Received: by 2002:a05:6a10:f3d0:0:0:0:0 with SMTP id a16csp659446pxv; Fri, 9 Jul 2021 06:22:15 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxI/oNpY8/wE1/uhvT2nIdEZaNj4vYoOAvKJZvmqTko0U0FNJkwZAj+7NVKgwhMMtCrhwEn X-Received: by 2002:a92:c263:: with SMTP id h3mr27587528ild.250.1625836935749; Fri, 09 Jul 2021 06:22:15 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1625836935; cv=none; d=google.com; s=arc-20160816; b=Zqcl+CgnbxIKF4ifUQMv4W82ycs9/bNUEx4utEgApRjha4QCP1lGlxzGoXM6NGx3bt nBVOfgTybIZWbqSuKaiXcKOayd1SpQEHL9JrJXuUfCp1DpcDri8q1/51DmZ88vke+YIO Kdku1e3Ds3lOY271tNsRtROx3EioQGViEMOibSUb1r0kP7j/HMwfvILxkcBqC0wYV4h5 L6jQD2UBndnNf7sdpH2Bs9W49wC58gswTfrGflbOXXI+KGfCYEM+zJemncVJ2X3cOjsM 0XwLri63g6J9gStt/orEvtaTLqwbAPDKpVMRAJiJyjjGf70TdwUJ1D7IUFV4dlPeFsGP AINA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=OGT+JOaY3NBL8pBbLrRBOp0iYzj40LFXNm9AaQiykAk=; b=G1XwOCJzbnC3ozshKFcbeyhkTBf2rjwgVeW/1/A2OYACCVad7yIFGPIhYpFYLXNI/C oORZTA86uuhh0pU5edBBAGlI0MBL3pg/LiZ/9ak1wZqEkwP5bhIQpp5R1D8ceIYPmvg+ V3CvVY3LktBBv4N0Qify6cAGbqQ6ElZFStirHesHUjUSuCzUu9Y29SP7kU5HJU5fVbK6 DJCim47AQ1Tp9fux7ozxFQlwOd8MFLxnlXjCbEFfHU/RQmTUNZL25BN0tGm54FXGFKik RQFWKHqFw7er+ud7L2O/9oUkZhTIdOFVEId+r0MA8Nu/S3krsN4I6rzbQgw6hVf4dGot i4xg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=a9ufzPGx; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id l7si7367263iow.4.2021.07.09.06.22.02; Fri, 09 Jul 2021 06:22:15 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=a9ufzPGx; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232324AbhGINWf (ORCPT + 99 others); Fri, 9 Jul 2021 09:22:35 -0400 Received: from mail.kernel.org ([198.145.29.99]:53062 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232315AbhGINW0 (ORCPT ); Fri, 9 Jul 2021 09:22:26 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 20562613C2; Fri, 9 Jul 2021 13:19:43 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1625836783; bh=VBmKMTKnwdMOBJDPdws1TJMe2syF5pymb/KZ2lad4ZI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=a9ufzPGxBBTQNl5OcDZZBouKDrKhJmdG3cRk/NXLMUdYcIQXXKjb08QFs9SI8w3UG gQg245Z3MPYldA4T+AbXNE3djU35REbs1jg4BuhHozyVyRAbhkhTcoO1CyXlOXqoTP 6l9uqQ1fJgo2rznx30NzAunTnRV9GpQOJH7dPm/Y= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Hugh Dickins , "Kirill A. Shutemov" , Alistair Popple , Matthew Wilcox , Peter Xu , Ralph Campbell , Wang Yugui , Will Deacon , Yang Shi , Zi Yan , Andrew Morton , Linus Torvalds , Sasha Levin Subject: [PATCH 4.14 17/25] mm/thp: fix page_vma_mapped_walk() if THP mapped by ptes Date: Fri, 9 Jul 2021 15:18:48 +0200 Message-Id: <20210709131638.277211451@linuxfoundation.org> X-Mailer: git-send-email 2.32.0 In-Reply-To: <20210709131627.928131764@linuxfoundation.org> References: <20210709131627.928131764@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Hugh Dickins [ Upstream commit a9a7504d9beaf395481faa91e70e2fd08f7a3dde ] Running certain tests with a DEBUG_VM kernel would crash within hours, on the total_mapcount BUG() in split_huge_page_to_list(), while trying to free up some memory by punching a hole in a shmem huge page: split's try_to_unmap() was unable to find all the mappings of the page (which, on a !DEBUG_VM kernel, would then keep the huge page pinned in memory). Crash dumps showed two tail pages of a shmem huge page remained mapped by pte: ptes in a non-huge-aligned vma of a gVisor process, at the end of a long unmapped range; and no page table had yet been allocated for the head of the huge page to be mapped into. Although designed to handle these odd misaligned huge-page-mapped-by-pte cases, page_vma_mapped_walk() falls short by returning false prematurely when !pmd_present or !pud_present or !p4d_present or !pgd_present: there are cases when a huge page may span the boundary, with ptes present in the next. Restructure page_vma_mapped_walk() as a loop to continue in these cases, while keeping its layout much as before. Add a step_forward() helper to advance pvmw->address across those boundaries: originally I tried to use mm's standard p?d_addr_end() macros, but hit the same crash 512 times less often: because of the way redundant levels are folded together, but folded differently in different configurations, it was just too difficult to use them correctly; and step_forward() is simpler anyway. Link: https://lkml.kernel.org/r/fedb8632-1798-de42-f39e-873551d5bc81@google.com Fixes: ace71a19cec5 ("mm: introduce page_vma_mapped_walk()") Signed-off-by: Hugh Dickins Acked-by: Kirill A. Shutemov Cc: Alistair Popple Cc: Matthew Wilcox Cc: Peter Xu Cc: Ralph Campbell Cc: Wang Yugui Cc: Will Deacon Cc: Yang Shi Cc: Zi Yan Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Sasha Levin --- mm/page_vma_mapped.c | 34 +++++++++++++++++++++++++--------- 1 file changed, 25 insertions(+), 9 deletions(-) diff --git a/mm/page_vma_mapped.c b/mm/page_vma_mapped.c index 96d4c4738590..16adeef76d00 100644 --- a/mm/page_vma_mapped.c +++ b/mm/page_vma_mapped.c @@ -110,6 +110,13 @@ static bool check_pte(struct page_vma_mapped_walk *pvmw) return true; } +static void step_forward(struct page_vma_mapped_walk *pvmw, unsigned long size) +{ + pvmw->address = (pvmw->address + size) & ~(size - 1); + if (!pvmw->address) + pvmw->address = ULONG_MAX; +} + /** * page_vma_mapped_walk - check if @pvmw->page is mapped in @pvmw->vma at * @pvmw->address @@ -178,16 +185,22 @@ bool page_vma_mapped_walk(struct page_vma_mapped_walk *pvmw) if (pvmw->pte) goto next_pte; restart: - { + do { pgd = pgd_offset(mm, pvmw->address); - if (!pgd_present(*pgd)) - return false; + if (!pgd_present(*pgd)) { + step_forward(pvmw, PGDIR_SIZE); + continue; + } p4d = p4d_offset(pgd, pvmw->address); - if (!p4d_present(*p4d)) - return false; + if (!p4d_present(*p4d)) { + step_forward(pvmw, P4D_SIZE); + continue; + } pud = pud_offset(p4d, pvmw->address); - if (!pud_present(*pud)) - return false; + if (!pud_present(*pud)) { + step_forward(pvmw, PUD_SIZE); + continue; + } pvmw->pmd = pmd_offset(pud, pvmw->address); /* @@ -234,7 +247,8 @@ bool page_vma_mapped_walk(struct page_vma_mapped_walk *pvmw) spin_unlock(ptl); } - return false; + step_forward(pvmw, PMD_SIZE); + continue; } if (!map_pte(pvmw)) goto next_pte; @@ -264,7 +278,9 @@ bool page_vma_mapped_walk(struct page_vma_mapped_walk *pvmw) spin_lock(pvmw->ptl); } goto this_pte; - } + } while (pvmw->address < end); + + return false; } /** -- 2.30.2