=02a99000 c=3 d=1 v=1 g=0] [pa=0690d000 c=3 d=0 v=0 g=0]
>> [   33.894635] Index:  6 pgmask=4kb va=77dc4000 asid=fd
>> [   33.894635]  [pa=01d30000 c=3 d=0 v=1 g=0] [pa=01d31000 c=3 d=0 v=1 g=0]
>> [   33.906281] Index:  7 pgmask=4kb va=77dc0000 asid=fd
>> [   33.906281]  [pa=01d2c000 c=3 d=0 v=1 g=0] [pa=01d2d000 c=3 d=0 v=1 g=0]
>> [   33.917928] Index:  8 pgmask=4kb va=77dc2000 asid=fd
>> [   33.917928]  [pa=01d2e000 c=3 d=0 v=1 g=0] [pa=01d2f000 c=3 d=0 v=1 g=0]
>> [   33.929574] Index:  9 pgmask=4kb va=77dc6000 asid=fd
>> [   33.929574]  [pa=01d32000 c=3 d=0 v=1 g=0] [pa=01d33000 c=3 d=0 v=1 g=0]
>> [   33.941220] Index: 10 pgmask=4kb va=77dc8000 asid=fd
>> [   33.941220]  [pa=01d34000 c=3 d=0 v=1 g=0] [pa=01d35000 c=3 d=0 v=1 g=0]
>> [   33.952866] Index: 11 pgmask=4kb va=77dca000 asid=fd
>> [   33.952866]  [pa=01d36000 c=3 d=0 v=1 g=0] [pa=01d37000 c=3 d=0 v=1 g=0]
>> [   33.964512] Index: 12 pgmask=4kb va=77dcc000 asid=fd
>> [   33.964512]  [pa=01d38000 c=3 d=0 v=1 g=0] [pa=01d39000 c=3 d=0 v=1 g=0]
>> [   33.976159] Index: 13 pgmask=4kb va=77dce000 asid=fd
>> [   33.976159]  [pa=01d3a000 c=3 d=0 v=1 g=0] [pa=01d3b000 c=3 d=0 v=1 g=0]
>> [   33.987805] Index: 14 pgmask=4kb va=77d82000 asid=fd
>> [   33.987805]  [pa=01dbd000 c=3 d=0 v=1 g=0] [pa=01dbe000 c=3 d=0 v=1 g=0]
>> [   33.999451] Index: 15 pgmask=4kb va=77d80000 asid=fd
>> [   33.999451]  [pa=01dbb000 c=3 d=0 v=1 g=0] [pa=01dbc000 c=3 d=0 v=1 g=0]
>> [   34.011097] Index: 16 pgmask=4kb va=77d84000 asid=fd
>> [   34.011097]  [pa=01dbf000 c=3 d=0 v=1 g=0] [pa=01dc0000 c=3 d=0 v=1 g=0]
>> [   34.022743] Index: 17 pgmask=4kb va=77d86000 asid=fd
>> [   34.022743]  [pa=01dc1000 c=3 d=0 v=1 g=0] [pa=01dc2000 c=3 d=0 v=1 g=0]
>> [   34.034389] Index: 18 pgmask=4kb va=77d88000 asid=fd
>> [   34.034389]  [pa=01dc3000 c=3 d=0 v=1 g=0] [pa=01dc4000 c=3 d=0 v=1 g=0]
>> [   34.046035] Index: 19 pgmask=4kb va=77d8a000 asid=fd
>> [   34.046035]  [pa=01dc5000 c=3 d=0 v=1 g=0] [pa=01dc6000 c=3 d=0 v=1 g=0]
>> [   34.057682] Index: 20 pgmask=4kb va=77d8c000 asid=fd
>> [   34.057682]  [pa=01dc7000 c=3 d=0 v=1 g=0] [pa=01dc8000 c=3 d=0 v=1 g=0]
>> [   34.069328] Index: 21 pgmask=4kb va=77d8e000 asid=fd
>> [   34.069328]  [pa=01dc9000 c=3 d=0 v=1 g=0] [pa=01dca000 c=3 d=0 v=1 g=0]
>> [   34.080975] Index: 22 pgmask=4kb va=7f7b0000 asid=fd
>> [   34.080975]  [pa=078ea000 c=3 d=0 v=1 g=0] [pa=07801000 c=3 d=0 v=0 g=0]
>> [   34.092621] Index: 23 pgmask=4kb va=77e5a000 asid=fd
>> [   34.092621]  [pa=07ece000 c=3 d=0 v=1 g=0] [pa=077fb000 c=3 d=0 v=1 g=0]
>> [   34.104267] Index: 24 pgmask=4kb va=77e5c000 asid=fd
>> [   34.104267]  [pa=0775f000 c=3 d=0 v=1 g=0] [pa=07314000 c=3 d=0 v=0 g=0]
>> [   34.115913] Index: 25 pgmask=4kb va=77ea4000 asid=fd
>> [   34.115913]  [pa=18122000 c=0 d=0 v=0 g=0] [pa=00000000 c=0 d=0 v=0 g=0]
> C = 0, pa = 18122000, it is weird,
>
> +. pa is too high for 32bit SOC here;
>
> +. C=0 is not a valid cache attribute;
>
> I think this is "not" a PTE for memory, maybe a swap entry?
>
> Could you print the PTE value, not the value in TLB?


The following is the value of PTE.

There are 5 access operations from"pte = mk_pte(page,
vma->vm_page_prot)" to "set_pte_at(vma->vm_mm, vmf->address, vmf->pte,
pte)" in the "mm/memory.c" file.

They are named pte 1/pte 2/pte 3/pte 4/pte 5.


[   37.433993] --- pte 1 = 07b02685
[   37.437283] --- pte 3 = 07b02685
[   37.441005] --- pte 1 = 07c0c685
[   37.444241] --- pte 3 = 07c0c685
[   37.453561] --- pte 1 = 07b05685
[   37.456885] --- pte 3 = 07b05685
[   37.460915] --- pte 1 = 07b8c685
[   37.464157] --- pte 2 = 07b8c78f
[   37.467449] --- pte 3 = 07b8c78f
[   37.472461] --- pte 1 = 07aff685
[   37.475694] --- pte 3 = 07aff685
[   37.479970] --- pte 1 = 07b16685
[   37.483205] --- pte 3 = 07b16685
[   37.487443] --- pte 1 = 07c20685
[   37.490679] --- pte 3 = 07c20685
[   37.494043] --- pte 1 = 07bd9685
[   37.497337] --- pte 3 = 07bd9685
[   37.501678] --- pte 1 = 07c0e685
[   37.504913] --- pte 3 = 07c0e685
[   37.510009] --- pte 1 = 07c11685
[   37.513242] --- pte 3 = 07c11685
[   37.535431] --- pte 1 = 07afd685
[   37.538721] --- pte 3 = 07afd685
[   37.542363] --- pte 1 = 07c92685
[   37.545599] --- pte 3 = 07c92685
[   37.737458] --- pte 1 = 06853685
[   37.740698] --- pte 3 = 06853685
[   37.760229] --- pte 1 = 06853685
[   37.763504] --- pte 3 = 06853685
[   37.786619] --- pte 1 = 06853685
[   37.789895] --- pte 3 = 06853685
[   37.822622] --- pte 1 = 06853685
[   37.825928] --- pte 3 = 06853685
[   37.984660] --- pte 1 = 06853685
[   37.987995] --- pte 3 = 06853685
[   40.917495] --- pte 1 = 07b07685
[   40.920753] --- pte 3 = 07b07685
[   40.924017] --- pte 1 = 042c6685
[   40.927306] --- pte 3 = 042c6685
[   40.931823] --- pte 1 = 07c0d685
[   40.935073] --- pte 3 = 07c0d685
[   40.940130] --- pte 1 = 04976685
[   40.943364] --- pte 3 = 04976685
[   41.187955] --- pte 1 = 06cb7685
[   41.191204] --- pte 3 = 06cb7685
[   41.194841] --- pte 1 = 06d11685
[   41.198147] --- pte 3 = 06d11685
[   41.202959] --- pte 1 = 06c85685
[   41.206287] --- pte 3 = 06c85685
[   41.210331] --- pte 1 = 03965685
[   41.213675] --- pte 3 = 03965685
[   41.218629] --- pte 1 = 0396f685
[   41.221886] --- pte 3 = 0396f685
[   41.242299] --- pte 1 = 03fa9685
[   41.245561] --- pte 3 = 03fa9685
[   41.282717] --- pte 1 = 026fa685
[   41.286029] --- pte 2 = 026fa78f
[   41.289248] --- pte 3 = 026fa78f
[   41.308755] --- pte 1 = 0767f685
[   41.311993] --- pte 3 = 0767f685
[   41.329631] --- pte 1 = 069c4685
[   41.332925] --- pte 2 = 069c478f
[   41.336201] --- pte 3 = 069c478f
[   41.358331] --- pte 1 = 01e3f685
[   41.361593] --- pte 2 = 01e3f78f
[   41.364810] --- pte 3 = 01e3f78f
[   41.371673] --- pte 1 = 03855685
[   41.374952] --- pte 2 = 0385578f
[   41.378221] --- pte 3 = 0385578f
[   41.390334] --- pte 1 = 07781685
[   41.393596] --- pte 2 = 0778178f
[   41.396882] --- pte 3 = 0778178f
[   41.411191] --- pte 1 = 07a41685
[   41.414462] --- pte 3 = 07a41685
[   42.328309] --- pte 1 = 06f1a685
[   42.331544] --- pte 3 = 06f1a685
[   42.334857] --- pte 1 = 075dc685
[   42.338157] --- pte 3 = 075dc685
[   42.343129] --- pte 1 = 076ae685
[   42.346456] --- pte 3 = 076ae685
[   42.356107] --- pte 1 = 076bd685
[   42.359340] --- pte 3 = 076bd685
[   47.550904] --- pte 1 = 01f15685
[   47.554140] --- pte 3 = 01f15685
[   47.559395] --- pte 1 = 07190685
[   47.562631] --- pte 3 = 07190685
[   47.567481] --- pte 1 = 07192685
[   47.570717] --- pte 3 = 07192685
[   47.578143] --- pte 1 = 0208a685
[   47.581380] --- pte 3 = 0208a685
[   47.586849] --- pte 1 = 02aa3685
[   47.590085] --- pte 3 = 02aa3685
[   47.594058] --- pte 1 = 02bb4685
[   47.597358] --- pte 3 = 02bb4685
[   47.601741] --- pte 1 = 02088685
[   47.604993] --- pte 3 = 02088685
[   47.626492] --- pte 1 = 02bb5685
[   47.629749] --- pte 3 = 02bb5685
[   47.648313] --- pte 1 = 02aa2685
[   47.651551] --- pte 3 = 02aa2685
[   47.683155] --- pte 1 = 01c93685
[   47.686449] --- pte 3 = 01c93685
[   48.409395] --- pte 1 = 07f02685
[   48.412632] --- pte 3 = 07f02685
[   49.639047] --- pte 1 = 05cd0685
[   49.642283] --- pte 3 = 05cd0685
[   49.756173] --- pte 1 = 043e7685
[   49.759410] --- pte 3 = 043e7685
[   49.775899] --- pte 1 = 02a22685
[   49.779158] --- pte 3 = 02a22685
[   49.801083] --- pte 1 = 018bc685
[   49.804337] --- pte 3 = 018bc685
[   49.826453] --- pte 1 = 01db1685
[   49.829690] --- pte 3 = 01db1685
[   49.848209] --- pte 1 = 07cb7685
[   49.851446] --- pte 3 = 07cb7685
[   49.865907] --- pte 1 = 02592685
[   49.869172] --- pte 3 = 02592685
[   49.880463] --- pte 1 = 0256c685
[   49.883714] --- pte 3 = 0256c685
[   50.019617] --- pte 1 = 03e30685
[   50.022854] --- pte 3 = 03e30685
[   50.027982] --- pte 1 = 07184685
[   50.031218] --- pte 3 = 07184685
[   50.034461] --- pte 1 = 07787685
[   50.037732] --- pte 3 = 07787685
[   50.056424] --- pte 1 = 01bf4685
[   50.059660] --- pte 3 = 01bf4685
[   50.075875] --- pte 1 = 01bf5685
[   50.079111] --- pte 3 = 01bf5685
[   50.082879] --- pte 1 = 07e37685
[   50.086165] --- pte 3 = 07e37685
[   50.096771] --- pte 1 = 0644c685
[   50.100007] --- pte 3 = 0644c685
[   50.103231] --- pte 1 = 07fa3685
[   50.106523] --- pte 3 = 07fa3685
[   50.126426] --- pte 1 = 04ca0685
[   50.129672] --- pte 2 = 04ca078f
[   50.132889] --- pte 3 = 04ca078f
[   50.150463] --- pte 1 = 019cf685
[   50.153699] --- pte 3 = 019cf685
[   50.176439] --- pte 1 = 07a4e685
[   50.179675] --- pte 3 = 07a4e685
[   50.187700] --- pte 1 = 02b44685
[   50.190966] --- pte 3 = 02b44685
[   50.206031] --- pte 1 = 03620685
[   50.209267] --- pte 3 = 03620685
[   50.213061] --- pte 1 = 02275685
[   50.216356] --- pte 3 = 02275685
[   50.239359] --- pte 1 = 07765685
[   50.242596] --- pte 3 = 07765685
[   50.263367] --- pte 1 = 04221685
[   50.266648] --- pte 3 = 04221685
[   50.292287] irq/37-13450000: page allocation failure: order:0,
mode:0x40800(GFP_NOWAIT|__GFP_COMP), nodemask=(null)
[   50.302738] CPU: 0 PID: 517 Comm: irq/37-13450000 Not tainted
5.12.0-rc8-dirty #6
[   50.310207] Stack : 00040800 00000000 00000001 801565b8 00000000
00000007 00000000 635e192b
[   50.318570]         80ea5bf4 80860000 807e9c80 80860000 80865923
00000001 80ea5b98 635e192b
[   50.326933]         00000000 00000000 807e9c80 00000003 00000001
80ea5a6c 00000000 00000bd3
[   50.335294]         bff4ffd7 120b6cde 80ea5a64 302e3231 80860000
00000000 807e8508 00040800
[   50.343657]         00000000 00000850 00040800 00000000 00000000
8042a10c 00000000 808e0000
[   50.352018]         ...
[   50.354459] Call Trace:
[   50.356895] [<80107db8>] show_stack+0x6c/0x12c
[   50.361341] [<801e2f4c>] warn_alloc+0xa8/0x148
[   50.365780] [<801e38e0>] __alloc_pages_nodemask+0x8d4/0x908
[   50.371346] [<801f24ac>] ____cache_alloc+0x2dc/0x6a4
[   50.376305] [<801f2a10>] kmem_cache_alloc+0x6c/0x104
[   50.381263] [<803feac0>] jz4780_dma_desc_alloc.isra.9+0x40/0xa0
[   50.387177] [<803fee90>] jz4780_dma_prep_slave_sg+0x54/0x184
[   50.392828] [<804f72a8>] jz_mmc_irq_worker+0x2a8/0x760
[   50.397958] [<80159e88>] irq_thread_fn+0x2c/0x6c
[   50.402567] [<8015a4a0>] irq_thread+0x128/0x200
[   50.407089] [<8013c0c8>] kthread+0x148/0x150
[   50.411351] [<8010224c>] ret_from_kernel_thread+0x14/0x1c
[   50.416742]
[   50.418225] Index:  0 pgmask=4kb va=7709a000 asid=1a
[   50.418225]  [pa=02155000 c=3 d=0 v=0 g=0] [pa=02156000 c=3 d=0 v=1 g=0]
[   50.429873] Index:  1 pgmask=4kb va=77072000 asid=1a
[   50.429873]  [pa=038d7000 c=3 d=0 v=0 g=0] [pa=07810000 c=3 d=0 v=1 g=0]
[   50.441520] Index:  2 pgmask=4kb va=76e1a000 asid=1a
[   50.441520]  [pa=01f53000 c=3 d=0 v=0 g=0] [pa=01f54000 c=3 d=0 v=1 g=0]
[   50.453167] Index:  3 pgmask=4kb va=770fe000 asid=1a
[   50.453167]  [pa=0208d000 c=3 d=0 v=0 g=0] [pa=0208e000 c=3 d=0 v=1 g=0]
[   50.464814] Index:  4 pgmask=4kb va=566f8000 asid=1a
[   50.464814]  [pa=03a52000 c=3 d=0 v=0 g=0] [pa=03a53000 c=3 d=0 v=1 g=0]
[   50.476461] Index:  5 pgmask=4kb va=7fece000 asid=1a
[   50.476461]  [pa=07ac3000 c=3 d=0 v=1 g=0] [pa=00000000 c=0 d=0 v=0 g=0]
[   50.488108] Index:  6 pgmask=4kb va=566fe000 asid=1a
[   50.488108]  [pa=01bcf000 c=3 d=1 v=1 g=0] [pa=05eb1000 c=3 d=1 v=1 g=0]
[   50.499755] Index:  7 pgmask=4kb va=77098000 asid=1a
[   50.499755]  [pa=05417000 c=3 d=0 v=1 g=0] [pa=02154000 c=3 d=0 v=1 g=0]
[   50.511402] Index:  8 pgmask=4kb va=77e64000 asid=1a
[   50.511402]  [pa=05333000 c=3 d=0 v=1 g=0] [pa=04c85000 c=3 d=0 v=0 g=0]
[   50.523049] Index:  9 pgmask=4kb va=76e6a000 asid=1a
[   50.523049]  [pa=021fe000 c=3 d=0 v=1 g=0] [pa=021ff000 c=3 d=0 v=1 g=0]
[   50.534696] Index: 10 pgmask=4kb va=76f76000 asid=1a
[   50.534696]  [pa=0698f000 c=3 d=1 v=1 g=0] [pa=0697a000 c=3 d=1 v=1 g=0]
[   50.546343] Index: 11 pgmask=4kb va=762d6000 asid=1a
[   50.546343]  [pa=06988000 c=3 d=1 v=1 g=0] [pa=00000000 c=0 d=0 v=0 g=0]
[   50.557989] Index: 12 pgmask=4kb va=76f74000 asid=1a
[   50.557989]  [pa=0103d000 c=3 d=1 v=1 g=0] [pa=02b40000 c=3 d=0 v=1 g=0]
[   50.569636] Index: 13 pgmask=4kb va=566e8000 asid=1a
[   50.569636]  [pa=05dd0000 c=3 d=1 v=1 g=0] [pa=053e6000 c=3 d=1 v=1 g=0]
[   50.581283] Index: 14 pgmask=4kb va=566ac000 asid=1a
[   50.581283]  [pa=00000000 c=0 d=0 v=0 g=0] [pa=04b26000 c=3 d=1 v=1 g=0]
[   50.592930] Index: 17 pgmask=4kb va=76eca000 asid=1a
[   50.592930]  [pa=02184000 c=3 d=0 v=1 g=0] [pa=02185000 c=3 d=0 v=0 g=0]
[   50.604577] Index: 18 pgmask=4kb va=76f8c000 asid=1a
[   50.604577]  [pa=01da3000 c=3 d=0 v=1 g=0] [pa=01da4000 c=3 d=0 v=1 g=0]
[   50.616224] Index: 19 pgmask=4kb va=76e9c000 asid=1a
[   50.616224]  [pa=02225000 c=3 d=0 v=0 g=0] [pa=02226000 c=3 d=0 v=1 g=0]
[   50.627871] Index: 20 pgmask=4kb va=7fecc000 asid=1a
[   50.627871]  [pa=05b01000 c=3 d=1 v=1 g=0] [pa=05abe000 c=3 d=1 v=1 g=0]
[   50.639518] Index: 21 pgmask=4kb va=76ef0000 asid=1a
[   50.639518]  [pa=021aa000 c=3 d=0 v=1 g=0] [pa=021ab000 c=3 d=0 v=1 g=0]
[   50.651165] Index: 22 pgmask=4kb va=76e62000 asid=1a
[   50.651165]  [pa=021f6000 c=3 d=0 v=1 g=0] [pa=021f7000 c=3 d=0 v=1 g=0]
[   50.662812] Index: 23 pgmask=4kb va=74a00000 asid=1a
[   50.662812]  [pa=03395000 c=3 d=1 v=1 g=0] [pa=028a0000 c=3 d=1 v=1 g=0]
[   50.674459] Index: 24 pgmask=4kb va=75400000 asid=1a
[   50.674459]  [pa=05ec6000 c=3 d=1 v=1 g=0] [pa=00000000 c=0 d=0 v=0 g=0]
[   50.686105] Index: 25 pgmask=4kb va=76ede000 asid=1a
[   50.686105]  [pa=02198000 c=3 d=0 v=0 g=0] [pa=02199000 c=3 d=0 v=1 g=0]
[   50.697753] Index: 26 pgmask=4kb va=c009a000 asid=1a
[   50.697753]  [pa=00000000 c=0 d=0 v=0 g=1] [pa=02f90000 c=3 d=1 v=1 g=1]
[   50.709399] Index: 27 pgmask=4kb va=c0086000 asid=1a
[   50.709399]  [pa=02f69000 c=3 d=1 v=1 g=1] [pa=02f6a000 c=3 d=1 v=1 g=1]
[   50.721046] Index: 28 pgmask=4kb va=770f2000 asid=1a
[   50.721046]  [pa=06915000 c=3 d=0 v=1 g=0] [pa=06916000 c=3 d=0 v=1 g=0]
[   50.732693] Index: 29 pgmask=4kb va=56700000 asid=1a
[   50.732693]  [pa=0357b000 c=3 d=1 v=1 g=0] [pa=07f9c000 c=3 d=1 v=1 g=0]
[   50.744340] Index: 30 pgmask=4kb va=76f88000 asid=1a
[   50.744340]  [pa=01d9f000 c=3 d=0 v=1 g=0] [pa=01da0000 c=3 d=0 v=1 g=0]
[   50.755987] Index: 31 pgmask=4kb va=76fa4000 asid=1a
[   50.755987]  [pa=03c3d000 c=3 d=0 v=1 g=0] [pa=00000000 c=0 d=0 v=0 g=0]


Thanks and best regards!


>
> tTLB value lost software PTE bits
>
>> [   34.127559] Index: 26 pgmask=4kb va=c0096000 asid=fd
>> [   34.127559]  [pa=0302f000 c=3 d=1 v=1 g=1] [pa=03008000 c=3 d=1 v=1 g=1]
>> [   34.139205]
>> [   34.140686] Code: 03e00008  00000000  24831000 <bc950000> bc950020
>> bc950040  bc950060  bc950080  bc9500a0
>> [   34.150445]
>> [   34.151987] ---[ end trace 30089d2c358ff363 ]---
>> [   34.156614] Kernel panic - not syncing: Fatal exception
>> [   34.161831] Rebooting in 10 seconds..
>>
>>> I really have no idea of how the page_prot setting affecting the swap
>>> handling.
>>>
>>>> Thanks and best regards!
>>>>
>>>>
>>>>>   Original Message
>>>>> From: 周琰杰 (Zhou Yanjie)
>>>>> Sent: 2021年4月16日星期五 16:48
>>>>> To: [email protected]
>>>>> Cc: [email protected]; [email protected]; [email protected]; [email protected]; [email protected]; [email protected]; [email protected]; [email protected]; [email protected]; [email protected]; [email protected]; [email protected]; [email protected]; [email protected]; [email protected]
>>>>> Subject: [PATCH] Revert "MIPS: make userspace mapping young by default".
>>>>>
>>>>> This reverts commit f685a533a7fab35c5d069dcd663f59c8e4171a75.
>>>>>
>>>>> It cause kernel panic on Ingenic X1830, so let's revert it.
>>>>>
>>>>> Signed-off-by: 周琰杰 (Zhou Yanjie) <[email protected]>
>>>>> ---
>>>>> arch/mips/mm/cache.c | 31 ++++++++++++++-----------------
>>>>> 1 file changed, 14 insertions(+), 17 deletions(-)
>>>>>
>>>>> diff --git a/arch/mips/mm/cache.c b/arch/mips/mm/cache.c
>>>>> index 7719d63..9cfd432 100644
>>>>> --- a/arch/mips/mm/cache.c
>>>>> +++ b/arch/mips/mm/cache.c
>>>>> @@ -21,7 +21,6 @@
>>>>> #include <asm/cpu.h>
>>>>> #include <asm/cpu-features.h>
>>>>> #include <asm/setup.h>
>>>>> -#include <asm/pgtable.h>
>>>>>
>>>>> /* Cache operations. */
>>>>> void (*flush_cache_all)(void);
>>>>> @@ -157,31 +156,29 @@ unsigned long _page_cachable_default;
>>>>> EXPORT_SYMBOL(_page_cachable_default);
>>>>>
>>>>> #define PM(p) __pgprot(_page_cachable_default | (p))
>>>>> -#define PVA(p) PM(_PAGE_VALID | _PAGE_ACCESSED | (p))
>>>>>
>>>>> static inline void setup_protection_map(void)
>>>>> {
>>>>> protection_map[0] = PM(_PAGE_PRESENT | _PAGE_NO_EXEC | _PAGE_NO_READ);
>>>>> - protection_map[1] = PVA(_PAGE_PRESENT | _PAGE_NO_EXEC);
>>>>> - protection_map[2] = PVA(_PAGE_PRESENT | _PAGE_NO_EXEC | _PAGE_NO_READ);
>>>>> - protection_map[3] = PVA(_PAGE_PRESENT | _PAGE_NO_EXEC);
>>>>> - protection_map[4] = PVA(_PAGE_PRESENT);
>>>>> - protection_map[5] = PVA(_PAGE_PRESENT);
>>>>> - protection_map[6] = PVA(_PAGE_PRESENT);
>>>>> - protection_map[7] = PVA(_PAGE_PRESENT);
>>>>> + protection_map[1] = PM(_PAGE_PRESENT | _PAGE_NO_EXEC);
>>>>> + protection_map[2] = PM(_PAGE_PRESENT | _PAGE_NO_EXEC | _PAGE_NO_READ);
>>>>> + protection_map[3] = PM(_PAGE_PRESENT | _PAGE_NO_EXEC);
>>>>> + protection_map[4] = PM(_PAGE_PRESENT);
>>>>> + protection_map[5] = PM(_PAGE_PRESENT);
>>>>> + protection_map[6] = PM(_PAGE_PRESENT);
>>>>> + protection_map[7] = PM(_PAGE_PRESENT);
>>>>>
>>>>> protection_map[8] = PM(_PAGE_PRESENT | _PAGE_NO_EXEC | _PAGE_NO_READ);
>>>>> - protection_map[9] = PVA(_PAGE_PRESENT | _PAGE_NO_EXEC);
>>>>> - protection_map[10] = PVA(_PAGE_PRESENT | _PAGE_NO_EXEC | _PAGE_WRITE |
>>>>> + protection_map[9] = PM(_PAGE_PRESENT | _PAGE_NO_EXEC);
>>>>> + protection_map[10] = PM(_PAGE_PRESENT | _PAGE_NO_EXEC | _PAGE_WRITE |
>>>>> _PAGE_NO_READ);
>>>>> - protection_map[11] = PVA(_PAGE_PRESENT | _PAGE_NO_EXEC | _PAGE_WRITE);
>>>>> - protection_map[12] = PVA(_PAGE_PRESENT);
>>>>> - protection_map[13] = PVA(_PAGE_PRESENT);
>>>>> - protection_map[14] = PVA(_PAGE_PRESENT);
>>>>> - protection_map[15] = PVA(_PAGE_PRESENT);
>>>>> + protection_map[11] = PM(_PAGE_PRESENT | _PAGE_NO_EXEC | _PAGE_WRITE);
>>>>> + protection_map[12] = PM(_PAGE_PRESENT);
>>>>> + protection_map[13] = PM(_PAGE_PRESENT);
>>>>> + protection_map[14] = PM(_PAGE_PRESENT | _PAGE_WRITE);
>>>>> + protection_map[15] = PM(_PAGE_PRESENT | _PAGE_WRITE);
>>>>> }
>>>>>
>>>>> -#undef _PVA
>>>>> #undef PM
>>>>>
>>>>> void cpu_cache_init(void)

2021-04-20 14:06:00

by Zhou Yanjie

[permalink] [raw]
Subject: Re: [PATCH] Revert "MIPS: make userspace mapping young by default".


On 2021/4/20 上午10:48, Huang Pei wrote:
> Hi,
> On Mon, Apr 19, 2021 at 10:21:40PM +0800, Zhou Yanjie wrote:
>> Hi
>>
>> On 2021/4/19 下午12:56, Huang Pei wrote:
>>> On Sat, Apr 17, 2021 at 12:45:59AM +0800, Zhou Yanjie wrote:
>>>> On 2021/4/16 下午5:20, 黄沛 wrote:
>>>>> Is there any log about the panic?
>>>> Yes, below is the log:
>>>>
>>>>
>>>> [  195.436017] CPU 0 Unable to handle kernel paging request at virtual
>>>> address 77eb8000, epc == 80117868, ra == 80118208
>>>> [  195.446709] Oops[#1]:
>>>> [  195.448977] CPU: 0 PID: 1461 Comm: Xsession Not tainted
>>>> 5.12.0-rc6-00227-gc8fc6defbd2e-dirty #1
>>>> [  195.457661] $ 0   : 00000000 00000001 80117864 77eb9000
>>>> [  195.462888] $ 4   : 77eb8000 82419600 838ea000 82482ba0
>>>> [  195.468116] $ 8   : 826f8b18 8306f800 000072d5 8306f800
>>>> [  195.473343] $12   : 00000002 00000a03 00000001 00000402
>>>> [  195.478568] $16   : 77eb8000 809faf60 00000004 82482ba0
>>>> [  195.483794] $20   : 77eb8000 82419600 82482ba0 80860000
>>>> [  195.489021] $24   : 8086121c 80117864
>>>> [  195.494248] $28   : 838ea000 838ebd70 00000000 80118208
>>>> [  195.499475] Hi    : 00008c4e
>>>> [  195.502343] Lo    : 00004627
>>>> [  195.505212] epc   : 80117868 r4k_blast_dcache_page_dc32+0x4/0x9c
>>>> [  195.511217] ra    : 80118208 local_r4k_flush_cache_page+0x120/0x1b8
>>>> [  195.517476] Status: 10001403 KERNEL EXL IE
>>>> [  195.521657] Cause : 4080800c (ExcCode 03)
>>>> [  195.525654] BadVA : 77eb8000
>>>> [  195.528523] PrId  : 00d00100 (Ingenic XBurst)
>>>> [  195.532866] Modules linked in:
>>>> [  195.535911] Process Xsession (pid: 1461, threadinfo=00975a3e,
>>>> task=3724fd66, tls=77ebd690)
>>>> [  195.544162] Stack : 808a05ec f7edcbfd 8306f800 00000000 80860000 809faf60
>>>> 80990a3c 80117f90
>>>> [  195.552524]         809faf60 82419600 8306f800 801fd84c 00000000 801180b4
>>>> 838ebe80 80110b7c
>>>> [  195.560887]         80990a3c 82482ba0 82482ba0 77eb8000 00004627 f7edcbfd
>>>> 838ebe80 801cbc08
>>>> [  195.569249]         00000001 181b2000 00000000 801fa06c 00000000 83999ae0
>>>> 80860000 00000004
>>>> [  195.577610]         80990a3c f7edcbfd 80990a3c 838ebe80 00000004 80990a3c
>>>> 82482ba0 04627685
>>>> [  195.585973]         ...
>>>> [  195.588413] Call Trace:
>>>> [  195.590849] [<80117868>] r4k_blast_dcache_page_dc32+0x4/0x9c
>>>> [  195.596501] [<80118208>] local_r4k_flush_cache_page+0x120/0x1b8
>>>> [  195.602413] [<80117f90>] r4k_on_each_cpu.isra.8+0x24/0x58
>>>> [  195.607805] [<801180b4>] r4k_flush_cache_page+0x34/0x58
>>>> [  195.613023] [<801cbc08>] wp_page_copy+0x3a8/0x56c
>>>> [  195.617723] [<801ce944>] do_swap_page+0x4cc/0x558
>>>> [  195.622419] [<801cf3f8>] handle_mm_fault+0x790/0x93c
>>>> [  195.627374] [<8011025c>] do_page_fault+0x19c/0x540
>>>> [  195.632159] [<801142f0>] tlb_do_page_fault_1+0x10c/0x11c
>>>> [  195.637465]
>>>> [  195.638947] Code: 03e00008  00000000  24831000 <bc950000> bc950020
>>>> bc950040  bc950060  bc950080  bc9500a0
>>>> [  195.648706]
>>>> [  195.650243] ---[ end trace 7cc7d7f611932c42 ]---
>>>> [  195.654857] Kernel panic - not syncing: Fatal exception
>>>> [  195.660072] Rebooting in 10 seconds..
>>>>
>>>>
>>>> this problem can be triggered stably (by use Microsoft Remote Desktop client
>>>> to login to debian9 running on CU1830-Neo).
>>>>
>>> Could you print out the PTE value at 0x77eb8000 ?
>>
>> Here is the new log:
>>
>>
>> [   33.681712] CPU 0 Unable to handle kernel paging request at virtual
>> address 77ea4000, epc == 801178ac, ra == 80118250
>> [   33.692395] Oops[#1]:
>> [   33.694662] CPU: 0 PID: 1389 Comm: Xsession Not tainted 5.12.0-rc8-dirty
>> #2
>> [   33.701612] $ 0   : 00000000 00000001 801178a8 77ea5000
>> [   33.706839] $ 4   : 77ea4000 81bcd220 80118130 856712a0
>> [   33.712066] $ 8   : 833e4a80 8544b800 000070a8 8544b800
>> [   33.717293] $12   : 00000002 000005b7 00000001 00000000
>> [   33.722518] $16   : 81bcd220 77ea4000 80a11ad8 00000004
>> [   33.727745] $20   : 77ea4000 81bcd220 856712a0 80860000
>> [   33.732972] $24   : 0000001c 801178a8
>> [   33.738197] $28   : 82564000 82565d68 00000000 80118250
>> [   33.743424] Hi    : 0000f0cc
>> [   33.746293] Lo    : 00007866
>> [   33.749162] epc   : 801178ac r4k_blast_dcache_page_dc32+0x4/0x9c
>> [   33.755166] ra    : 80118250 local_r4k_flush_cache_page+0x120/0x2c8
>> [   33.761425] Status: 10001403 KERNEL EXL IE
>> [   33.765605] Cause : 4080800c (ExcCode 03)
>> [   33.769603] BadVA : 77ea4000
>> [   33.772472] PrId  : 00d00100 (Ingenic XBurst)
>> [   33.776816] Modules linked in:
>> [   33.779861] Process Xsession (pid: 1389, threadinfo=c8bdf64c,
>> task=2372d853, tls=77ea9690)
>> [   33.788111] Stack : 808a256c 00000000 808a256c bfa6939a 8544b800 80860000
>> 8094d308 80a11ad8
>> [   33.796474]         856712a0 80117fd8 8094d308 81bcd220 8544b800 801fdb10
>> 80945ce8 801180fc
>> [   33.804838]         82565e80 80110b8c 80a11ad8 856712a0 856712a0 77ea4000
>> 00007866 bfa6939a
>> [   33.813201]         82565e80 801cbe38 00000000 bfa6939a 80863494 801fa2c0
>> 856712a0 82562a90
>> [   33.821564]         80860000 00000000 80a11ad8 bfa6939a 80a11ad8 82565e80
>> 00000000 80a11ad8
>> [   33.829927]         ...
>> [   33.832367] Call Trace:
>> [   33.834803] [<801178ac>] r4k_blast_dcache_page_dc32+0x4/0x9c
>> [   33.840455] [<80118250>] local_r4k_flush_cache_page+0x120/0x2c8
>> [   33.846367] [<80117fd8>] r4k_on_each_cpu.isra.10+0x24/0x58
>> [   33.851845] [<801180fc>] r4k_flush_cache_page+0x34/0x58
>> [   33.857062] [<801cbe38>] wp_page_copy+0x3a8/0x56c
>> [   33.861763] [<801ceb74>] do_swap_page+0x4cc/0x558
>> [   33.866458] [<801cf628>] handle_mm_fault+0x790/0x93c
>> [   33.871414] [<8011026c>] do_page_fault+0x19c/0x540
>> [   33.876199] [<80114300>] tlb_do_page_fault_1+0x10c/0x11c
>> [   33.881506]
>> [   33.882987] Index:  5 pgmask=4kb va=77ea2000 asid=fd
>> [   33.882987]  [pa=02a99000 c=3 d=1 v=1 g=0] [pa=0690d000 c=3 d=0 v=0 g=0]
>> [   33.894635] Index:  6 pgmask=4kb va=77dc4000 asid=fd
>> [   33.894635]  [pa=01d30000 c=3 d=0 v=1 g=0] [pa=01d31000 c=3 d=0 v=1 g=0]
>> [   33.906281] Index:  7 pgmask=4kb va=77dc0000 asid=fd
>> [   33.906281]  [pa=01d2c000 c=3 d=0 v=1 g=0] [pa=01d2d000 c=3 d=0 v=1 g=0]
>> [   33.917928] Index:  8 pgmask=4kb va=77dc2000 asid=fd
>> [   33.917928]  [pa=01d2e000 c=3 d=0 v=1 g=0] [pa=01d2f000 c=3 d=0 v=1 g=0]
>> [   33.929574] Index:  9 pgmask=4kb va=77dc6000 asid=fd
>> [   33.929574]  [pa=01d32000 c=3 d=0 v=1 g=0] [pa=01d33000 c=3 d=0 v=1 g=0]
>> [   33.941220] Index: 10 pgmask=4kb va=77dc8000 asid=fd
>> [   33.941220]  [pa=01d34000 c=3 d=0 v=1 g=0] [pa=01d35000 c=3 d=0 v=1 g=0]
>> [   33.952866] Index: 11 pgmask=4kb va=77dca000 asid=fd
>> [   33.952866]  [pa=01d36000 c=3 d=0 v=1 g=0] [pa=01d37000 c=3 d=0 v=1 g=0]
>> [   33.964512] Index: 12 pgmask=4kb va=77dcc000 asid=fd
>> [   33.964512]  [pa=01d38000 c=3 d=0 v=1 g=0] [pa=01d39000 c=3 d=0 v=1 g=0]
>> [   33.976159] Index: 13 pgmask=4kb va=77dce000 asid=fd
>> [   33.976159]  [pa=01d3a000 c=3 d=0 v=1 g=0] [pa=01d3b000 c=3 d=0 v=1 g=0]
>> [   33.987805] Index: 14 pgmask=4kb va=77d82000 asid=fd
>> [   33.987805]  [pa=01dbd000 c=3 d=0 v=1 g=0] [pa=01dbe000 c=3 d=0 v=1 g=0]
>> [   33.999451] Index: 15 pgmask=4kb va=77d80000 asid=fd
>> [   33.999451]  [pa=01dbb000 c=3 d=0 v=1 g=0] [pa=01dbc000 c=3 d=0 v=1 g=0]
>> [   34.011097] Index: 16 pgmask=4kb va=77d84000 asid=fd
>> [   34.011097]  [pa=01dbf000 c=3 d=0 v=1 g=0] [pa=01dc0000 c=3 d=0 v=1 g=0]
>> [   34.022743] Index: 17 pgmask=4kb va=77d86000 asid=fd
>> [   34.022743]  [pa=01dc1000 c=3 d=0 v=1 g=0] [pa=01dc2000 c=3 d=0 v=1 g=0]
>> [   34.034389] Index: 18 pgmask=4kb va=77d88000 asid=fd
>> [   34.034389]  [pa=01dc3000 c=3 d=0 v=1 g=0] [pa=01dc4000 c=3 d=0 v=1 g=0]
>> [   34.046035] Index: 19 pgmask=4kb va=77d8a000 asid=fd
>> [   34.046035]  [pa=01dc5000 c=3 d=0 v=1 g=0] [pa=01dc6000 c=3 d=0 v=1 g=0]
>> [   34.057682] Index: 20 pgmask=4kb va=77d8c000 asid=fd
>> [   34.057682]  [pa=01dc7000 c=3 d=0 v=1 g=0] [pa=01dc8000 c=3 d=0 v=1 g=0]
>> [   34.069328] Index: 21 pgmask=4kb va=77d8e000 asid=fd
>> [   34.069328]  [pa=01dc9000 c=3 d=0 v=1 g=0] [pa=01dca000 c=3 d=0 v=1 g=0]
>> [   34.080975] Index: 22 pgmask=4kb va=7f7b0000 asid=fd
>> [   34.080975]  [pa=078ea000 c=3 d=0 v=1 g=0] [pa=07801000 c=3 d=0 v=0 g=0]
>> [   34.092621] Index: 23 pgmask=4kb va=77e5a000 asid=fd
>> [   34.092621]  [pa=07ece000 c=3 d=0 v=1 g=0] [pa=077fb000 c=3 d=0 v=1 g=0]
>> [   34.104267] Index: 24 pgmask=4kb va=77e5c000 asid=fd
>> [   34.104267]  [pa=0775f000 c=3 d=0 v=1 g=0] [pa=07314000 c=3 d=0 v=0 g=0]
>> [   34.115913] Index: 25 pgmask=4kb va=77ea4000 asid=fd
>> [   34.115913]  [pa=18122000 c=0 d=0 v=0 g=0] [pa=00000000 c=0 d=0 v=0 g=0]
> C = 0, pa = 18122000, it is weird,
>
> +. pa is too high for 32bit SOC here;
>
> +. C=0 is not a valid cache attribute;
>
> I think this is "not" a PTE for memory, maybe a swap entry?
>
> Could you print the PTE value, not the value in TLB?


Sorry for my carelessness, the log in the previous email was wrong,
please check the log in this email.


[   53.684067] --- pte 1 = 07698685
[   53.687376] --- pte 3 = 07698685
[   53.737175] --- pte 1 = 07699685
[   53.740412] --- pte 3 = 07699685
[   53.744064] --- pte 1 = 076c3685
[   53.747358] --- pte 3 = 076c3685
[   53.899679] --- pte 1 = 076c3685
[   53.902916] --- pte 3 = 076c3685
[   53.986275] --- pte 1 = 07825685
[   53.989511] --- pte 3 = 07825685
[   53.992739] --- pte 1 = 07800685
[   53.996031] --- pte 3 = 07800685
[   54.021555] --- pte 1 = 076d0685
[   54.024797] --- pte 3 = 076d0685
[   54.047399] --- pte 1 = 0768f685
[   54.050635] --- pte 3 = 0768f685
[   55.087662] --- pte 1 = 07971685
[   55.090934] --- pte 2 = 0797178f
[   55.094152] --- pte 3 = 0797178f
[   55.101275] --- pte 1 = 07976685
[   55.104511] --- pte 3 = 07976685
[   55.108895] --- pte 1 = 0797e685
[   55.112131] --- pte 3 = 0797e685
[   55.115357] --- pte 1 = 07a34685
[   55.118684] --- pte 3 = 07a34685
[   55.123019] --- pte 1 = 0625b685
[   55.126324] --- pte 3 = 0625b685
[   55.131577] --- pte 1 = 07a0c685
[   55.134820] --- pte 2 = 07a0c78f
[   55.138101] --- pte 3 = 07a0c78f
[   55.142280] --- pte 1 = 07b8e685
[   55.145587] --- pte 3 = 07b8e685
[   55.150378] --- pte 1 = 0797b685
[   55.153611] --- pte 3 = 0797b685
[   55.157897] --- pte 1 = 079af685
[   55.161134] --- pte 3 = 079af685
[   55.164361] --- pte 1 = 0797a685
[   55.167655] --- pte 3 = 0797a685
[   55.172019] --- pte 1 = 07b5f685
[   55.175255] --- pte 3 = 07b5f685
[   55.180359] --- pte 1 = 07b8b685
[   55.183592] --- pte 3 = 07b8b685
[   55.187921] --- pte 1 = 07a69685
[   55.191157] --- pte 3 = 07a69685
[   55.194392] --- pte 1 = 07a33685
[   55.197689] --- pte 3 = 07a33685
[   55.202073] --- pte 1 = 07aa6685
[   55.205307] --- pte 3 = 07aa6685
[   55.220744] --- pte 1 = 07974685
[   55.223981] --- pte 3 = 07974685
[   55.228617] --- pte 1 = 07b20685
[   55.231857] --- pte 3 = 07b20685
[   55.235091] CPU 0 Unable to handle kernel paging request at virtual
address 77e9c000, epc == 801178ac, ra == 80118250
[   55.245763] Oops[#1]:
[   55.248033] CPU: 0 PID: 1392 Comm: Xsession Not tainted
5.12.0-rc8-dirty #6
[   55.254983] $ 0   : 00000000 00000001 801178a8 77e9d000
[   55.260211] $ 4   : 77e9c000 824139c0 80118130 858ed800
[   55.265439] $ 8   : 83394a80 8596e800 00007017 8596e800
[   55.270667] $12   : 00000002 00000575 00000001 00000000
[   55.275893] $16   : 824139c0 77e9c000 80a17d00 00000004
[   55.281120] $20   : 77e9c000 824139c0 858ed800 80860000
[   55.286347] $24   : 00000000 801178a8
[   55.291573] $28   : 825c2000 825c3d68 00000000 80118250
[   55.296799] Hi    : 0000f640
[   55.299668] Lo    : 00007b20
[   55.302537] epc   : 801178ac r4k_blast_dcache_page_dc32+0x4/0x9c
[   55.308541] ra    : 80118250 local_r4k_flush_cache_page+0x120/0x2c8
[   55.314800] Status: 10001403 KERNEL EXL IE
[   55.318981] Cause : 4080800c (ExcCode 03)
[   55.322978] BadVA : 77e9c000
[   55.325847] PrId  : 00d00100 (Ingenic XBurst)
[   55.330191] Modules linked in:
[   55.333235] Process Xsession (pid: 1392, threadinfo=a50f3c17,
task=72017642, tls=77ea1690)
[   55.341487] Stack : 808a256c 00000000 808a256c 2dfe3c82 8596e800
80860000 80929d70 80a17d00
[   55.349850]         858ed800 80117fd8 80929d70 824139c0 8596e800
801fdb50 00000000 801180fc
[   55.358213]         825c3e80 80110b8c 80a17d00 858ed800 858ed800
77e9c000 00007b20 2dfe3c82
[   55.366575]         825c3e80 801cbe38 00000000 80a17d00 858ed800
801fa300 858ed800 840dea70
[   55.374938]         80860000 825c3e80 80a17d00 2dfe3c82 80a17d00
07b20685 825c3e80 00000000
[   55.383301]         ...
[   55.385741] Call Trace:
[   55.388177] [<801178ac>] r4k_blast_dcache_page_dc32+0x4/0x9c
[   55.393829] [<80118250>] local_r4k_flush_cache_page+0x120/0x2c8
[   55.399741] [<80117fd8>] r4k_on_each_cpu.isra.10+0x24/0x58
[   55.405219] [<801180fc>] r4k_flush_cache_page+0x34/0x58
[   55.410438] [<801cbe38>] wp_page_copy+0x3a8/0x56c
[   55.415138] [<801ceba8>] do_swap_page+0x500/0x58c
[   55.419833] [<801cf65c>] handle_mm_fault+0x790/0x93c
[   55.424789] [<8011026c>] do_page_fault+0x19c/0x540
[   55.429574] [<80114300>] tlb_do_page_fault_1+0x10c/0x11c
[   55.434881]
[   55.436363] Index:  0 pgmask=4kb va=77d70000 asid=ea
[   55.436363]  [pa=0209d000 c=3 d=0 v=1 g=0] [pa=0209e000 c=3 d=0 v=1 g=0]
[   55.448010] Index:  1 pgmask=4kb va=77d72000 asid=ea
[   55.448010]  [pa=0209f000 c=3 d=0 v=1 g=0] [pa=020a0000 c=3 d=0 v=1 g=0]
[   55.459657] Index:  2 pgmask=4kb va=77d74000 asid=ea
[   55.459657]  [pa=020a1000 c=3 d=0 v=1 g=0] [pa=020a2000 c=3 d=0 v=1 g=0]
[   55.471303] Index:  3 pgmask=4kb va=77d76000 asid=ea
[   55.471303]  [pa=020a3000 c=3 d=0 v=1 g=0] [pa=020a4000 c=3 d=0 v=1 g=0]
[   55.482949] Index:  4 pgmask=4kb va=77d78000 asid=ea
[   55.482949]  [pa=020a5000 c=3 d=0 v=1 g=0] [pa=020a6000 c=3 d=0 v=1 g=0]
[   55.494596] Index:  5 pgmask=4kb va=77d7c000 asid=ea
[   55.494596]  [pa=020a9000 c=3 d=0 v=1 g=0] [pa=020aa000 c=3 d=0 v=1 g=0]
[   55.506243] Index:  6 pgmask=4kb va=77d7e000 asid=ea
[   55.506243]  [pa=020ab000 c=3 d=0 v=1 g=0] [pa=020ac000 c=3 d=0 v=1 g=0]
[   55.517889] Index:  7 pgmask=4kb va=7f890000 asid=ea
[   55.517889]  [pa=03bd6000 c=3 d=0 v=1 g=0] [pa=00000000 c=0 d=0 v=0 g=0]
[   55.529535] Index:  8 pgmask=4kb va=77e52000 asid=ea
[   55.529535]  [pa=061d9000 c=3 d=0 v=1 g=0] [pa=07a34000 c=3 d=0 v=1 g=0]
[   55.541181] Index:  9 pgmask=4kb va=77e54000 asid=ea
[   55.541181]  [pa=0625b000 c=3 d=0 v=1 g=0] [pa=07974000 c=3 d=0 v=0 g=0]
[   55.552828] Index: 10 pgmask=4kb va=77e9c000 asid=ea
[   55.552828]  [pa=18166000 c=0 d=0 v=0 g=0] [pa=00000000 c=0 d=0 v=0 g=0]
[   55.564474] Index: 11 pgmask=4kb va=c008e000 asid=ea
[   55.564474]  [pa=027bb000 c=3 d=1 v=1 g=1] [pa=027bc000 c=3 d=1 v=1 g=1]
[   55.576121] Index: 22 pgmask=4kb va=77e9a000 asid=ea
[   55.576121]  [pa=0115b000 c=3 d=1 v=1 g=0] [pa=0797e000 c=3 d=0 v=0 g=0]
[   55.587767] Index: 23 pgmask=4kb va=77dbc000 asid=ea
[   55.587767]  [pa=0201a000 c=3 d=0 v=1 g=0] [pa=0201b000 c=3 d=0 v=1 g=0]
[   55.599413] Index: 24 pgmask=4kb va=77db0000 asid=ea
[   55.599413]  [pa=0200e000 c=3 d=0 v=1 g=0] [pa=0200f000 c=3 d=0 v=1 g=0]
[   55.611060] Index: 25 pgmask=4kb va=77db2000 asid=ea
[   55.611060]  [pa=02010000 c=3 d=0 v=1 g=0] [pa=02011000 c=3 d=0 v=1 g=0]
[   55.622707] Index: 26 pgmask=4kb va=77db4000 asid=ea
[   55.622707]  [pa=02012000 c=3 d=0 v=1 g=0] [pa=02013000 c=3 d=0 v=1 g=0]
[   55.634354] Index: 27 pgmask=4kb va=77db6000 asid=ea
[   55.634354]  [pa=02014000 c=3 d=0 v=1 g=0] [pa=02015000 c=3 d=0 v=1 g=0]
[   55.646000] Index: 28 pgmask=4kb va=77db8000 asid=ea
[   55.646000]  [pa=02016000 c=3 d=0 v=1 g=0] [pa=02017000 c=3 d=0 v=1 g=0]
[   55.657647] Index: 29 pgmask=4kb va=77dba000 asid=ea
[   55.657647]  [pa=02018000 c=3 d=0 v=1 g=0] [pa=02019000 c=3 d=0 v=1 g=0]
[   55.669294] Index: 30 pgmask=4kb va=77dbe000 asid=ea
[   55.669294]  [pa=0201c000 c=3 d=0 v=1 g=0] [pa=0201d000 c=3 d=0 v=1 g=0]
[   55.680941] Index: 31 pgmask=4kb va=77d7a000 asid=ea
[   55.680941]  [pa=020a7000 c=3 d=0 v=1 g=0] [pa=020a8000 c=3 d=0 v=1 g=0]
[   55.692588]
[   55.694068] Code: 03e00008  00000000  24831000 <bc950000> bc950020 
bc950040  bc950060  bc950080  bc9500a0
[   55.703829]
[   55.705356] ---[ end trace 61b1a20b38fed08e ]---
[   55.709981] Kernel panic - not syncing: Fatal exception
[   55.715199] Rebooting in 10 seconds..


>
> tTLB value lost software PTE bits
>
>> [   34.127559] Index: 26 pgmask=4kb va=c0096000 asid=fd
>> [   34.127559]  [pa=0302f000 c=3 d=1 v=1 g=1] [pa=03008000 c=3 d=1 v=1 g=1]
>> [   34.139205]
>> [   34.140686] Code: 03e00008  00000000  24831000 <bc950000> bc950020
>> bc950040  bc950060  bc950080  bc9500a0
>> [   34.150445]
>> [   34.151987] ---[ end trace 30089d2c358ff363 ]---
>> [   34.156614] Kernel panic - not syncing: Fatal exception
>> [   34.161831] Rebooting in 10 seconds..
>>
>>> I really have no idea of how the page_prot setting affecting the swap
>>> handling.
>>>
>>>> Thanks and best regards!
>>>>
>>>>
>>>>>   Original Message
>>>>> From: 周琰杰 (Zhou Yanjie)
>>>>> Sent: 2021年4月16日星期五 16:48
>>>>> To: [email protected]
>>>>> Cc: [email protected]; [email protected]; [email protected]; [email protected]; [email protected]; [email protected]; [email protected]; [email protected]; [email protected]; [email protected]; [email protected]; [email protected]; [email protected]; [email protected]; [email protected]
>>>>> Subject: [PATCH] Revert "MIPS: make userspace mapping young by default".
>>>>>
>>>>> This reverts commit f685a533a7fab35c5d069dcd663f59c8e4171a75.
>>>>>
>>>>> It cause kernel panic on Ingenic X1830, so let's revert it.
>>>>>
>>>>> Signed-off-by: 周琰杰 (Zhou Yanjie) <[email protected]>
>>>>> ---
>>>>> arch/mips/mm/cache.c | 31 ++++++++++++++-----------------
>>>>> 1 file changed, 14 insertions(+), 17 deletions(-)
>>>>>
>>>>> diff --git a/arch/mips/mm/cache.c b/arch/mips/mm/cache.c
>>>>> index 7719d63..9cfd432 100644
>>>>> --- a/arch/mips/mm/cache.c
>>>>> +++ b/arch/mips/mm/cache.c
>>>>> @@ -21,7 +21,6 @@
>>>>> #include <asm/cpu.h>
>>>>> #include <asm/cpu-features.h>
>>>>> #include <asm/setup.h>
>>>>> -#include <asm/pgtable.h>
>>>>>
>>>>> /* Cache operations. */
>>>>> void (*flush_cache_all)(void);
>>>>> @@ -157,31 +156,29 @@ unsigned long _page_cachable_default;
>>>>> EXPORT_SYMBOL(_page_cachable_default);
>>>>>
>>>>> #define PM(p) __pgprot(_page_cachable_default | (p))
>>>>> -#define PVA(p) PM(_PAGE_VALID | _PAGE_ACCESSED | (p))
>>>>>
>>>>> static inline void setup_protection_map(void)
>>>>> {
>>>>> protection_map[0] = PM(_PAGE_PRESENT | _PAGE_NO_EXEC | _PAGE_NO_READ);
>>>>> - protection_map[1] = PVA(_PAGE_PRESENT | _PAGE_NO_EXEC);
>>>>> - protection_map[2] = PVA(_PAGE_PRESENT | _PAGE_NO_EXEC | _PAGE_NO_READ);
>>>>> - protection_map[3] = PVA(_PAGE_PRESENT | _PAGE_NO_EXEC);
>>>>> - protection_map[4] = PVA(_PAGE_PRESENT);
>>>>> - protection_map[5] = PVA(_PAGE_PRESENT);
>>>>> - protection_map[6] = PVA(_PAGE_PRESENT);
>>>>> - protection_map[7] = PVA(_PAGE_PRESENT);
>>>>> + protection_map[1] = PM(_PAGE_PRESENT | _PAGE_NO_EXEC);
>>>>> + protection_map[2] = PM(_PAGE_PRESENT | _PAGE_NO_EXEC | _PAGE_NO_READ);
>>>>> + protection_map[3] = PM(_PAGE_PRESENT | _PAGE_NO_EXEC);
>>>>> + protection_map[4] = PM(_PAGE_PRESENT);
>>>>> + protection_map[5] = PM(_PAGE_PRESENT);
>>>>> + protection_map[6] = PM(_PAGE_PRESENT);
>>>>> + protection_map[7] = PM(_PAGE_PRESENT);
>>>>>
>>>>> protection_map[8] = PM(_PAGE_PRESENT | _PAGE_NO_EXEC | _PAGE_NO_READ);
>>>>> - protection_map[9] = PVA(_PAGE_PRESENT | _PAGE_NO_EXEC);
>>>>> - protection_map[10] = PVA(_PAGE_PRESENT | _PAGE_NO_EXEC | _PAGE_WRITE |
>>>>> + protection_map[9] = PM(_PAGE_PRESENT | _PAGE_NO_EXEC);
>>>>> + protection_map[10] = PM(_PAGE_PRESENT | _PAGE_NO_EXEC | _PAGE_WRITE |
>>>>> _PAGE_NO_READ);
>>>>> - protection_map[11] = PVA(_PAGE_PRESENT | _PAGE_NO_EXEC | _PAGE_WRITE);
>>>>> - protection_map[12] = PVA(_PAGE_PRESENT);
>>>>> - protection_map[13] = PVA(_PAGE_PRESENT);
>>>>> - protection_map[14] = PVA(_PAGE_PRESENT);
>>>>> - protection_map[15] = PVA(_PAGE_PRESENT);
>>>>> + protection_map[11] = PM(_PAGE_PRESENT | _PAGE_NO_EXEC | _PAGE_WRITE);
>>>>> + protection_map[12] = PM(_PAGE_PRESENT);
>>>>> + protection_map[13] = PM(_PAGE_PRESENT);
>>>>> + protection_map[14] = PM(_PAGE_PRESENT | _PAGE_WRITE);
>>>>> + protection_map[15] = PM(_PAGE_PRESENT | _PAGE_WRITE);
>>>>> }
>>>>>
>>>>> -#undef _PVA
>>>>> #undef PM
>>>>>
>>>>> void cpu_cache_init(void)

2021-04-23 14:59:57

by Thomas Bogendoerfer

[permalink] [raw]
Subject: Re: [PATCH] Revert "MIPS: make userspace mapping young by default".

On Tue, Apr 20, 2021 at 10:03:01PM +0800, Zhou Yanjie wrote:
> Sorry for my carelessness, the log in the previous email was wrong, please
> check the log in this email.
>
> [?? 53.684067] --- pte 1 = 07698685

any chance to print the virtual address to this pte ?

> [?? 53.687376] --- pte 3 = 07698685
> [?? 53.737175] --- pte 1 = 07699685
> [?? 53.740412] --- pte 3 = 07699685
> [?? 53.744064] --- pte 1 = 076c3685
> [..]

could you print PTE, which faults ? And what is mapped there ?


so far I haven't seen any ill-effects of the (bisected ?) patch.
The problem I have with reverting is that IMHO we re-introduce the bug,
which this patch fixed.

Thomas.

--
Crap can work. Given enough thrust pigs will fly, but it's not necessarily a
good idea. [ RFC1925, 2.3 ]

2021-04-24 11:25:15

by Zhou Yanjie

[permalink] [raw]
Subject: Re: [PATCH] Revert "MIPS: make userspace mapping young by default".

Hi Thomas,

On 2021/4/23 下午10:51, Thomas Bogendoerfer wrote:
> On Tue, Apr 20, 2021 at 10:03:01PM +0800, Zhou Yanjie wrote:
>> Sorry for my carelessness, the log in the previous email was wrong, please
>> check the log in this email.
>>
>> [   53.684067] --- pte 1 = 07698685
> any chance to print the virtual address to this pte ?
>
>> [   53.687376] --- pte 3 = 07698685
>> [   53.737175] --- pte 1 = 07699685
>> [   53.740412] --- pte 3 = 07699685
>> [   53.744064] --- pte 1 = 076c3685
>> [..]
> could you print PTE, which faults ? And what is mapped there ?
>
>
> so far I haven't seen any ill-effects of the (bisected ?) patch.
> The problem I have with reverting is that IMHO we re-introduce the bug,
> which this patch fixed.


Fortunately, Mr. Huang Pei and I are in the same city. We have done
off-line communication, and he is very generous to help troubleshoot the
problem.


Thanks and best regards!


>
> Thomas.
>

2021-04-26 13:13:59

by Huang Pei

[permalink] [raw]
Subject: Re: [PATCH] Revert "MIPS: make userspace mapping young by default".

Hi, Thomas,
On Sat, Apr 24, 2021 at 07:24:21PM +0800, Zhou Yanjie wrote:
> Hi Thomas,
>
> On 2021/4/23 下午10:51, Thomas Bogendoerfer wrote:
> > On Tue, Apr 20, 2021 at 10:03:01PM +0800, Zhou Yanjie wrote:
> > > Sorry for my carelessness, the log in the previous email was wrong, please
> > > check the log in this email.
> > >
> > > [   53.684067] --- pte 1 = 07698685
> > any chance to print the virtual address to this pte ?
> >
> > > [   53.687376] --- pte 3 = 07698685
> > > [   53.737175] --- pte 1 = 07699685
> > > [   53.740412] --- pte 3 = 07699685
> > > [   53.744064] --- pte 1 = 076c3685
> > > [..]
> > could you print PTE, which faults ? And what is mapped there ?
> >
> >
> > so far I haven't seen any ill-effects of the (bisected ?) patch.
> > The problem I have with reverting is that IMHO we re-introduce the bug,
> > which this patch fixed.
>
>
> Fortunately, Mr. Huang Pei and I are in the same city. We have done off-line
> communication, and he is very generous to help troubleshoot the problem.
>
>
> Thanks and best regards!
>
>
> >
> > Thomas.
> >

I add some debug info based on v5.12, see patch and kernel log below

--------------------
diff --git a/arch/mips/kernel/traps.c b/arch/mips/kernel/traps.c
index 808b8b61ded1..86ce01d66b03 100644
--- a/arch/mips/kernel/traps.c
+++ b/arch/mips/kernel/traps.c
@@ -376,6 +376,7 @@ void show_registers(struct pt_regs *regs)
set_fs(KERNEL_DS);
show_stacktrace(current, regs, KERN_DEFAULT);
show_code((unsigned int __user *) regs->cp0_epc);
+ dump_tlb_all();
printk("\n");
set_fs(old_fs);
}
diff --git a/mm/memory.c b/mm/memory.c
index 550405fc3b5e..d8f1c69de242 100644
--- a/mm/memory.c
+++ b/mm/memory.c
@@ -2831,7 +2831,7 @@ static inline void wp_page_reuse(struct vm_fault *vmf)
* held to the old page, as well as updating the rmap.
* - In any case, unlock the PTL and drop the reference we took to the old page.
*/
-static vm_fault_t wp_page_copy(struct vm_fault *vmf)
+static vm_fault_t wp_page_copy(struct vm_fault *vmf, int a)
{
struct vm_area_struct *vma = vmf->vma;
struct mm_struct *mm = vma->vm_mm;
@@ -2862,6 +2862,8 @@ static vm_fault_t wp_page_copy(struct vm_fault *vmf)
* the same address and we will handle the fault
* from the second attempt.
*/
+ if (a)
+ pr_info("hp:copy ok\n");
put_page(new_page);
if (old_page)
put_page(old_page);
@@ -2894,6 +2896,8 @@ static vm_fault_t wp_page_copy(struct vm_fault *vmf)
} else {
inc_mm_counter_fast(mm, MM_ANONPAGES);
}
+ if (a)
+ pr_info("hp:out %p, %lx, %lx\n", vma, vmf->address, pte_val(vmf->orig_pte));
flush_cache_page(vma, vmf->address, pte_pfn(vmf->orig_pte));
entry = mk_pte(new_page, vma->vm_page_prot);
entry = maybe_mkwrite(pte_mkdirty(entry), vma);
@@ -3087,7 +3091,7 @@ static vm_fault_t wp_page_shared(struct vm_fault *vmf)
* but allow concurrent faults), with pte both mapped and locked.
* We return with mmap_lock still held, but pte unmapped and unlocked.
*/
-static vm_fault_t do_wp_page(struct vm_fault *vmf)
+static vm_fault_t do_wp_page(struct vm_fault *vmf, int a)
__releases(vmf->ptl)
{
struct vm_area_struct *vma = vmf->vma;
@@ -3119,7 +3123,9 @@ static vm_fault_t do_wp_page(struct vm_fault *vmf)
return wp_pfn_shared(vmf);

pte_unmap_unlock(vmf->pte, vmf->ptl);
- return wp_page_copy(vmf);
+ if (a)
+ pr_info("hp:in2\n");
+ return wp_page_copy(vmf, a);
}

/*
@@ -3157,7 +3163,9 @@ static vm_fault_t do_wp_page(struct vm_fault *vmf)
get_page(vmf->page);

pte_unmap_unlock(vmf->pte, vmf->ptl);
- return wp_page_copy(vmf);
+ if (a)
+ pr_info("hp:in3\n");
+ return wp_page_copy(vmf, a);
}

static void unmap_mapping_range_vma(struct vm_area_struct *vma,
@@ -3433,6 +3441,10 @@ vm_fault_t do_swap_page(struct vm_fault *vmf)
}
set_pte_at(vma->vm_mm, vmf->address, vmf->pte, pte);
arch_do_swap_page(vma->vm_mm, vma, vmf->address, pte, vmf->orig_pte);
+ if (vmf->flags & FAULT_FLAG_WRITE)
+ pr_info("hp: %p, %p, %lx, %lx, %lx\n", vma->vm_mm, vma, vmf->address, pte_val(pte),
+ pte_val(vmf->orig_pte));
+
vmf->orig_pte = pte;

/* ksm created a completely new copy */
@@ -3462,7 +3474,7 @@ vm_fault_t do_swap_page(struct vm_fault *vmf)
}

if (vmf->flags & FAULT_FLAG_WRITE) {
- ret |= do_wp_page(vmf);
+ ret |= do_wp_page(vmf, 1);
if (ret & VM_FAULT_ERROR)
ret &= VM_FAULT_ERROR;
goto out;
@@ -4333,7 +4345,7 @@ static vm_fault_t handle_pte_fault(struct vm_fault *vmf)
}
if (vmf->flags & FAULT_FLAG_WRITE) {
if (!pte_write(entry))
- return do_wp_page(vmf);
+ return do_wp_page(vmf, 0);
entry = pte_mkdirty(entry);
}
entry = pte_mkyoung(entry);
-------------------------------------
[ 27.502265] random: 7 urandom warning(s) missed due to ratelimiting
[371/1987]
[ 40.775969] hp: 368bbd08, baf3a8c3, 77e23000, 6807685, 2017a000

!!! swap entry is 0x2017a000

[ 40.781983] hp:in3
[ 40.784005] hp:out baf3a8c3, 77e23000, 6807685

!!! vmf->pte is held with ptl, so and "pte_same return true" imply that
the *vmf->pte is 0x6807685, instead of 0x2017a000, aka. swap entry

[ 40.788446] CPU 0 Unable to handle kernel paging request at virtual
address 77e23000, epc == 801174ec, ra == 80117fb0
[ 40.799084] Oops[#1]:
[ 40.801353] CPU: 0 PID: 1370 Comm: Xsession Not tainted
5.12.0-00060-g8099b2938a9d-dirty #55
[ 40.809777] $ 0 : 00000000 00000001 801174e8 77e24000
[ 40.815006] $ 4 : 77e23000 83a1f280 80117d7c 83995c30
[ 40.820234] $ 8 : ffffffea 83995c44 00000000 0000000a
[ 40.825461] $12 : 65373720 806b1270 0000000f 30303332
[ 40.830688] $16 : 83a1f280 77e23000 809dcd1c 00000004
[ 40.835915] $20 : 00000000 83a1f280 856c76c0 00000000
[ 40.841142] $24 : 00000000 8042251c
[ 40.846368] $28 : 83994000 83995d60 80860000 80117fb0
[ 40.851596] Hi : 00000000
[ 40.854465] Lo : 0000afa8
[ 40.857333] epc : 801174ec r4k_blast_dcache_page_dc32+0x4/0x9c
[ 40.863338] ra : 80117fb0 local_r4k_flush_cache_page+0x234/0x2b4
[ 40.869597] Status: 10001403 KERNEL EXL IE
[ 40.873779] Cause : 4080800c (ExcCode 03)
[ 40.877775] BadVA : 77e23000
[ 40.880645] PrId : 00d00100 (Ingenic XBurst)
[ 40.884989] Modules linked in:
[ 40.888034] Process Xsession (pid: 1370, threadinfo=ca5ce8d6,
task=61c8f3ad, tls=77e28690)

!!! This is my first time debug MIPS32 kernel, I think both threadinfo
and task should be at KSEG0, instead of KSEG2 or USEG

[ 40.896285] Stack : 83995dcc 00000000 80860000 8093e2f8 809dcd1c
80860000 8093e2f8 809dcd1c
[ 40.904649] 856c76c0 80117c1c 00000000 00000cc0 855e7800
80860000 83995dcc 80117d48
[ 40.913013] 856c76c0 806536f0 809dcd1c 856c76c0 856c76c0
77e23000 00006807 fa51a59c
[ 40.921377] 83995e80 801ca8bc 00000002 856c76c0 77e23000
06807685 00000000 8387b88c
[ 40.929739] 80860000 fa51a59c 83995e80 fa51a59c 809dcd1c
83995e80 00000004 856c76c0
[ 40.938103] ...
[ 40.940544] Call Trace:
[ 40.942979] [<801174ec>] r4k_blast_dcache_page_dc32+0x4/0x9c
[ 40.948633] [<80117fb0>] local_r4k_flush_cache_page+0x234/0x2b4
[ 40.954546] [<80117c1c>] r4k_on_each_cpu.isra.10+0x24/0x58
[ 40.960024] [<80117d48>] r4k_flush_cache_page+0x38/0x5c
[ 40.965242] [<801ca8bc>] wp_page_copy+0x1d0/0x5a8
[ 40.969943] [<801cd838>] do_swap_page+0x4a0/0x588
[ 40.974642] [<801ce3dc>] handle_mm_fault+0x834/0x954
[ 40.979601] [<80110054>] do_page_fault+0x294/0x530
[ 40.984387] [<80113fa0>] tlb_do_page_fault_1+0x10c/0x11c
[ 40.989693]
[ 40.991175] Code: 03e00008 00000000 24831000 <bc950000> bc950020
bc950040 bc950060 bc950080 bc9500a0
[ 41.000936] Index: 7 pgmask=4kb va=77e20000 asid=5c
[ 41.000936] [pa=2017e000 c=0 d=0 v=0 g=0] [pa=058b5000 c=3 d=1 v=1
g=0]
[ 41.012585] Index: 8 pgmask=4kb va=77d44000 asid=5c
[ 41.012585] [pa=013f4000 c=3 d=0 v=1 g=0] [pa=013f5000 c=3 d=0 v=1
g=0]
[ 41.024232] Index: 9 pgmask=4kb va=77d40000 asid=5c
[ 41.024232] [pa=013f0000 c=3 d=0 v=1 g=0] [pa=013f1000 c=3 d=0 v=1
g=0]
[ 41.035879] Index: 10 pgmask=4kb va=77d42000 asid=5c
[ 41.035879] [pa=013f2000 c=3 d=0 v=1 g=0] [pa=013f3000 c=3 d=0 v=1
g=0]
[ 41.047525] Index: 11 pgmask=4kb va=77d46000 asid=5c
[ 41.047525] [pa=013f6000 c=3 d=0 v=1 g=0] [pa=013f7000 c=3 d=0 v=1
g=0]
[ 41.059173] Index: 12 pgmask=4kb va=77d48000 asid=5c
[ 41.059173] [pa=013f8000 c=3 d=0 v=1 g=0] [pa=013f9000 c=3 d=0 v=1
g=0]
[ 41.070819] Index: 13 pgmask=4kb va=77d4a000 asid=5c
[ 41.070819] [pa=013fa000 c=3 d=0 v=1 g=0] [pa=013fb000 c=3 d=0 v=1
g=0]
[ 41.082467] Index: 14 pgmask=4kb va=77d4c000 asid=5c
[ 41.082467] [pa=013fc000 c=3 d=0 v=1 g=0] [pa=013fd000 c=3 d=0 v=1
g=0]
[ 41.094113] Index: 15 pgmask=4kb va=77d4e000 asid=5c
[ 41.094113] [pa=013fe000 c=3 d=0 v=1 g=0] [pa=013ff000 c=3 d=0 v=1
g=0]
[ 41.105760] Index: 16 pgmask=4kb va=77d02000 asid=5c
[ 41.105760] [pa=01c81000 c=3 d=0 v=1 g=0] [pa=01c82000 c=3 d=0 v=1
g=0]
[ 41.117407] Index: 17 pgmask=4kb va=77d00000 asid=5c
[ 41.117407] [pa=01c7f000 c=3 d=0 v=1 g=0] [pa=01c80000 c=3 d=0 v=1
g=0]
[ 41.129054] Index: 18 pgmask=4kb va=77d04000 asid=5c
[ 41.129054] [pa=01c83000 c=3 d=0 v=1 g=0] [pa=01c84000 c=3 d=0 v=1
g=0]
[ 41.140701] Index: 19 pgmask=4kb va=77d06000 asid=5c
[ 41.140701] [pa=01c85000 c=3 d=0 v=1 g=0] [pa=01c86000 c=3 d=0 v=1
g=0]
[ 41.152348] Index: 20 pgmask=4kb va=77d08000 asid=5c
[ 41.152348] [pa=01c87000 c=3 d=0 v=1 g=0] [pa=01c88000 c=3 d=0 v=1
g=0]
[ 41.163995] Index: 21 pgmask=4kb va=77d0a000 asid=5c
[ 41.163995] [pa=01c89000 c=3 d=0 v=1 g=0] [pa=01c8a000 c=3 d=0 v=1
g=0]
[ 41.175642] Index: 22 pgmask=4kb va=77d0c000 asid=5c
[ 41.175642] [pa=01c8b000 c=3 d=0 v=1 g=0] [pa=01c8c000 c=3 d=0 v=1
g=0]
[ 41.187289] Index: 23 pgmask=4kb va=77d0e000 asid=5c
[ 41.187289] [pa=01c8d000 c=3 d=0 v=1 g=0] [pa=01c8e000 c=3 d=0 v=1
g=0]
[ 41.198936] Index: 24 pgmask=4kb va=7f8ee000 asid=5c
[ 41.198936] [pa=02efd000 c=3 d=0 v=0 g=0] [pa=01a8e000 c=3 d=0 v=1
g=0]
[ 41.210583] Index: 25 pgmask=4kb va=77dda000 asid=5c
[ 41.210583] [pa=022cc000 c=3 d=0 v=1 g=0] [pa=042a6000 c=3 d=0 v=1
g=0]
[ 41.222230] Index: 26 pgmask=4kb va=77dd8000 asid=5c
[ 41.222230] [pa=06618000 c=3 d=0 v=0 g=0] [pa=05794000 c=3 d=0 v=1
g=0]
[ 41.233877] Index: 27 pgmask=4kb va=77e22000 asid=5c
[ 41.233877] [pa=06a17000 c=3 d=0 v=0 g=0] [pa=2017a000 c=0 d=0 v=0
g=0]

!!! TLB entry is loading a SWAP entry(C=0, pa=swap) at BADV, the pte_buddy point to a valid
PFN(C=3, pa seem ok), but it is impossible, since line 116 must flush the tlb and
replaced swap entry with new page

Am I missing something?

[ 41.245524] Index: 28 pgmask=4kb va=c00a2000 asid=5c
[ 41.245524] [pa=02c3c000 c=3 d=1 v=1 g=1] [pa=02c3d000 c=3 d=1 v=1
g=1]
[ 41.257171] Index: 29 pgmask=4kb va=c00aa000 asid=5c
[ 41.257171] [pa=00000000 c=0 d=0 v=0 g=1] [pa=02c45000 c=3 d=1 v=1
g=1]

2021-04-29 18:05:56

by Thomas Bogendoerfer

[permalink] [raw]
Subject: Re: [PATCH] Revert "MIPS: make userspace mapping young by default".

On Mon, Apr 26, 2021 at 09:11:47PM +0800, Huang Pei wrote:
> [ 40.873779] Cause : 4080800c (ExcCode 03)
> [ 40.877775] BadVA : 77e23000
> [ 40.880645] PrId : 00d00100 (Ingenic XBurst)
> [ 40.884989] Modules linked in:
> [ 40.888034] Process Xsession (pid: 1370, threadinfo=ca5ce8d6,
> task=61c8f3ad, tls=77e28690)
>
> !!! This is my first time debug MIPS32 kernel, I think both threadinfo
> and task should be at KSEG0, instead of KSEG2 or USEG

don't print pointers with %p they will be garbled for security reasons.

see Documentation/core-api/printk-formats.rst

"A raw pointer value may be printed with %p which will hash the address
before printing."

> [ 41.233877] Index: 27 pgmask=4kb va=77e22000 asid=5c
> [ 41.233877] [pa=06a17000 c=3 d=0 v=0 g=0] [pa=2017a000 c=0 d=0 v=0
> g=0]
>
> !!! TLB entry is loading a SWAP entry(C=0, pa=swap) at BADV, the pte_buddy point to a valid
> PFN(C=3, pa seem ok), but it is impossible, since line 116 must flush the tlb and
> replaced swap entry with new page
>
> Am I missing something?

not sure, if I'm on the right track, but with the _PAGE_VALID bit set in
the new pte local_r4k_flush_cache_page() will do

if ((mm == current->active_mm) && (pte_val(*ptep) & _PAGE_VALID))
vaddr = NULL;


and then

vaddr ? r4k_blast_dcache_page(addr) :
r4k_blast_dcache_user_page(addr);

flush the address directly instead with r4k_blast_dcache_user_page().
But the TLB will be updated after the cache flush (which is correct IMHO).
So setting the VALID bit too early destroys the logic of flushing
cache aliases. Do you agree ?

Thomas.

--
Crap can work. Given enough thrust pigs will fly, but it's not necessarily a
good idea. [ RFC1925, 2.3 ]

2021-04-30 02:09:24

by Huang Pei

[permalink] [raw]
Subject: Re: [PATCH] Revert "MIPS: make userspace mapping young by default".

On Thu, Apr 29, 2021 at 08:04:17PM +0200, Thomas Bogendoerfer wrote:
> On Mon, Apr 26, 2021 at 09:11:47PM +0800, Huang Pei wrote:
> > [ 40.873779] Cause : 4080800c (ExcCode 03)
> > [ 40.877775] BadVA : 77e23000
> > [ 40.880645] PrId : 00d00100 (Ingenic XBurst)
> > [ 40.884989] Modules linked in:
> > [ 40.888034] Process Xsession (pid: 1370, threadinfo=ca5ce8d6,
> > task=61c8f3ad, tls=77e28690)
> >
> > !!! This is my first time debug MIPS32 kernel, I think both threadinfo
> > and task should be at KSEG0, instead of KSEG2 or USEG
>
> don't print pointers with %p they will be garbled for security reasons.
>
> see Documentation/core-api/printk-formats.rst
>
> "A raw pointer value may be printed with %p which will hash the address
> before printing."
>
> > [ 41.233877] Index: 27 pgmask=4kb va=77e22000 asid=5c
> > [ 41.233877] [pa=06a17000 c=3 d=0 v=0 g=0] [pa=2017a000 c=0 d=0 v=0
> > g=0]
> >
> > !!! TLB entry is loading a SWAP entry(C=0, pa=swap) at BADV, the pte_buddy point to a valid
> > PFN(C=3, pa seem ok), but it is impossible, since line 116 must flush the tlb and
> > replaced swap entry with new page
> >
My mistake, line 116(aka set_pte_at) flush ONLY cache (__update_cache)
instead of tlb, so it is ok that the we saw it since this is how page
swap in began with.

the CP0 EPC indicate a "cache 0x15 0x77e23000" trigger it, with my patch
applyed, the PTE is set young,

> > Am I missing something?
>
> not sure, if I'm on the right track, but with the _PAGE_VALID bit set in
> the new pte local_r4k_flush_cache_page() will do
>
> if ((mm == current->active_mm) && (pte_val(*ptep) & _PAGE_VALID))
> vaddr = NULL;
>

without my patch, go through the "else" branch with kmap*

-------------
else {
/*
* Use kmap_coherent or kmap_atomic to do flushes for
* another ASID than the current one.
*/
map_coherent = (cpu_has_dc_aliases &&
page_mapcount(page) &&
!Page_dcache_dirty(page));
if (map_coherent)
vaddr = kmap_coherent(page, addr);
else
vaddr = kmap_atomic(page);
addr = (unsigned long)vaddr;
}
--------------
Obviously, flush_cache_page with kmaped address would not cause TLB Invalid
Exception, while fulsh_cache_page with original address would cause TLB
invalid exception since the new PTE with V|Y set does not take effect in TLB


In short, the TLB is stale with SWAP entry and _PAGE_VALID clear.

+. with my patch, then flush_cache_page believe the _PAGE_VALID set in TLB
because it detect the PTE is young, so trigger the TLB Store Invalid exception.

+. without my patch, the flush_cache_page knew the PTE is old, so use
the kmapped address to flush cache, which is in accord with the page
copy before.

my fix to this is flush tlb, any idea?
>
> and then
>
> vaddr ? r4k_blast_dcache_page(addr) :
> r4k_blast_dcache_user_page(addr);
>
> flush the address directly instead with r4k_blast_dcache_user_page().
> But the TLB will be updated after the cache flush (which is correct IMHO).
> So setting the VALID bit too early destroys the logic of flushing
> cache aliases. Do you agree ?
>
> Thomas.
>
> --
> Crap can work. Given enough thrust pigs will fly, but it's not necessarily a
> good idea. [ RFC1925, 2.3 ]

2021-05-08 08:49:16

by Zhou Yanjie

[permalink] [raw]
Subject: Re: [PATCH] Revert "MIPS: make userspace mapping young by default".

Hi,

On 2021/4/30 上午2:04, Thomas Bogendoerfer wrote:
> On Mon, Apr 26, 2021 at 09:11:47PM +0800, Huang Pei wrote:
>> [ 40.873779] Cause : 4080800c (ExcCode 03)
>> [ 40.877775] BadVA : 77e23000
>> [ 40.880645] PrId : 00d00100 (Ingenic XBurst)
>> [ 40.884989] Modules linked in:
>> [ 40.888034] Process Xsession (pid: 1370, threadinfo=ca5ce8d6,
>> task=61c8f3ad, tls=77e28690)
>>
>> !!! This is my first time debug MIPS32 kernel, I think both threadinfo
>> and task should be at KSEG0, instead of KSEG2 or USEG
> don't print pointers with %p they will be garbled for security reasons.
>
> see Documentation/core-api/printk-formats.rst
>
> "A raw pointer value may be printed with %p which will hash the address
> before printing."
>
>> [ 41.233877] Index: 27 pgmask=4kb va=77e22000 asid=5c
>> [ 41.233877] [pa=06a17000 c=3 d=0 v=0 g=0] [pa=2017a000 c=0 d=0 v=0
>> g=0]
>>
>> !!! TLB entry is loading a SWAP entry(C=0, pa=swap) at BADV, the pte_buddy point to a valid
>> PFN(C=3, pa seem ok), but it is impossible, since line 116 must flush the tlb and
>> replaced swap entry with new page
>>
>> Am I missing something?
> not sure, if I'm on the right track, but with the _PAGE_VALID bit set in
> the new pte local_r4k_flush_cache_page() will do
>
> if ((mm == current->active_mm) && (pte_val(*ptep) & _PAGE_VALID))
> vaddr = NULL;
>
>
> and then
>
> vaddr ? r4k_blast_dcache_page(addr) :
> r4k_blast_dcache_user_page(addr);
>
> flush the address directly instead with r4k_blast_dcache_user_page().
> But the TLB will be updated after the cache flush (which is correct IMHO).
> So setting the VALID bit too early destroys the logic of flushing
> cache aliases. Do you agree ?


I think it is indeed the problem here.

After I tried to drop the _PAGE_VALID mark in the PVA (change it to
"#define PVA(p) PM(_PAGE_ACCESSED | (p))"), the kernel no longer panic.


Thanks and best regards!


>
> Thomas.
>