From: Ryan Roberts <ryan.roberts(a)arm.com>
mainline inclusion
from mainline-v6.5-rc1
commit 3b65f437d9e8dd696a2b88e7afcd51385532ab35
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/IAQT9Q
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?…
--------------------------------
The loser of a race to service a pte for a device private entry in the
swap path previously unlocked the ptl, but failed to unmap the pte. This
only affects highmem systems since unmapping a pte is a noop on
non-highmem systems.
Link: https://lkml.kernel.org/r/20230602092949.545577-5-ryan.roberts@arm.com
Fixes: 16ce101db85d ("mm/memory.c: fix race when faulting a device private page")
Signed-off-by: Ryan Roberts <ryan.roberts(a)arm.com>
Reviewed-by: Zi Yan <ziy(a)nvidia.com>
Reviewed-by: Mike Rapoport (IBM) <rppt(a)kernel.org>
Cc: Christoph Hellwig <hch(a)lst.de>
Cc: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com>
Cc: Lorenzo Stoakes <lstoakes(a)gmail.com>
Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org>
Cc: SeongJae Park <sj(a)kernel.org>
Cc: Uladzislau Rezki (Sony) <urezki(a)gmail.com>
Cc: Yu Zhao <yuzhao(a)google.com>
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
Signed-off-by: Ma Wupeng <mawupeng1(a)huawei.com>
---
mm/memory.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/mm/memory.c b/mm/memory.c
index 0c4da925e8ad..af9cb48630bd 100644
--- a/mm/memory.c
+++ b/mm/memory.c
@@ -3424,10 +3424,8 @@ vm_fault_t do_swap_page(struct vm_fault *vmf)
vmf->page = device_private_entry_to_page(entry);
vmf->pte = pte_offset_map_lock(vma->vm_mm, vmf->pmd,
vmf->address, &vmf->ptl);
- if (unlikely(!pte_same(*vmf->pte, vmf->orig_pte))) {
- spin_unlock(vmf->ptl);
- goto out;
- }
+ if (unlikely(!pte_same(*vmf->pte, vmf->orig_pte)))
+ goto unlock;
/*
* Get a page reference while we know the page can't be
--
2.25.1
From: Peter Xu <peterx(a)redhat.com>
mainline inclusion
from mainline-v6.5-rc1
commit 349d1670008d3dab99a11b015bef51ad3f26fb4f
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/IAQT9Q
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?…
--------------------------------
Huge pmd sharing operates on PUD not PMD, huge_pte_lock() is not suitable
in this case because it should only work for last level pte changes, while
pmd sharing is always one level higher.
Meanwhile, here we're locking over the spte pgtable lock which is even not
a lock for current mm but someone else's.
It seems even racy on operating on the lock, as after put_page() of the
spte pgtable page logically the page can be released, so at least the
spin_unlock() needs to be done after the put_page().
No report I am aware, I'm not even sure whether it'll just work on taking
the spte pmd lock, because while we're holding i_mmap read lock it probably
means the vma interval tree is frozen, all pte allocators over this pud
entry could always find the specific svma and spte page, so maybe they'll
serialize on this spte page lock? Even so, doesn't seem to be expected.
It just seems to be an accident of cb900f412154.
Fix it with the proper pud lock (which is the mm's page_table_lock).
Link: https://lkml.kernel.org/r/20230612160420.809818-1-peterx@redhat.com
Fixes: cb900f412154 ("mm, hugetlb: convert hugetlbfs to use split pmd lock")
Signed-off-by: Peter Xu <peterx(a)redhat.com>
Reviewed-by: Mike Kravetz <mike.kravetz(a)oracle.com>
Cc: Naoya Horiguchi <naoya.horiguchi(a)nec.com>
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
Signed-off-by: Ma Wupeng <mawupeng1(a)huawei.com>
---
mm/hugetlb.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/mm/hugetlb.c b/mm/hugetlb.c
index e3746bcfc827..54e2eefdf0b4 100644
--- a/mm/hugetlb.c
+++ b/mm/hugetlb.c
@@ -5907,7 +5907,6 @@ pte_t *huge_pmd_share(struct mm_struct *mm, unsigned long addr, pud_t *pud)
unsigned long saddr;
pte_t *spte = NULL;
pte_t *pte;
- spinlock_t *ptl;
if (!vma_shareable(vma, addr))
return (pte_t *)pmd_alloc(mm, pud, addr);
@@ -5931,7 +5930,7 @@ pte_t *huge_pmd_share(struct mm_struct *mm, unsigned long addr, pud_t *pud)
if (!spte)
goto out;
- ptl = huge_pte_lock(hstate_vma(vma), mm, spte);
+ spin_lock(&mm->page_table_lock);
if (pud_none(*pud)) {
pud_populate(mm, pud,
(pmd_t *)((unsigned long)spte & PAGE_MASK));
@@ -5939,7 +5938,7 @@ pte_t *huge_pmd_share(struct mm_struct *mm, unsigned long addr, pud_t *pud)
} else {
put_page(virt_to_page(spte));
}
- spin_unlock(ptl);
+ spin_unlock(&mm->page_table_lock);
out:
pte = (pte_t *)pmd_alloc(mm, pud, addr);
return pte;
--
2.25.1
Hi chenjiajun,
FYI, the error/warning still remains.
tree: https://gitee.com/openeuler/kernel.git openEuler-1.0-LTS
head: c46f803e3465bd0ca66716804a4d3e20f586ac0d
commit: b94fc31d4e16ff65dc2141f0a1a3af6a3aac5bb2 [14594/23707] kvm: debugfs: aarch64 export cpu time related items to debugfs
config: arm64-randconfig-004-20240913 (https://download.01.org/0day-ci/archive/20240914/202409140415.hpdzSPWA-lkp@…)
compiler: aarch64-linux-gcc (GCC) 14.1.0
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20240914/202409140415.hpdzSPWA-lkp@…)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp(a)intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202409140415.hpdzSPWA-lkp@intel.com/
All errors (new ones prefixed by >>):
arch/arm64/kvm/../../../virt/kvm/arm/arm.c: In function 'update_steal_time':
>> arch/arm64/kvm/../../../virt/kvm/arm/arm.c:411:36: error: 'struct sched_info' has no member named 'run_delay'
411 | delta = current->sched_info.run_delay - vcpu->stat.steal;
| ^
arch/arm64/kvm/../../../virt/kvm/arm/arm.c:412:47: error: 'struct sched_info' has no member named 'run_delay'
412 | vcpu->stat.steal = current->sched_info.run_delay;
| ^
vim +411 arch/arm64/kvm/../../../virt/kvm/arm/arm.c
406
407 static void update_steal_time(struct kvm_vcpu *vcpu)
408 {
409 u64 delta;
410
> 411 delta = current->sched_info.run_delay - vcpu->stat.steal;
412 vcpu->stat.steal = current->sched_info.run_delay;
413 vcpu->stat.st_max = max(vcpu->stat.st_max, delta);
414 }
415
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
tree: https://gitee.com/openeuler/kernel.git OLK-5.10
head: 5a1d9701155c6908c76c68951170f10279685143
commit: 9878268b0b9f6144b3bf066fa54124ce9c401072 [27796/30000] mm/mem_sampling.c: Add controlling interface for mem_sampling
config: arm64-randconfig-001-20240914 (https://download.01.org/0day-ci/archive/20240914/202409140253.h1BCVyaA-lkp@…)
compiler: aarch64-linux-gcc (GCC) 14.1.0
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20240914/202409140253.h1BCVyaA-lkp@…)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp(a)intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202409140253.h1BCVyaA-lkp@intel.com/
All errors (new ones prefixed by >>):
>> mm/mem_sampling.c:164:35: error: 'sysctl_mem_sampling_enable' undeclared here (not in a function); did you mean 'sysctl_mem_sampling_mode'?
164 | .proc_handler = sysctl_mem_sampling_enable,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~
| sysctl_mem_sampling_mode
vim +164 mm/mem_sampling.c
157
158 static struct ctl_table ctl_table[] = {
159 {
160 .procname = "mem_sampling_enable",
161 .data = NULL, /* filled in by handler */
162 .maxlen = sizeof(unsigned int),
163 .mode = 0644,
> 164 .proc_handler = sysctl_mem_sampling_enable,
165 .extra1 = SYSCTL_ZERO,
166 .extra2 = SYSCTL_ONE,
167 },
168 {}
169 };
170
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki