[PATCH OLK-6.6 0/3] LoongArch: Fix bugs in early_numa_add_cpu/huge_pte_offset/__alloc_pages_slowpath

Hongchen Zhang

13 Jun 2025 13 Jun '25

9:50 a.m.

Huacai Chen (1): LoongArch: Fix early_numa_add_cpu() usage for FDT systems Tianyang Zhang (2): mm/page_alloc.c: avoid infinite retries caused by cpuset race LoongArch: Fix panic caused by NULL-PMD in huge_pte_offset() arch/loongarch/kernel/smp.c | 2 +- arch/loongarch/mm/hugetlbpage.c | 3 ++- mm/page_alloc.c | 8 ++++++++ 3 files changed, 11 insertions(+), 2 deletions(-) -- 2.33.0

Show replies by date

Hongchen Zhang

13 Jun 13 Jun

9:50 a.m.

New subject: [PATCH OLK-6.6 1/3] LoongArch: Fix early_numa_add_cpu() usage for FDT systems

From: Huacai Chen <chenhuacai@loongson.cn> stable inclusion from stable-v6.6.63 commit f04125eb9eb594e35e5fad85933c5dab76d61e42 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/ICB2S5 CVE: NA Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=... -------------------------------- early_numa_add_cpu() applies on physical CPU id rather than logical CPU id, so use cpuid instead of cpu. Change-Id: Iffd70d23cfe49d580db7b0b3890b1f0a95bd822e Cc: stable@vger.kernel.org Fixes: ae9e39a2fbf5 ("LoongArch: Add all CPUs enabled by fdt to NUMA node 0") Signed-off-by: Huacai Chen <chenhuacai@loongson.cn> Signed-off-by: Juxin Gao <gaojuxin@loongson.cn> Signed-off-by: Hongchen Zhang <zhanghongchen@loongson.cn> --- arch/loongarch/kernel/smp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/loongarch/kernel/smp.c b/arch/loongarch/kernel/smp.c index 78bdf81a09c5..9cdcca99467d 100644 --- a/arch/loongarch/kernel/smp.c +++ b/arch/loongarch/kernel/smp.c @@ -338,7 +338,7 @@ static void __init fdt_smp_setup(void) __cpu_number_map[cpuid] = cpu; __cpu_logical_map[cpu] = cpuid; - early_numa_add_cpu(cpu, 0); + early_numa_add_cpu(cpuid, 0); set_cpuid_to_node(cpuid, 0); } -- 2.33.0

Hongchen Zhang

9:50 a.m.

New subject: [PATCH OLK-6.6 2/3] mm/page_alloc.c: avoid infinite retries caused by cpuset race

From: Tianyang Zhang <zhangtianyang@loongson.cn> mainline inclusion from mainline-v6.15 commit e05741fb10c38d70bbd7ec12b23c197b6355d519 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/ICB2S5 CVE: NA Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i... -------------------------------- __alloc_pages_slowpath has no change detection for ac->nodemask in the part of retry path, while cpuset can modify it in parallel. For some processes that set mempolicy as MPOL_BIND, this results ac->nodemask changes, and then the should_reclaim_retry will judge based on the latest nodemask and jump to retry, while the get_page_from_freelist only traverses the zonelist from ac->preferred_zoneref, which selected by a expired nodemask and may cause infinite retries in some cases cpu 64: __alloc_pages_slowpath { /* ..... */ retry: /* ac->nodemask = 0x1, ac->preferred->zone->nid = 1 */ if (alloc_flags & ALLOC_KSWAPD) wake_all_kswapds(order, gfp_mask, ac); /* cpu 1: cpuset_write_resmask update_nodemask update_nodemasks_hier update_tasks_nodemask mpol_rebind_task mpol_rebind_policy mpol_rebind_nodemask // mempolicy->nodes has been modified, // which ac->nodemask point to */ /* ac->nodemask = 0x3, ac->preferred->zone->nid = 1 */ if (should_reclaim_retry(gfp_mask, order, ac, alloc_flags, did_some_progress > 0, &no_progress_loops)) goto retry; } Simultaneously starting multiple cpuset01 from LTP can quickly reproduce this issue on a multi node server when the maximum memory pressure is reached and the swap is enabled Link: https://lkml.kernel.org/r/20250416082405.20988-1-zhangtianyang@loongson.cn Fixes: c33d6c06f60f ("mm, page_alloc: avoid looking up the first zone in a zonelist twice") Signed-off-by: Tianyang Zhang <zhangtianyang@loongson.cn> Reviewed-by: Suren Baghdasaryan <surenb@google.com> Reviewed-by: Vlastimil Babka <vbabka@suse.cz> Cc: Michal Hocko <mhocko@suse.com> Cc: Brendan Jackman <jackmanb@google.com> Cc: Johannes Weiner <hannes@cmpxchg.org> Cc: Zi Yan <ziy@nvidia.com> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Hongchen Zhang <zhanghongchen@loongson.cn> --- mm/page_alloc.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/mm/page_alloc.c b/mm/page_alloc.c index 29b03083969e..1383b3166109 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c @@ -4284,6 +4284,14 @@ __alloc_pages_slowpath(gfp_t gfp_mask, unsigned int order, } retry: + /* + * Deal with possible cpuset update races or zonelist updates to avoid + * infinite retries. + */ + if (check_retry_cpuset(cpuset_mems_cookie, ac) || + check_retry_zonelist(zonelist_iter_cookie)) + goto restart; + /* Ensure kswapd doesn't accidentally go to sleep as long as we loop */ if (alloc_flags & ALLOC_KSWAPD) wake_all_kswapds(order, gfp_mask, ac); -- 2.33.0

Hongchen Zhang

9:50 a.m.

New subject: [PATCH OLK-6.6 3/3] LoongArch: Fix panic caused by NULL-PMD in huge_pte_offset()

From: Tianyang Zhang <zhangtianyang@loongson.cn> mainline inclusion from mainline-v6.16-rc1 commit ee084fa96123ede8b0563a1b5a9b23adc43cd50d category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/ICB2S5 CVE: NA Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i... -------------------------------- ERROR INFO: CPU 25 Unable to handle kernel paging request at virtual address 0x0 ... Call Trace: [<900000000023c30c>] huge_pte_offset+0x3c/0x58 [<900000000057fd4c>] hugetlb_follow_page_mask+0x74/0x438 [<900000000051fee8>] __get_user_pages+0xe0/0x4c8 [<9000000000522414>] faultin_page_range+0x84/0x380 [<9000000000564e8c>] madvise_vma_behavior+0x534/0xa48 [<900000000056689c>] do_madvise+0x1bc/0x3e8 [<9000000000566df4>] sys_madvise+0x24/0x38 [<90000000015b9e88>] do_syscall+0x78/0x98 [<9000000000221f18>] handle_syscall+0xb8/0x158 In some cases, pmd may be NULL and rely on NULL as the return value for processing, so it is necessary to determine this situation here. Cc: stable@vger.kernel.org Fixes: bd51834d1cf6 ("LoongArch: Return NULL from huge_pte_offset() for invalid PMD") Signed-off-by: Tianyang Zhang <zhangtianyang@loongson.cn> Signed-off-by: Huacai Chen <chenhuacai@loongson.cn> Signed-off-by: Hongchen Zhang <zhanghongchen@loongson.cn> --- arch/loongarch/mm/hugetlbpage.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/loongarch/mm/hugetlbpage.c b/arch/loongarch/mm/hugetlbpage.c index aca52c42e94e..fb09fb70661e 100644 --- a/arch/loongarch/mm/hugetlbpage.c +++ b/arch/loongarch/mm/hugetlbpage.c @@ -47,7 +47,8 @@ pte_t *huge_pte_offset(struct mm_struct *mm, unsigned long addr, pmd = pmd_offset(pud, addr); } } - return pmd_none(pmdp_get(pmd)) ? NULL : (pte_t *) pmd; + + return (!pmd || pmd_none(pmdp_get(pmd))) ? NULL : (pte_t *) pmd; } int pmd_huge(pmd_t pmd) -- 2.33.0

patchwork bot

9:55 a.m.

反馈：您发送到kernel@openeuler.org的补丁/补丁集，已成功转换为PR！ PR链接地址： https://gitee.com/openeuler/kernel/pulls/16697 邮件列表地址：https://mailweb.openeuler.org/archives/list/kernel@openeuler.org/message/6MP... FeedBack: The patch(es) which you have sent to kernel@openeuler.org mailing list has been converted to a pull request successfully! Pull request link: https://gitee.com/openeuler/kernel/pulls/16697 Mailing list address: https://mailweb.openeuler.org/archives/list/kernel@openeuler.org/message/6MP...

Age (days ago)

Last active (days ago)

List overview

4 comments

2 participants

participants (2)

Hongchen Zhang
patchwork bot