Received: by 2002:a05:6602:2086:0:0:0:0 with SMTP id a6csp3670292ioa; Tue, 26 Apr 2022 07:56:57 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzQEELJI8p+inrhrswd5JCOIy4BwUZiR1sbsBLFWxQcJsX17yiCk32r6iDn7DkcpTyMoxYD X-Received: by 2002:aa7:da4a:0:b0:425:d676:9684 with SMTP id w10-20020aa7da4a000000b00425d6769684mr16321094eds.248.1650985017004; Tue, 26 Apr 2022 07:56:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1650985016; cv=none; d=google.com; s=arc-20160816; b=KKNQXpjDceFGnd+ylpg/WFJ0IyS9JZ9PEmdvIEvB60WM6j4qYwBjJc/IHiB6r5Zwd+ IltMXkJ+z/OJOaNLOJGEdgaC3GLQ2nAQaYoNqxF8OYE/+R1jILcGEyhB0VGdK8uc5/+k HqoM8zQNhfK99vvKlEYIybALr1bbEsSCnKJalsBHc+G/m8PmdUWXEF78UevgjfxgjkI9 ikCKBGXTZZRbZ8WBNn6ohjWiQITEAmc/jKb0IutGO4VEpLPugMFhGsq/rV7CvLLhoi3p o2n650x7heNNVfWZSYP0pJw0CyvXQ9bw5xAvTLAIV5Ck4+M8Q5Zm+YQR2pog46GjAKHS NjAg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=swYaveFvNrhRJWRPTIe7s9ujTA8qdFohIDPNnHvleuY=; b=Ch246HI68UVDw5c5tX0xZB3zY4qmFuTSO8InYqF4fpj6KBCWqeg0MU1BlWVfdBHl/V W7T0SRa6AzB7FgsPslBolloKHBS2rewci1nJ9sN7JAn4h/Ra9a8KX2pdnmBW5iBtSD6n aqpci+NPnguNGUnlxjFd2Uh8JepLJxZyK9nShURK6YRw1HkqVB85U542/zTecgZrASXQ aD06uS+qLIe6j4ggesiEe/9Wdoz4MnE/09lGkdpn32xx9YWCVzux0xPKApgdyVaDV2R6 Cjvt7rbuvQBmWTQlroOoIWd9ubV0E5sRSI1mwmsir5ofgXIbgQoPy0bbJfhhk7SK4ajH UYLA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=OgDoFogp; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id q4-20020a170906144400b006df76385ee2si15022335ejc.898.2022.04.26.07.56.33; Tue, 26 Apr 2022 07:56:56 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=OgDoFogp; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S242873AbiDZJVy (ORCPT + 99 others); Tue, 26 Apr 2022 05:21:54 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45584 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345657AbiDZI5m (ORCPT ); Tue, 26 Apr 2022 04:57:42 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4B8C96470; Tue, 26 Apr 2022 01:42:15 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id ED5A1B81CF2; Tue, 26 Apr 2022 08:42:13 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 1B9E2C385AC; Tue, 26 Apr 2022 08:42:12 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1650962532; bh=5nPtu9t92kGsW9AlcmC024WwTYkzekGbB+m4q4NzhtU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=OgDoFogpq3wfH0hkFsiHvaNBbpDvodqOG8sr20ToeEmb7yxnmfvsJSXwilmM1bWze Ya8ytkRmRBpvB838foJTkBqHmsNRHV8lj6PLdQZ8QmB7AjKv0Cq6YR4yzys9aih5lb 2UMA90VNOUBkC5IXzYr6XIlCm7hsrxj8JvEQniVM= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Xu Yu , Abaci , Naoya Horiguchi , Miaohe Lin , Anshuman Khandual , Oscar Salvador , Andrew Morton , Linus Torvalds Subject: [PATCH 5.15 078/124] mm/memory-failure.c: skip huge_zero_page in memory_failure() Date: Tue, 26 Apr 2022 10:21:19 +0200 Message-Id: <20220426081749.517957403@linuxfoundation.org> X-Mailer: git-send-email 2.36.0 In-Reply-To: <20220426081747.286685339@linuxfoundation.org> References: <20220426081747.286685339@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-7.7 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Xu Yu commit d173d5417fb67411e623d394aab986d847e47dad upstream. Kernel panic when injecting memory_failure for the global huge_zero_page, when CONFIG_DEBUG_VM is enabled, as follows. Injecting memory failure for pfn 0x109ff9 at process virtual address 0x20ff9000 page:00000000fb053fc3 refcount:2 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109e00 head:00000000fb053fc3 order:9 compound_mapcount:0 compound_pincount:0 flags: 0x17fffc000010001(locked|head|node=0|zone=2|lastcpupid=0x1ffff) raw: 017fffc000010001 0000000000000000 dead000000000122 0000000000000000 raw: 0000000000000000 0000000000000000 00000002ffffffff 0000000000000000 page dumped because: VM_BUG_ON_PAGE(is_huge_zero_page(head)) ------------[ cut here ]------------ kernel BUG at mm/huge_memory.c:2499! invalid opcode: 0000 [#1] PREEMPT SMP PTI CPU: 6 PID: 553 Comm: split_bug Not tainted 5.18.0-rc1+ #11 Hardware name: Alibaba Cloud Alibaba Cloud ECS, BIOS 3288b3c 04/01/2014 RIP: 0010:split_huge_page_to_list+0x66a/0x880 Code: 84 9b fb ff ff 48 8b 7c 24 08 31 f6 e8 9f 5d 2a 00 b8 b8 02 00 00 e9 e8 fb ff ff 48 c7 c6 e8 47 3c 82 4c b RSP: 0018:ffffc90000dcbdf8 EFLAGS: 00010246 RAX: 000000000000003c RBX: 0000000000000001 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff823e4c4f RDI: 00000000ffffffff RBP: ffff88843fffdb40 R08: 0000000000000000 R09: 00000000fffeffff R10: ffffc90000dcbc48 R11: ffffffff82d68448 R12: ffffea0004278000 R13: ffffffff823c6203 R14: 0000000000109ff9 R15: ffffea000427fe40 FS: 00007fc375a26740(0000) GS:ffff88842fd80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fc3757c9290 CR3: 0000000102174006 CR4: 00000000003706e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: try_to_split_thp_page+0x3a/0x130 memory_failure+0x128/0x800 madvise_inject_error.cold+0x8b/0xa1 __x64_sys_madvise+0x54/0x60 do_syscall_64+0x35/0x80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fc3754f8bf9 Code: 01 00 48 81 c4 80 00 00 00 e9 f1 fe ff ff 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 8 RSP: 002b:00007ffeda93a1d8 EFLAGS: 00000217 ORIG_RAX: 000000000000001c RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc3754f8bf9 RDX: 0000000000000064 RSI: 0000000000003000 RDI: 0000000020ff9000 RBP: 00007ffeda93a200 R08: 0000000000000000 R09: 0000000000000000 R10: 00000000ffffffff R11: 0000000000000217 R12: 0000000000400490 R13: 00007ffeda93a2e0 R14: 0000000000000000 R15: 0000000000000000 This makes huge_zero_page bail out explicitly before split in memory_failure(), thus the panic above won't happen again. Link: https://lkml.kernel.org/r/497d3835612610e370c74e697ea3c721d1d55b9c.1649775850.git.xuyu@linux.alibaba.com Fixes: 6a46079cf57a ("HWPOISON: The high level memory error handler in the VM v7") Signed-off-by: Xu Yu Reported-by: Abaci Suggested-by: Naoya Horiguchi Acked-by: Naoya Horiguchi Reviewed-by: Miaohe Lin Cc: Anshuman Khandual Cc: Oscar Salvador Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman --- mm/memory-failure.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) --- a/mm/memory-failure.c +++ b/mm/memory-failure.c @@ -1690,6 +1690,19 @@ try_again: if (PageTransHuge(hpage)) { /* + * Bail out before SetPageHasHWPoisoned() if hpage is + * huge_zero_page, although PG_has_hwpoisoned is not + * checked in set_huge_zero_page(). + * + * TODO: Handle memory failure of huge_zero_page thoroughly. + */ + if (is_huge_zero_page(hpage)) { + action_result(pfn, MF_MSG_UNSPLIT_THP, MF_IGNORED); + res = -EBUSY; + goto unlock_mutex; + } + + /* * The flag must be set after the refcount is bumped * otherwise it may race with THP split. * And the flag can't be set in get_hwpoison_page() since