From mboxrd@z Thu Jan 1 00:00:00 1970 From: Andrew Cooper Subject: Re: [Bug 198497] handle_mm_fault / xen_pmd_val / radix_tree_lookup_slot Null pointer Date: Fri, 20 Apr 2018 16:25:37 +0100 Message-ID: <76a4ee3b-e00a-5032-df90-07d8e207f707@citrix.com> References: <20180420133951.GC10788@bombadil.infradead.org> Mime-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Return-path: In-Reply-To: Content-Language: en-GB List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" To: Jason Andryuk , Matthew Wilcox Cc: Juergen Gross , bugzilla-daemon@bugzilla.kernel.org, xen-devel@lists.xen.org, linux-mm@kvack.org, Boris Ostrovsky , labbott@redhat.com, akpm@linux-foundation.org List-Id: xen-devel@lists.xenproject.org T24gMjAvMDQvMTggMTY6MjAsIEphc29uIEFuZHJ5dWsgd3JvdGU6Cj4gQWRkaW5nIHhlbi1kZXZl bCBhbmQgdGhlIExpbnV4IFhlbiBtYWludGFpbmVycy4KPgo+IFN1bW1hcnk6IFNvbWUgWGVuIHVz ZXJzIChhbmQgbWF5YmUgb3RoZXJzKSBhcmUgaGl0dGluZyBhIEJVRyBpbgo+IF9fcmFkaXhfdHJl ZV9sb29rdXAoKSB1bmRlciBkb19zd2FwX3BhZ2UoKSAtIGV4YW1wbGUgYmFja3RyYWNlIGlzCj4g cHJvdmlkZWQgYXQgdGhlIGVuZC4gIE1hdHRoZXcgV2lsY294IHByb3ZpZGVkIGEgYmFuZC1haWQg cGF0Y2ggdGhhdAo+IHByaW50cyBlcnJvcnMgbGlrZSB0aGUgZm9sbG93aW5nIGluc3RlYWQgb2Yg dHJpZ2dlcmluZyB0aGUgYnVnLgo+Cj4gU2t5bGFrZSAzMmJpdCBQQUUgRG9tMDoKPiBCYWQgc3dw X2VudHJ5OiA4MDAwMDAwMAo+IG1tL3N3YXBfc3RhdGUuYzo2ODM6IGJhZCBwdGUgZDNhMzlmMWMo ODAwMDAwMDQwMDAwMDAwMCkKPgo+IEl2eSBCcmlkZ2UgMzJiaXQgUEFFIERvbTA6Cj4gQmFkIHN3 cF9lbnRyeTogNDAwMDAwMDAKPiBtbS9zd2FwX3N0YXRlLmM6NjgzOiBiYWQgcHRlIGQzYTA1ZjFj KDgwMDAwMDAyMDAwMDAwMDApCj4KPiBPdGhlciAzMmJpdCBEb21VOgo+IEJhZCBzd3BfZW50cnk6 IDQwMDAwMDAKPiBtbS9zd2FwX3N0YXRlLmM6NjgzOiBiYWQgcHRlIGUyMTg3ZjMwKDgwMDAwMDAy MDAwMDAwMDApCj4KPiBPdGhlciAzMmJpdDoKPiBCYWQgc3dwX2VudHJ5OiAyMDAwMDAwCj4gbW0v c3dhcF9zdGF0ZS5jOjY4MzogYmFkIHB0ZSBlZjNhM2YzOCg4MDAwMDAwMTAwMDAwMDAwKQo+Cj4g VGhlIExpbnV4IGJ1Z3ppbGxhIGhhcyBtb3JlIGluZm8KPiBodHRwczovL2J1Z3ppbGxhLmtlcm5l bC5vcmcvc2hvd19idWcuY2dpP2lkPTE5ODQ5Nwo+Cj4gVGhpcyBtYXkgbm90IGJlIGV4Y2x1c2l2 ZSB0byBYZW4gTGludXgsIGJ1dCBtb3N0IG9mIHRoZSByZXBvcnRzIGFyZSBvbgo+IFhlbi4gIE1h dHRoZXcgd29uZGVycyBpZiBYZW4gbWlnaHQgYmUgc3RlcHBpbmcgb24gdGhlIHVwcGVyIGJpdHMg b2YgYQo+IHB0ZS4KClllcyAtIFhlbiBkb2VzIHVzZSB0aGUgdXBwZXIgYml0cyBvZiBhIFBURSwg YnV0IG9ubHkgMSBpbiByZWxlYXNlCmJ1aWxkcywgYW5kIGEgc2Vjb25kIGluIGRlYnVnIGJ1aWxk cy7CoCBJIGRvbid0IHVuZGVyc3RhbmQgd2hlcmUgeW91J3JlCmdldHRpbmcgdGhlIDNyZCBiaXQg aW4gdGhlcmUuCgpUaGUgdXNlIG9mIHRoZXNlIGJpdHMgYXJlIGR1YmlvdXMsIGFuZCBub3QgYWRl cXVhdGVseSBkZXNjcmliZWQgaW4gdGhlCkFCSSwgYW5kIGF0dGVtcHRzIHRvIGltcHJvdmUgdGhl IHN0YXRlIG9mIHBsYXkgaGFzIGNvbWUgdG8gbm90aGluZyBpbgp0aGUgcGFzdC4KCn5BbmRyZXcK Cl9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fClhlbi1kZXZl bCBtYWlsaW5nIGxpc3QKWGVuLWRldmVsQGxpc3RzLnhlbnByb2plY3Qub3JnCmh0dHBzOi8vbGlz dHMueGVucHJvamVjdC5vcmcvbWFpbG1hbi9saXN0aW5mby94ZW4tZGV2ZWw= From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wr0-f200.google.com (mail-wr0-f200.google.com [209.85.128.200]) by kanga.kvack.org (Postfix) with ESMTP id BB21E6B0011 for ; Fri, 20 Apr 2018 11:25:40 -0400 (EDT) Received: by mail-wr0-f200.google.com with SMTP id m7-v6so9135679wrb.16 for ; Fri, 20 Apr 2018 08:25:40 -0700 (PDT) Received: from SMTP.EU.CITRIX.COM (smtp.eu.citrix.com. [185.25.65.24]) by mx.google.com with ESMTPS id c54si6768004edc.226.2018.04.20.08.25.39 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 20 Apr 2018 08:25:39 -0700 (PDT) Subject: Re: [Xen-devel] [Bug 198497] handle_mm_fault / xen_pmd_val / radix_tree_lookup_slot Null pointer References: <20180420133951.GC10788@bombadil.infradead.org> From: Andrew Cooper Message-ID: <76a4ee3b-e00a-5032-df90-07d8e207f707@citrix.com> Date: Fri, 20 Apr 2018 16:25:37 +0100 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit Content-Language: en-GB Sender: owner-linux-mm@kvack.org List-ID: To: Jason Andryuk , Matthew Wilcox Cc: Juergen Gross , bugzilla-daemon@bugzilla.kernel.org, xen-devel@lists.xen.org, linux-mm@kvack.org, Boris Ostrovsky , labbott@redhat.com, akpm@linux-foundation.org On 20/04/18 16:20, Jason Andryuk wrote: > Adding xen-devel and the Linux Xen maintainers. > > Summary: Some Xen users (and maybe others) are hitting a BUG in > __radix_tree_lookup() under do_swap_page() - example backtrace is > provided at the end. Matthew Wilcox provided a band-aid patch that > prints errors like the following instead of triggering the bug. > > Skylake 32bit PAE Dom0: > Bad swp_entry: 80000000 > mm/swap_state.c:683: bad pte d3a39f1c(8000000400000000) > > Ivy Bridge 32bit PAE Dom0: > Bad swp_entry: 40000000 > mm/swap_state.c:683: bad pte d3a05f1c(8000000200000000) > > Other 32bit DomU: > Bad swp_entry: 4000000 > mm/swap_state.c:683: bad pte e2187f30(8000000200000000) > > Other 32bit: > Bad swp_entry: 2000000 > mm/swap_state.c:683: bad pte ef3a3f38(8000000100000000) > > The Linux bugzilla has more info > https://bugzilla.kernel.org/show_bug.cgi?id=198497 > > This may not be exclusive to Xen Linux, but most of the reports are on > Xen. Matthew wonders if Xen might be stepping on the upper bits of a > pte. Yes - Xen does use the upper bits of a PTE, but only 1 in release builds, and a second in debug builds.A I don't understand where you're getting the 3rd bit in there. The use of these bits are dubious, and not adequately described in the ABI, and attempts to improve the state of play has come to nothing in the past. ~Andrew