From: Gerald Schaefer <gerald.schaefer@linux.ibm.com>
To: Anshuman Khandual <anshuman.khandual@arm.com>
Cc: "linux-s390@vger.kernel.org" <linux-s390@vger.kernel.org>,
"Aneesh Kumar K.V" <aneesh.kumar@linux.ibm.com>,
linux-mm@kvack.org, Vineet Gupta <vgupta@synopsys.com>,
mpe@ellerman.id.au, akpm@linux-foundation.org,
"linux-snps-arc@lists.infradead.org"
<linux-snps-arc@lists.infradead.org>,
linuxppc-dev@lists.ozlabs.org,
linux-riscv <linux-riscv@lists.infradead.org>,
Gerald Schaefer <gerald.schaefer@de.ibm.com>
Subject: Re: [PATCH v4 00/13] mm/debug_vm_pgtable fixes
Date: Fri, 4 Sep 2020 17:26:47 +0200 [thread overview]
Message-ID: <20200904172647.002113d3@thinkpad> (raw)
In-Reply-To: <bb0f3427-e2bd-f713-3ea8-d264be0e690b@arm.com>
On Fri, 4 Sep 2020 12:18:05 +0530
Anshuman Khandual <anshuman.khandual@arm.com> wrote:
>
>
> On 09/02/2020 05:12 PM, Aneesh Kumar K.V wrote:
> > This patch series includes fixes for debug_vm_pgtable test code so that
> > they follow page table updates rules correctly. The first two patches introduce
> > changes w.r.t ppc64. The patches are included in this series for completeness. We can
> > merge them via ppc64 tree if required.
> >
> > Hugetlb test is disabled on ppc64 because that needs larger change to satisfy
> > page table update rules.
> >
> > These tests are broken w.r.t page table update rules and results in kernel
> > crash as below.
> >
> > [ 21.083519] kernel BUG at arch/powerpc/mm/pgtable.c:304!
> > cpu 0x0: Vector: 700 (Program Check) at [c000000c6d1e76c0]
> > pc: c00000000009a5ec: assert_pte_locked+0x14c/0x380
> > lr: c0000000005eeeec: pte_update+0x11c/0x190
> > sp: c000000c6d1e7950
> > msr: 8000000002029033
> > current = 0xc000000c6d172c80
> > paca = 0xc000000003ba0000 irqmask: 0x03 irq_happened: 0x01
> > pid = 1, comm = swapper/0
> > kernel BUG at arch/powerpc/mm/pgtable.c:304!
> > [link register ] c0000000005eeeec pte_update+0x11c/0x190
> > [c000000c6d1e7950] 0000000000000001 (unreliable)
> > [c000000c6d1e79b0] c0000000005eee14 pte_update+0x44/0x190
> > [c000000c6d1e7a10] c000000001a2ca9c pte_advanced_tests+0x160/0x3d8
> > [c000000c6d1e7ab0] c000000001a2d4fc debug_vm_pgtable+0x7e8/0x1338
> > [c000000c6d1e7ba0] c0000000000116ec do_one_initcall+0xac/0x5f0
> > [c000000c6d1e7c80] c0000000019e4fac kernel_init_freeable+0x4dc/0x5a4
> > [c000000c6d1e7db0] c000000000012474 kernel_init+0x24/0x160
> > [c000000c6d1e7e20] c00000000000cbd0 ret_from_kernel_thread+0x5c/0x6c
> >
> > With DEBUG_VM disabled
> >
> > [ 20.530152] BUG: Kernel NULL pointer dereference on read at 0x00000000
> > [ 20.530183] Faulting instruction address: 0xc0000000000df330
> > cpu 0x33: Vector: 380 (Data SLB Access) at [c000000c6d19f700]
> > pc: c0000000000df330: memset+0x68/0x104
> > lr: c00000000009f6d8: hash__pmdp_huge_get_and_clear+0xe8/0x1b0
> > sp: c000000c6d19f990
> > msr: 8000000002009033
> > dar: 0
> > current = 0xc000000c6d177480
> > paca = 0xc00000001ec4f400 irqmask: 0x03 irq_happened: 0x01
> > pid = 1, comm = swapper/0
> > [link register ] c00000000009f6d8 hash__pmdp_huge_get_and_clear+0xe8/0x1b0
> > [c000000c6d19f990] c00000000009f748 hash__pmdp_huge_get_and_clear+0x158/0x1b0 (unreliable)
> > [c000000c6d19fa10] c0000000019ebf30 pmd_advanced_tests+0x1f0/0x378
> > [c000000c6d19fab0] c0000000019ed088 debug_vm_pgtable+0x79c/0x1244
> > [c000000c6d19fba0] c0000000000116ec do_one_initcall+0xac/0x5f0
> > [c000000c6d19fc80] c0000000019a4fac kernel_init_freeable+0x4dc/0x5a4
> > [c000000c6d19fdb0] c000000000012474 kernel_init+0x24/0x160
> > [c000000c6d19fe20] c00000000000cbd0 ret_from_kernel_thread+0x5c/0x6c
> >
> > Changes from v3:
> > * Address review feedback
> > * Move page table depost and withdraw patch after adding pmdlock to avoid bisect failure.
>
> This version
>
> - Builds on x86, arm64, s390, arc, powerpc and riscv (defconfig with DEBUG_VM_PGTABLE)
> - Runs on arm64 and x86 without any regression, atleast nothing that I have noticed
> - Will be great if this could get tested on s390, arc, riscv, ppc32 platforms as well
When I quickly tested v3, it worked fine, but now it turned out to
only work fine "sometimes", both v3 and v4. I need to look into it
further, but so far it seems related to the hugetlb_advanced_tests().
I guess there was already some discussion on this test, but we did
not receive all of the thread(s). Please always add at least
linux-s390@vger.kernel.org and maybe myself and Vasily Gorbik <gor@linux.ibm.com>
for further discussions.
That being said, sorry for duplications, this might already have been
discussed. Preliminary analysis showed that it only seems to go wrong
for certain random vaddr values. I cannot make any sense of that yet,
but what seems strange to me is that the hugetlb_advanced_tests()
take a (real) pte_t pointer as input, and also use that for all
kinds of operations (set_huge_pte_at, huge_ptep_get_and_clear, etc.).
Although all the hugetlb code in the kernel is (mis)using pte_t
pointers instead of the correct pmd/pud_t pointers like THP, that
is just for historic reasons. The pointers will actually never point
to a real pte_t (i.e. page table entry), but of course to a pmd
or pud entry, depending on hugepage size.
What is passed in as ptep to hugetlb_advanced_tests() seems to be
the result from the previous ptep = pte_alloc_map(mm, pmdp, vaddr),
so I would expect that it points to a real page table entry. Need
to investigate further, but IIUC, using such a pointer for adding
large pte entries (i.e. pmd/pud entries) at least feels very wrong
to me, and I assume it is related to the issues we see on s390.
We actually see different issues, e.g. once a panic directly in
hugetlb_advanced_tests() -> huge_ptep_get_and_clear(), but also
indirect symptoms after debug_vm_pgtable() completes, like this:
[ 10.533901] BUG task_struct (Not tainted): Padding overwritten. 0x0000000019f798c7-0x0000000019f798c7 @offset=30087
Last but not least, what I said about the pte vs. pmd/pud of
course also should apply to the hugetlb_basic_tests(), although
they are not directly using a pte_t pointer, and especially
also not writing to it. Still, the pte_aligned pfn parameter
is not guaranteed to also be pmd/pud_aligned, which doesn't
feel right.
So, for now, until this is sorted out, I guess we also need
to exclude s390 at least from the hugetlb_advanced_tests().
The hugetlb_basic_tests() seem to work fine so far (probably
by chance :-))
_______________________________________________
linux-riscv mailing list
linux-riscv@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-riscv
WARNING: multiple messages have this Message-ID (diff)
From: Gerald Schaefer <gerald.schaefer@linux.ibm.com>
To: Anshuman Khandual <anshuman.khandual@arm.com>
Cc: "Aneesh Kumar K.V" <aneesh.kumar@linux.ibm.com>,
linux-mm@kvack.org, akpm@linux-foundation.org,
mpe@ellerman.id.au, linuxppc-dev@lists.ozlabs.org,
linux-riscv <linux-riscv@lists.infradead.org>,
"linux-snps-arc@lists.infradead.org"
<linux-snps-arc@lists.infradead.org>,
"linux-s390@vger.kernel.org" <linux-s390@vger.kernel.org>,
Gerald Schaefer <gerald.schaefer@de.ibm.com>,
Vineet Gupta <vgupta@synopsys.com>
Subject: Re: [PATCH v4 00/13] mm/debug_vm_pgtable fixes
Date: Fri, 4 Sep 2020 17:26:47 +0200 [thread overview]
Message-ID: <20200904172647.002113d3@thinkpad> (raw)
In-Reply-To: <bb0f3427-e2bd-f713-3ea8-d264be0e690b@arm.com>
On Fri, 4 Sep 2020 12:18:05 +0530
Anshuman Khandual <anshuman.khandual@arm.com> wrote:
>
>
> On 09/02/2020 05:12 PM, Aneesh Kumar K.V wrote:
> > This patch series includes fixes for debug_vm_pgtable test code so that
> > they follow page table updates rules correctly. The first two patches introduce
> > changes w.r.t ppc64. The patches are included in this series for completeness. We can
> > merge them via ppc64 tree if required.
> >
> > Hugetlb test is disabled on ppc64 because that needs larger change to satisfy
> > page table update rules.
> >
> > These tests are broken w.r.t page table update rules and results in kernel
> > crash as below.
> >
> > [ 21.083519] kernel BUG at arch/powerpc/mm/pgtable.c:304!
> > cpu 0x0: Vector: 700 (Program Check) at [c000000c6d1e76c0]
> > pc: c00000000009a5ec: assert_pte_locked+0x14c/0x380
> > lr: c0000000005eeeec: pte_update+0x11c/0x190
> > sp: c000000c6d1e7950
> > msr: 8000000002029033
> > current = 0xc000000c6d172c80
> > paca = 0xc000000003ba0000 irqmask: 0x03 irq_happened: 0x01
> > pid = 1, comm = swapper/0
> > kernel BUG at arch/powerpc/mm/pgtable.c:304!
> > [link register ] c0000000005eeeec pte_update+0x11c/0x190
> > [c000000c6d1e7950] 0000000000000001 (unreliable)
> > [c000000c6d1e79b0] c0000000005eee14 pte_update+0x44/0x190
> > [c000000c6d1e7a10] c000000001a2ca9c pte_advanced_tests+0x160/0x3d8
> > [c000000c6d1e7ab0] c000000001a2d4fc debug_vm_pgtable+0x7e8/0x1338
> > [c000000c6d1e7ba0] c0000000000116ec do_one_initcall+0xac/0x5f0
> > [c000000c6d1e7c80] c0000000019e4fac kernel_init_freeable+0x4dc/0x5a4
> > [c000000c6d1e7db0] c000000000012474 kernel_init+0x24/0x160
> > [c000000c6d1e7e20] c00000000000cbd0 ret_from_kernel_thread+0x5c/0x6c
> >
> > With DEBUG_VM disabled
> >
> > [ 20.530152] BUG: Kernel NULL pointer dereference on read at 0x00000000
> > [ 20.530183] Faulting instruction address: 0xc0000000000df330
> > cpu 0x33: Vector: 380 (Data SLB Access) at [c000000c6d19f700]
> > pc: c0000000000df330: memset+0x68/0x104
> > lr: c00000000009f6d8: hash__pmdp_huge_get_and_clear+0xe8/0x1b0
> > sp: c000000c6d19f990
> > msr: 8000000002009033
> > dar: 0
> > current = 0xc000000c6d177480
> > paca = 0xc00000001ec4f400 irqmask: 0x03 irq_happened: 0x01
> > pid = 1, comm = swapper/0
> > [link register ] c00000000009f6d8 hash__pmdp_huge_get_and_clear+0xe8/0x1b0
> > [c000000c6d19f990] c00000000009f748 hash__pmdp_huge_get_and_clear+0x158/0x1b0 (unreliable)
> > [c000000c6d19fa10] c0000000019ebf30 pmd_advanced_tests+0x1f0/0x378
> > [c000000c6d19fab0] c0000000019ed088 debug_vm_pgtable+0x79c/0x1244
> > [c000000c6d19fba0] c0000000000116ec do_one_initcall+0xac/0x5f0
> > [c000000c6d19fc80] c0000000019a4fac kernel_init_freeable+0x4dc/0x5a4
> > [c000000c6d19fdb0] c000000000012474 kernel_init+0x24/0x160
> > [c000000c6d19fe20] c00000000000cbd0 ret_from_kernel_thread+0x5c/0x6c
> >
> > Changes from v3:
> > * Address review feedback
> > * Move page table depost and withdraw patch after adding pmdlock to avoid bisect failure.
>
> This version
>
> - Builds on x86, arm64, s390, arc, powerpc and riscv (defconfig with DEBUG_VM_PGTABLE)
> - Runs on arm64 and x86 without any regression, atleast nothing that I have noticed
> - Will be great if this could get tested on s390, arc, riscv, ppc32 platforms as well
When I quickly tested v3, it worked fine, but now it turned out to
only work fine "sometimes", both v3 and v4. I need to look into it
further, but so far it seems related to the hugetlb_advanced_tests().
I guess there was already some discussion on this test, but we did
not receive all of the thread(s). Please always add at least
linux-s390@vger.kernel.org and maybe myself and Vasily Gorbik <gor@linux.ibm.com>
for further discussions.
That being said, sorry for duplications, this might already have been
discussed. Preliminary analysis showed that it only seems to go wrong
for certain random vaddr values. I cannot make any sense of that yet,
but what seems strange to me is that the hugetlb_advanced_tests()
take a (real) pte_t pointer as input, and also use that for all
kinds of operations (set_huge_pte_at, huge_ptep_get_and_clear, etc.).
Although all the hugetlb code in the kernel is (mis)using pte_t
pointers instead of the correct pmd/pud_t pointers like THP, that
is just for historic reasons. The pointers will actually never point
to a real pte_t (i.e. page table entry), but of course to a pmd
or pud entry, depending on hugepage size.
What is passed in as ptep to hugetlb_advanced_tests() seems to be
the result from the previous ptep = pte_alloc_map(mm, pmdp, vaddr),
so I would expect that it points to a real page table entry. Need
to investigate further, but IIUC, using such a pointer for adding
large pte entries (i.e. pmd/pud entries) at least feels very wrong
to me, and I assume it is related to the issues we see on s390.
We actually see different issues, e.g. once a panic directly in
hugetlb_advanced_tests() -> huge_ptep_get_and_clear(), but also
indirect symptoms after debug_vm_pgtable() completes, like this:
[ 10.533901] BUG task_struct (Not tainted): Padding overwritten. 0x0000000019f798c7-0x0000000019f798c7 @offset=30087
Last but not least, what I said about the pte vs. pmd/pud of
course also should apply to the hugetlb_basic_tests(), although
they are not directly using a pte_t pointer, and especially
also not writing to it. Still, the pte_aligned pfn parameter
is not guaranteed to also be pmd/pud_aligned, which doesn't
feel right.
So, for now, until this is sorted out, I guess we also need
to exclude s390 at least from the hugetlb_advanced_tests().
The hugetlb_basic_tests() seem to work fine so far (probably
by chance :-))
WARNING: multiple messages have this Message-ID (diff)
From: Gerald Schaefer <gerald.schaefer@linux.ibm.com>
To: Anshuman Khandual <anshuman.khandual@arm.com>
Cc: "linux-s390@vger.kernel.org" <linux-s390@vger.kernel.org>,
"Aneesh Kumar K.V" <aneesh.kumar@linux.ibm.com>,
linux-mm@kvack.org, Vineet Gupta <vgupta@synopsys.com>,
mpe@ellerman.id.au, akpm@linux-foundation.org,
"linux-snps-arc@lists.infradead.org"
<linux-snps-arc@lists.infradead.org>,
linuxppc-dev@lists.ozlabs.org,
linux-riscv <linux-riscv@lists.infradead.org>,
Gerald Schaefer <gerald.schaefer@de.ibm.com>
Subject: Re: [PATCH v4 00/13] mm/debug_vm_pgtable fixes
Date: Fri, 4 Sep 2020 17:26:47 +0200 [thread overview]
Message-ID: <20200904172647.002113d3@thinkpad> (raw)
In-Reply-To: <bb0f3427-e2bd-f713-3ea8-d264be0e690b@arm.com>
On Fri, 4 Sep 2020 12:18:05 +0530
Anshuman Khandual <anshuman.khandual@arm.com> wrote:
>
>
> On 09/02/2020 05:12 PM, Aneesh Kumar K.V wrote:
> > This patch series includes fixes for debug_vm_pgtable test code so that
> > they follow page table updates rules correctly. The first two patches introduce
> > changes w.r.t ppc64. The patches are included in this series for completeness. We can
> > merge them via ppc64 tree if required.
> >
> > Hugetlb test is disabled on ppc64 because that needs larger change to satisfy
> > page table update rules.
> >
> > These tests are broken w.r.t page table update rules and results in kernel
> > crash as below.
> >
> > [ 21.083519] kernel BUG at arch/powerpc/mm/pgtable.c:304!
> > cpu 0x0: Vector: 700 (Program Check) at [c000000c6d1e76c0]
> > pc: c00000000009a5ec: assert_pte_locked+0x14c/0x380
> > lr: c0000000005eeeec: pte_update+0x11c/0x190
> > sp: c000000c6d1e7950
> > msr: 8000000002029033
> > current = 0xc000000c6d172c80
> > paca = 0xc000000003ba0000 irqmask: 0x03 irq_happened: 0x01
> > pid = 1, comm = swapper/0
> > kernel BUG at arch/powerpc/mm/pgtable.c:304!
> > [link register ] c0000000005eeeec pte_update+0x11c/0x190
> > [c000000c6d1e7950] 0000000000000001 (unreliable)
> > [c000000c6d1e79b0] c0000000005eee14 pte_update+0x44/0x190
> > [c000000c6d1e7a10] c000000001a2ca9c pte_advanced_tests+0x160/0x3d8
> > [c000000c6d1e7ab0] c000000001a2d4fc debug_vm_pgtable+0x7e8/0x1338
> > [c000000c6d1e7ba0] c0000000000116ec do_one_initcall+0xac/0x5f0
> > [c000000c6d1e7c80] c0000000019e4fac kernel_init_freeable+0x4dc/0x5a4
> > [c000000c6d1e7db0] c000000000012474 kernel_init+0x24/0x160
> > [c000000c6d1e7e20] c00000000000cbd0 ret_from_kernel_thread+0x5c/0x6c
> >
> > With DEBUG_VM disabled
> >
> > [ 20.530152] BUG: Kernel NULL pointer dereference on read at 0x00000000
> > [ 20.530183] Faulting instruction address: 0xc0000000000df330
> > cpu 0x33: Vector: 380 (Data SLB Access) at [c000000c6d19f700]
> > pc: c0000000000df330: memset+0x68/0x104
> > lr: c00000000009f6d8: hash__pmdp_huge_get_and_clear+0xe8/0x1b0
> > sp: c000000c6d19f990
> > msr: 8000000002009033
> > dar: 0
> > current = 0xc000000c6d177480
> > paca = 0xc00000001ec4f400 irqmask: 0x03 irq_happened: 0x01
> > pid = 1, comm = swapper/0
> > [link register ] c00000000009f6d8 hash__pmdp_huge_get_and_clear+0xe8/0x1b0
> > [c000000c6d19f990] c00000000009f748 hash__pmdp_huge_get_and_clear+0x158/0x1b0 (unreliable)
> > [c000000c6d19fa10] c0000000019ebf30 pmd_advanced_tests+0x1f0/0x378
> > [c000000c6d19fab0] c0000000019ed088 debug_vm_pgtable+0x79c/0x1244
> > [c000000c6d19fba0] c0000000000116ec do_one_initcall+0xac/0x5f0
> > [c000000c6d19fc80] c0000000019a4fac kernel_init_freeable+0x4dc/0x5a4
> > [c000000c6d19fdb0] c000000000012474 kernel_init+0x24/0x160
> > [c000000c6d19fe20] c00000000000cbd0 ret_from_kernel_thread+0x5c/0x6c
> >
> > Changes from v3:
> > * Address review feedback
> > * Move page table depost and withdraw patch after adding pmdlock to avoid bisect failure.
>
> This version
>
> - Builds on x86, arm64, s390, arc, powerpc and riscv (defconfig with DEBUG_VM_PGTABLE)
> - Runs on arm64 and x86 without any regression, atleast nothing that I have noticed
> - Will be great if this could get tested on s390, arc, riscv, ppc32 platforms as well
When I quickly tested v3, it worked fine, but now it turned out to
only work fine "sometimes", both v3 and v4. I need to look into it
further, but so far it seems related to the hugetlb_advanced_tests().
I guess there was already some discussion on this test, but we did
not receive all of the thread(s). Please always add at least
linux-s390@vger.kernel.org and maybe myself and Vasily Gorbik <gor@linux.ibm.com>
for further discussions.
That being said, sorry for duplications, this might already have been
discussed. Preliminary analysis showed that it only seems to go wrong
for certain random vaddr values. I cannot make any sense of that yet,
but what seems strange to me is that the hugetlb_advanced_tests()
take a (real) pte_t pointer as input, and also use that for all
kinds of operations (set_huge_pte_at, huge_ptep_get_and_clear, etc.).
Although all the hugetlb code in the kernel is (mis)using pte_t
pointers instead of the correct pmd/pud_t pointers like THP, that
is just for historic reasons. The pointers will actually never point
to a real pte_t (i.e. page table entry), but of course to a pmd
or pud entry, depending on hugepage size.
What is passed in as ptep to hugetlb_advanced_tests() seems to be
the result from the previous ptep = pte_alloc_map(mm, pmdp, vaddr),
so I would expect that it points to a real page table entry. Need
to investigate further, but IIUC, using such a pointer for adding
large pte entries (i.e. pmd/pud entries) at least feels very wrong
to me, and I assume it is related to the issues we see on s390.
We actually see different issues, e.g. once a panic directly in
hugetlb_advanced_tests() -> huge_ptep_get_and_clear(), but also
indirect symptoms after debug_vm_pgtable() completes, like this:
[ 10.533901] BUG task_struct (Not tainted): Padding overwritten. 0x0000000019f798c7-0x0000000019f798c7 @offset=30087
Last but not least, what I said about the pte vs. pmd/pud of
course also should apply to the hugetlb_basic_tests(), although
they are not directly using a pte_t pointer, and especially
also not writing to it. Still, the pte_aligned pfn parameter
is not guaranteed to also be pmd/pud_aligned, which doesn't
feel right.
So, for now, until this is sorted out, I guess we also need
to exclude s390 at least from the hugetlb_advanced_tests().
The hugetlb_basic_tests() seem to work fine so far (probably
by chance :-))
_______________________________________________
linux-snps-arc mailing list
linux-snps-arc@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-snps-arc
WARNING: multiple messages have this Message-ID (diff)
From: Gerald Schaefer <gerald.schaefer@linux.ibm.com>
To: Anshuman Khandual <anshuman.khandual@arm.com>
Cc: "linux-s390@vger.kernel.org" <linux-s390@vger.kernel.org>,
"Aneesh Kumar K.V" <aneesh.kumar@linux.ibm.com>,
linux-mm@kvack.org, Vineet Gupta <vgupta@synopsys.com>,
akpm@linux-foundation.org,
"linux-snps-arc@lists.infradead.org"
<linux-snps-arc@lists.infradead.org>,
linuxppc-dev@lists.ozlabs.org,
linux-riscv <linux-riscv@lists.infradead.org>,
Gerald Schaefer <gerald.schaefer@de.ibm.com>
Subject: Re: [PATCH v4 00/13] mm/debug_vm_pgtable fixes
Date: Fri, 4 Sep 2020 17:26:47 +0200 [thread overview]
Message-ID: <20200904172647.002113d3@thinkpad> (raw)
In-Reply-To: <bb0f3427-e2bd-f713-3ea8-d264be0e690b@arm.com>
On Fri, 4 Sep 2020 12:18:05 +0530
Anshuman Khandual <anshuman.khandual@arm.com> wrote:
>
>
> On 09/02/2020 05:12 PM, Aneesh Kumar K.V wrote:
> > This patch series includes fixes for debug_vm_pgtable test code so that
> > they follow page table updates rules correctly. The first two patches introduce
> > changes w.r.t ppc64. The patches are included in this series for completeness. We can
> > merge them via ppc64 tree if required.
> >
> > Hugetlb test is disabled on ppc64 because that needs larger change to satisfy
> > page table update rules.
> >
> > These tests are broken w.r.t page table update rules and results in kernel
> > crash as below.
> >
> > [ 21.083519] kernel BUG at arch/powerpc/mm/pgtable.c:304!
> > cpu 0x0: Vector: 700 (Program Check) at [c000000c6d1e76c0]
> > pc: c00000000009a5ec: assert_pte_locked+0x14c/0x380
> > lr: c0000000005eeeec: pte_update+0x11c/0x190
> > sp: c000000c6d1e7950
> > msr: 8000000002029033
> > current = 0xc000000c6d172c80
> > paca = 0xc000000003ba0000 irqmask: 0x03 irq_happened: 0x01
> > pid = 1, comm = swapper/0
> > kernel BUG at arch/powerpc/mm/pgtable.c:304!
> > [link register ] c0000000005eeeec pte_update+0x11c/0x190
> > [c000000c6d1e7950] 0000000000000001 (unreliable)
> > [c000000c6d1e79b0] c0000000005eee14 pte_update+0x44/0x190
> > [c000000c6d1e7a10] c000000001a2ca9c pte_advanced_tests+0x160/0x3d8
> > [c000000c6d1e7ab0] c000000001a2d4fc debug_vm_pgtable+0x7e8/0x1338
> > [c000000c6d1e7ba0] c0000000000116ec do_one_initcall+0xac/0x5f0
> > [c000000c6d1e7c80] c0000000019e4fac kernel_init_freeable+0x4dc/0x5a4
> > [c000000c6d1e7db0] c000000000012474 kernel_init+0x24/0x160
> > [c000000c6d1e7e20] c00000000000cbd0 ret_from_kernel_thread+0x5c/0x6c
> >
> > With DEBUG_VM disabled
> >
> > [ 20.530152] BUG: Kernel NULL pointer dereference on read at 0x00000000
> > [ 20.530183] Faulting instruction address: 0xc0000000000df330
> > cpu 0x33: Vector: 380 (Data SLB Access) at [c000000c6d19f700]
> > pc: c0000000000df330: memset+0x68/0x104
> > lr: c00000000009f6d8: hash__pmdp_huge_get_and_clear+0xe8/0x1b0
> > sp: c000000c6d19f990
> > msr: 8000000002009033
> > dar: 0
> > current = 0xc000000c6d177480
> > paca = 0xc00000001ec4f400 irqmask: 0x03 irq_happened: 0x01
> > pid = 1, comm = swapper/0
> > [link register ] c00000000009f6d8 hash__pmdp_huge_get_and_clear+0xe8/0x1b0
> > [c000000c6d19f990] c00000000009f748 hash__pmdp_huge_get_and_clear+0x158/0x1b0 (unreliable)
> > [c000000c6d19fa10] c0000000019ebf30 pmd_advanced_tests+0x1f0/0x378
> > [c000000c6d19fab0] c0000000019ed088 debug_vm_pgtable+0x79c/0x1244
> > [c000000c6d19fba0] c0000000000116ec do_one_initcall+0xac/0x5f0
> > [c000000c6d19fc80] c0000000019a4fac kernel_init_freeable+0x4dc/0x5a4
> > [c000000c6d19fdb0] c000000000012474 kernel_init+0x24/0x160
> > [c000000c6d19fe20] c00000000000cbd0 ret_from_kernel_thread+0x5c/0x6c
> >
> > Changes from v3:
> > * Address review feedback
> > * Move page table depost and withdraw patch after adding pmdlock to avoid bisect failure.
>
> This version
>
> - Builds on x86, arm64, s390, arc, powerpc and riscv (defconfig with DEBUG_VM_PGTABLE)
> - Runs on arm64 and x86 without any regression, atleast nothing that I have noticed
> - Will be great if this could get tested on s390, arc, riscv, ppc32 platforms as well
When I quickly tested v3, it worked fine, but now it turned out to
only work fine "sometimes", both v3 and v4. I need to look into it
further, but so far it seems related to the hugetlb_advanced_tests().
I guess there was already some discussion on this test, but we did
not receive all of the thread(s). Please always add at least
linux-s390@vger.kernel.org and maybe myself and Vasily Gorbik <gor@linux.ibm.com>
for further discussions.
That being said, sorry for duplications, this might already have been
discussed. Preliminary analysis showed that it only seems to go wrong
for certain random vaddr values. I cannot make any sense of that yet,
but what seems strange to me is that the hugetlb_advanced_tests()
take a (real) pte_t pointer as input, and also use that for all
kinds of operations (set_huge_pte_at, huge_ptep_get_and_clear, etc.).
Although all the hugetlb code in the kernel is (mis)using pte_t
pointers instead of the correct pmd/pud_t pointers like THP, that
is just for historic reasons. The pointers will actually never point
to a real pte_t (i.e. page table entry), but of course to a pmd
or pud entry, depending on hugepage size.
What is passed in as ptep to hugetlb_advanced_tests() seems to be
the result from the previous ptep = pte_alloc_map(mm, pmdp, vaddr),
so I would expect that it points to a real page table entry. Need
to investigate further, but IIUC, using such a pointer for adding
large pte entries (i.e. pmd/pud entries) at least feels very wrong
to me, and I assume it is related to the issues we see on s390.
We actually see different issues, e.g. once a panic directly in
hugetlb_advanced_tests() -> huge_ptep_get_and_clear(), but also
indirect symptoms after debug_vm_pgtable() completes, like this:
[ 10.533901] BUG task_struct (Not tainted): Padding overwritten. 0x0000000019f798c7-0x0000000019f798c7 @offset=30087
Last but not least, what I said about the pte vs. pmd/pud of
course also should apply to the hugetlb_basic_tests(), although
they are not directly using a pte_t pointer, and especially
also not writing to it. Still, the pte_aligned pfn parameter
is not guaranteed to also be pmd/pud_aligned, which doesn't
feel right.
So, for now, until this is sorted out, I guess we also need
to exclude s390 at least from the hugetlb_advanced_tests().
The hugetlb_basic_tests() seem to work fine so far (probably
by chance :-))
next prev parent reply other threads:[~2020-09-04 15:32 UTC|newest]
Thread overview: 128+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-09-02 11:42 [PATCH v4 00/13] mm/debug_vm_pgtable fixes Aneesh Kumar K.V
2020-09-02 11:42 ` Aneesh Kumar K.V
2020-09-02 11:42 ` [PATCH v4 01/13] powerpc/mm: Add DEBUG_VM WARN for pmd_clear Aneesh Kumar K.V
2020-09-02 11:42 ` Aneesh Kumar K.V
2020-09-02 11:42 ` [PATCH v4 02/13] powerpc/mm: Move setting pte specific flags to pfn_pte Aneesh Kumar K.V
2020-09-02 11:42 ` Aneesh Kumar K.V
2020-09-02 12:30 ` Christophe Leroy
2020-09-02 11:42 ` [PATCH v4 03/13] mm/debug_vm_pgtable/ppc64: Avoid setting top bits in radom value Aneesh Kumar K.V
2020-09-02 11:42 ` Aneesh Kumar K.V
2020-09-04 4:03 ` Anshuman Khandual
2020-09-04 4:03 ` Anshuman Khandual
2020-09-02 11:42 ` [PATCH v4 04/13] mm/debug_vm_pgtables/hugevmap: Use the arch helper to identify huge vmap support Aneesh Kumar K.V
2020-09-02 11:42 ` Aneesh Kumar K.V
2020-09-02 12:40 ` Christophe Leroy
2020-09-02 12:53 ` Aneesh Kumar K.V
2020-09-04 4:08 ` Anshuman Khandual
2020-09-04 4:08 ` Anshuman Khandual
2020-09-02 11:42 ` [PATCH v4 05/13] mm/debug_vm_pgtable/savedwrite: Enable savedwrite test with CONFIG_NUMA_BALANCING Aneesh Kumar K.V
2020-09-02 11:42 ` Aneesh Kumar K.V
2020-09-04 4:09 ` Anshuman Khandual
2020-09-04 4:09 ` Anshuman Khandual
2020-09-02 11:42 ` [PATCH v4 06/13] mm/debug_vm_pgtable/THP: Mark the pte entry huge before using set_pmd/pud_at Aneesh Kumar K.V
2020-09-02 11:42 ` Aneesh Kumar K.V
2020-09-04 5:21 ` Anshuman Khandual
2020-09-04 5:21 ` Anshuman Khandual
2020-09-02 11:42 ` [PATCH v4 07/13] mm/debug_vm_pgtable/set_pte/pmd/pud: Don't use set_*_at to update an existing pte entry Aneesh Kumar K.V
2020-09-02 11:42 ` Aneesh Kumar K.V
2020-09-04 5:34 ` Anshuman Khandual
2020-09-04 5:34 ` Anshuman Khandual
2020-09-02 11:42 ` [PATCH v4 08/13] mm/debug_vm_pgtable/locks: Move non page table modifying test together Aneesh Kumar K.V
2020-09-02 11:42 ` Aneesh Kumar K.V
2020-09-04 3:58 ` Anshuman Khandual
2020-09-04 3:58 ` Anshuman Khandual
2020-09-02 11:42 ` [PATCH v4 09/13] mm/debug_vm_pgtable/locks: Take correct page table lock Aneesh Kumar K.V
2020-09-02 11:42 ` Aneesh Kumar K.V
2020-09-04 5:39 ` Anshuman Khandual
2020-09-04 5:39 ` Anshuman Khandual
2020-09-02 11:42 ` [PATCH v4 10/13] mm/debug_vm_pgtable/thp: Use page table depost/withdraw with THP Aneesh Kumar K.V
2020-09-02 11:42 ` Aneesh Kumar K.V
2020-09-04 4:21 ` Anshuman Khandual
2020-09-04 4:21 ` Anshuman Khandual
2020-09-02 11:42 ` [PATCH v4 11/13] mm/debug_vm_pgtable/pmd_clear: Don't use pmd/pud_clear on pte entries Aneesh Kumar K.V
2020-09-02 11:42 ` Aneesh Kumar K.V
2020-09-04 6:03 ` Anshuman Khandual
2020-09-04 6:03 ` Anshuman Khandual
2020-09-02 11:42 ` [PATCH v4 12/13] mm/debug_vm_pgtable/hugetlb: Disable hugetlb test on ppc64 Aneesh Kumar K.V
2020-09-02 11:42 ` Aneesh Kumar K.V
2020-09-04 6:19 ` Anshuman Khandual
2020-09-04 6:19 ` Anshuman Khandual
2020-09-02 11:42 ` [PATCH v4 13/13] mm/debug_vm_pgtable: Avoid none pte in pte_clear_test Aneesh Kumar K.V
2020-09-02 11:42 ` Aneesh Kumar K.V
2020-09-11 2:13 ` Nathan Chancellor
2020-09-11 2:13 ` Nathan Chancellor
2020-09-11 5:21 ` Aneesh Kumar K.V
2020-09-11 5:21 ` Aneesh Kumar K.V
2020-09-11 5:21 ` Aneesh Kumar K.V
2020-09-23 3:14 ` Anshuman Khandual
2020-09-23 3:14 ` Anshuman Khandual
2020-09-23 3:14 ` Anshuman Khandual
2020-10-11 20:02 ` Guenter Roeck
2020-10-11 20:02 ` Guenter Roeck
2020-10-12 4:29 ` Aneesh Kumar K.V
2020-10-12 4:29 ` Aneesh Kumar K.V
2020-10-12 4:29 ` Aneesh Kumar K.V
2020-09-02 11:46 ` Aneesh Kumar K.V
2020-09-02 11:46 ` Aneesh Kumar K.V
2020-09-04 4:16 ` Anshuman Khandual
2020-09-04 4:16 ` Anshuman Khandual
2020-09-04 6:48 ` [PATCH v4 00/13] mm/debug_vm_pgtable fixes Anshuman Khandual
2020-09-04 6:48 ` Anshuman Khandual
2020-09-04 6:48 ` Anshuman Khandual
2020-09-04 6:48 ` Anshuman Khandual
2020-09-04 15:26 ` Gerald Schaefer [this message]
2020-09-04 15:26 ` Gerald Schaefer
2020-09-04 15:26 ` Gerald Schaefer
2020-09-04 15:26 ` Gerald Schaefer
2020-09-04 16:01 ` Gerald Schaefer
2020-09-04 16:01 ` Gerald Schaefer
2020-09-04 16:01 ` Gerald Schaefer
2020-09-04 16:01 ` Gerald Schaefer
2020-09-04 17:53 ` Gerald Schaefer
2020-09-04 17:53 ` Gerald Schaefer
2020-09-04 17:53 ` Gerald Schaefer
2020-09-04 17:53 ` Gerald Schaefer
2020-09-09 8:38 ` Anshuman Khandual
2020-09-09 8:38 ` Anshuman Khandual
2020-09-09 8:38 ` Anshuman Khandual
2020-09-09 8:38 ` Anshuman Khandual
2020-09-08 15:39 ` Gerald Schaefer
2020-09-08 15:39 ` Gerald Schaefer
2020-09-08 15:39 ` Gerald Schaefer
2020-09-08 15:39 ` Gerald Schaefer
2020-09-09 6:08 ` Aneesh Kumar K.V
2020-09-09 6:08 ` Aneesh Kumar K.V
2020-09-09 6:08 ` Aneesh Kumar K.V
2020-09-09 6:08 ` Aneesh Kumar K.V
2020-09-09 11:16 ` Gerald Schaefer
2020-09-09 11:16 ` Gerald Schaefer
2020-09-09 11:16 ` Gerald Schaefer
2020-09-09 11:16 ` Gerald Schaefer
2020-09-09 8:15 ` Anshuman Khandual
2020-09-09 8:15 ` Anshuman Khandual
2020-09-09 8:15 ` Anshuman Khandual
2020-09-09 8:15 ` Anshuman Khandual
2020-09-09 11:10 ` Gerald Schaefer
2020-09-09 11:10 ` Gerald Schaefer
2020-09-09 11:10 ` Gerald Schaefer
2020-09-09 11:10 ` Gerald Schaefer
2020-09-09 8:08 ` Anshuman Khandual
2020-09-09 8:08 ` Anshuman Khandual
2020-09-09 8:08 ` Anshuman Khandual
2020-09-09 8:08 ` Anshuman Khandual
2020-09-09 11:36 ` Gerald Schaefer
2020-09-09 11:36 ` Gerald Schaefer
2020-09-09 11:36 ` Gerald Schaefer
2020-09-09 11:36 ` Gerald Schaefer
2020-09-13 11:03 ` [PATCH] mm/debug_vm_pgtable: Avoid doing memory allocation with pgtable_t mapped Aneesh Kumar K.V
2020-09-13 11:03 ` Aneesh Kumar K.V
2020-09-13 13:42 ` Matthew Wilcox
2020-09-13 13:42 ` Matthew Wilcox
2020-10-13 20:58 ` [PATCH v4 00/13] mm/debug_vm_pgtable fixes Andrew Morton
2020-10-13 20:58 ` Andrew Morton
2020-10-14 3:15 ` Aneesh Kumar K.V
2020-10-14 3:15 ` Aneesh Kumar K.V
2020-10-14 20:36 ` Andrew Morton
2020-10-14 20:36 ` Andrew Morton
2020-10-15 2:59 ` Anshuman Khandual
2020-10-15 2:59 ` Anshuman Khandual
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200904172647.002113d3@thinkpad \
--to=gerald.schaefer@linux.ibm.com \
--cc=akpm@linux-foundation.org \
--cc=aneesh.kumar@linux.ibm.com \
--cc=anshuman.khandual@arm.com \
--cc=gerald.schaefer@de.ibm.com \
--cc=linux-mm@kvack.org \
--cc=linux-riscv@lists.infradead.org \
--cc=linux-s390@vger.kernel.org \
--cc=linux-snps-arc@lists.infradead.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=mpe@ellerman.id.au \
--cc=vgupta@synopsys.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.