* [PATCH v2 0/2] riscv: mm: Avoid spurious fault after hotplugging vmemmap
@ 2026-06-04 11:11 ` Vivian Wang
0 siblings, 0 replies; 8+ messages in thread
From: Vivian Wang @ 2026-06-04 11:11 UTC (permalink / raw)
To: Paul Walmsley, Palmer Dabbelt, Alexandre Ghiti, Andrew Morton,
David Hildenbrand, Lorenzo Stoakes, Liam R. Howlett,
Vlastimil Babka, Mike Rapoport, Suren Baghdasaryan, Michal Hocko
Cc: linux-riscv, linux-kernel, linux-mm, Vivian Wang
Patch 1 adds a hook and should be no functional change on its own,
whereas patch 2 is the actual fix, which depends on my earlier kfence
fixes for mark_new_valid_map() [1].
Found while testing AMD_HSA/ZONE_DEVICE on SpacemiT K3. Using
ZONE_DEVICE requires another fix [2].
[1]: https://lore.kernel.org/linux-riscv/20260303-handle-kfence-protect-spurious-fault-v2-0-f80d8354d79d@iscas.ac.cn
[2]: https://lore.kernel.org/linux-riscv/20260309-riscv-sparsemem-vmemmap-limits-v1-2-f40efe18e3cd@iscas.ac.cn
---
Changes in v2:
- Split patch in two, hook point and riscv hook
- Explain hook necessity in patch 1 message (Mike)
- Make hook #define based (Mike)
- Call finalize hook only on populate success
- Link to v1: https://patch.msgid.link/20260525-mark-after-vmemmap-populate-v1-1-e698d859ba16@iscas.ac.cn
---
Vivian Wang (2):
mm/vmemmap: Add a post-population hook for architectures
riscv: mm: Avoid spurious fault after hotplugging vmemmap
arch/riscv/include/asm/pgtable.h | 4 ++++
arch/riscv/mm/init.c | 6 ++++++
mm/sparse-vmemmap.c | 8 ++++++++
3 files changed, 18 insertions(+)
---
base-commit: 254f49634ee16a731174d2ae34bc50bd5f45e731
change-id: 20260525-mark-after-vmemmap-populate-68bd790839c9
prerequisite-message-id: <20260303-handle-kfence-protect-spurious-fault-v2-0-f80d8354d79d@iscas.ac.cn>
prerequisite-patch-id: fdc42f2647e21d111f44a6532887a6705cd470a9
prerequisite-patch-id: 096fa339c84c36643ae4311fd8362dc63e23d950
prerequisite-patch-id: 305c876a5f4a23a840a8142aea79b796ed297545
prerequisite-patch-id: d78cb55d6a616b1170f06a401c8fd44acd11e5d5
prerequisite-patch-id: b02b4a76e94f3e2821291d4c23b46f6e5ecf5203
Best regards,
--
Vivian Wang <wangruikang@iscas.ac.cn>
^ permalink raw reply [flat|nested] 8+ messages in thread* [PATCH v2 1/2] mm/vmemmap: Add a post-population hook for architectures
2026-06-04 11:11 ` Vivian Wang
@ 2026-06-04 11:11 ` Vivian Wang
-1 siblings, 0 replies; 8+ messages in thread
From: Vivian Wang @ 2026-06-04 11:11 UTC (permalink / raw)
To: Paul Walmsley, Palmer Dabbelt, Alexandre Ghiti, Andrew Morton,
David Hildenbrand, Lorenzo Stoakes, Liam R. Howlett,
Vlastimil Babka, Mike Rapoport, Suren Baghdasaryan, Michal Hocko
Cc: linux-riscv, linux-kernel, linux-mm, Vivian Wang
section_activate() does not flush TLB after populating new vmemmap
pages. On most architectures, this is okay, however it is a problem on
RISC-V since there TLB caching non-present entries is permitted, which
causes spurious faults on some hardwares.
Add a hook vmemmap_populate_finalize() in __populate_section_memmap()
after population, to allow architectures to handle such situations as
needed.
No functional change intended for now, but a hook implementation for
RISC-V will be added in a later patch.
Signed-off-by: Vivian Wang <wangruikang@iscas.ac.cn>
---
mm/sparse-vmemmap.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/mm/sparse-vmemmap.c b/mm/sparse-vmemmap.c
index 6eadb9d116e4..2a8b923fabe8 100644
--- a/mm/sparse-vmemmap.c
+++ b/mm/sparse-vmemmap.c
@@ -544,6 +544,12 @@ static int __meminit vmemmap_populate_compound_pages(unsigned long start_pfn,
#endif
+#ifndef vmemmap_populate_finalize
+static void __meminit vmemmap_populate_finalize(void)
+{
+}
+#endif
+
struct page * __meminit __populate_section_memmap(unsigned long pfn,
unsigned long nr_pages, int nid, struct vmem_altmap *altmap,
struct dev_pagemap *pgmap)
@@ -564,6 +570,8 @@ struct page * __meminit __populate_section_memmap(unsigned long pfn,
if (r < 0)
return NULL;
+ vmemmap_populate_finalize();
+
return pfn_to_page(pfn);
}
--
2.54.0
_______________________________________________
linux-riscv mailing list
linux-riscv@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-riscv
^ permalink raw reply related [flat|nested] 8+ messages in thread* [PATCH v2 1/2] mm/vmemmap: Add a post-population hook for architectures
@ 2026-06-04 11:11 ` Vivian Wang
0 siblings, 0 replies; 8+ messages in thread
From: Vivian Wang @ 2026-06-04 11:11 UTC (permalink / raw)
To: Paul Walmsley, Palmer Dabbelt, Alexandre Ghiti, Andrew Morton,
David Hildenbrand, Lorenzo Stoakes, Liam R. Howlett,
Vlastimil Babka, Mike Rapoport, Suren Baghdasaryan, Michal Hocko
Cc: linux-riscv, linux-kernel, linux-mm, Vivian Wang
section_activate() does not flush TLB after populating new vmemmap
pages. On most architectures, this is okay, however it is a problem on
RISC-V since there TLB caching non-present entries is permitted, which
causes spurious faults on some hardwares.
Add a hook vmemmap_populate_finalize() in __populate_section_memmap()
after population, to allow architectures to handle such situations as
needed.
No functional change intended for now, but a hook implementation for
RISC-V will be added in a later patch.
Signed-off-by: Vivian Wang <wangruikang@iscas.ac.cn>
---
mm/sparse-vmemmap.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/mm/sparse-vmemmap.c b/mm/sparse-vmemmap.c
index 6eadb9d116e4..2a8b923fabe8 100644
--- a/mm/sparse-vmemmap.c
+++ b/mm/sparse-vmemmap.c
@@ -544,6 +544,12 @@ static int __meminit vmemmap_populate_compound_pages(unsigned long start_pfn,
#endif
+#ifndef vmemmap_populate_finalize
+static void __meminit vmemmap_populate_finalize(void)
+{
+}
+#endif
+
struct page * __meminit __populate_section_memmap(unsigned long pfn,
unsigned long nr_pages, int nid, struct vmem_altmap *altmap,
struct dev_pagemap *pgmap)
@@ -564,6 +570,8 @@ struct page * __meminit __populate_section_memmap(unsigned long pfn,
if (r < 0)
return NULL;
+ vmemmap_populate_finalize();
+
return pfn_to_page(pfn);
}
--
2.54.0
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH v2 2/2] riscv: mm: Avoid spurious fault after hotplugging vmemmap
2026-06-04 11:11 ` Vivian Wang
@ 2026-06-04 11:11 ` Vivian Wang
-1 siblings, 0 replies; 8+ messages in thread
From: Vivian Wang @ 2026-06-04 11:11 UTC (permalink / raw)
To: Paul Walmsley, Palmer Dabbelt, Alexandre Ghiti, Andrew Morton,
David Hildenbrand, Lorenzo Stoakes, Liam R. Howlett,
Vlastimil Babka, Mike Rapoport, Suren Baghdasaryan, Michal Hocko
Cc: linux-riscv, linux-kernel, linux-mm, Vivian Wang
section_activate() creates new mappings in the vmemmap range without
flushing TLB, which may cause faults on some RISC-V implementations that
cache non-present PTEs and crashes.
This seems to be most easily reproduced with DEBUG_VM=y and
PAGE_POISONING=y, which causes these newly mapped struct pages to be
poisoned i.e. written to immediately after mapping.
Implement the newly added hook vmemmap_populate_finalize() on RISC-V, to
arrange for the existing exception handler code to deal with these
faults if they happen.
Signed-off-by: Vivian Wang <wangruikang@iscas.ac.cn>
---
I put the declaration here since it's the file where vmemmap and the
vmemmap area addresses are defined.
Depends on my kfence patches for mark_new_valid_map() (see cover).
---
arch/riscv/include/asm/pgtable.h | 4 ++++
arch/riscv/mm/init.c | 6 ++++++
2 files changed, 10 insertions(+)
diff --git a/arch/riscv/include/asm/pgtable.h b/arch/riscv/include/asm/pgtable.h
index a1a7c6520a09..aa0f50e3d534 100644
--- a/arch/riscv/include/asm/pgtable.h
+++ b/arch/riscv/include/asm/pgtable.h
@@ -1243,6 +1243,10 @@ static inline pte_t pte_swp_clear_exclusive(pte_t pte)
#define TASK_SIZE FIXADDR_START
#endif
+/* Needed on SPARSEMEM_VMEMMAP */
+#define vmemmap_populate_finalize vmemmap_populate_finalize
+void __meminit vmemmap_populate_finalize(void);
+
#else /* CONFIG_MMU */
#define PAGE_SHARED __pgprot(0)
diff --git a/arch/riscv/mm/init.c b/arch/riscv/mm/init.c
index 706f43523935..cf9ae4099f82 100644
--- a/arch/riscv/mm/init.c
+++ b/arch/riscv/mm/init.c
@@ -1360,6 +1360,12 @@ int __meminit vmemmap_populate(unsigned long start, unsigned long end, int node,
*/
return vmemmap_populate_hugepages(start, end, node, altmap);
}
+
+void __meminit vmemmap_populate_finalize(void)
+{
+ /* Avoid faults on cached non-present TLB entries. */
+ mark_new_valid_map();
+}
#endif
#if defined(CONFIG_MMU) && defined(CONFIG_64BIT)
--
2.54.0
_______________________________________________
linux-riscv mailing list
linux-riscv@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-riscv
^ permalink raw reply related [flat|nested] 8+ messages in thread* [PATCH v2 2/2] riscv: mm: Avoid spurious fault after hotplugging vmemmap
@ 2026-06-04 11:11 ` Vivian Wang
0 siblings, 0 replies; 8+ messages in thread
From: Vivian Wang @ 2026-06-04 11:11 UTC (permalink / raw)
To: Paul Walmsley, Palmer Dabbelt, Alexandre Ghiti, Andrew Morton,
David Hildenbrand, Lorenzo Stoakes, Liam R. Howlett,
Vlastimil Babka, Mike Rapoport, Suren Baghdasaryan, Michal Hocko
Cc: linux-riscv, linux-kernel, linux-mm, Vivian Wang
section_activate() creates new mappings in the vmemmap range without
flushing TLB, which may cause faults on some RISC-V implementations that
cache non-present PTEs and crashes.
This seems to be most easily reproduced with DEBUG_VM=y and
PAGE_POISONING=y, which causes these newly mapped struct pages to be
poisoned i.e. written to immediately after mapping.
Implement the newly added hook vmemmap_populate_finalize() on RISC-V, to
arrange for the existing exception handler code to deal with these
faults if they happen.
Signed-off-by: Vivian Wang <wangruikang@iscas.ac.cn>
---
I put the declaration here since it's the file where vmemmap and the
vmemmap area addresses are defined.
Depends on my kfence patches for mark_new_valid_map() (see cover).
---
arch/riscv/include/asm/pgtable.h | 4 ++++
arch/riscv/mm/init.c | 6 ++++++
2 files changed, 10 insertions(+)
diff --git a/arch/riscv/include/asm/pgtable.h b/arch/riscv/include/asm/pgtable.h
index a1a7c6520a09..aa0f50e3d534 100644
--- a/arch/riscv/include/asm/pgtable.h
+++ b/arch/riscv/include/asm/pgtable.h
@@ -1243,6 +1243,10 @@ static inline pte_t pte_swp_clear_exclusive(pte_t pte)
#define TASK_SIZE FIXADDR_START
#endif
+/* Needed on SPARSEMEM_VMEMMAP */
+#define vmemmap_populate_finalize vmemmap_populate_finalize
+void __meminit vmemmap_populate_finalize(void);
+
#else /* CONFIG_MMU */
#define PAGE_SHARED __pgprot(0)
diff --git a/arch/riscv/mm/init.c b/arch/riscv/mm/init.c
index 706f43523935..cf9ae4099f82 100644
--- a/arch/riscv/mm/init.c
+++ b/arch/riscv/mm/init.c
@@ -1360,6 +1360,12 @@ int __meminit vmemmap_populate(unsigned long start, unsigned long end, int node,
*/
return vmemmap_populate_hugepages(start, end, node, altmap);
}
+
+void __meminit vmemmap_populate_finalize(void)
+{
+ /* Avoid faults on cached non-present TLB entries. */
+ mark_new_valid_map();
+}
#endif
#if defined(CONFIG_MMU) && defined(CONFIG_64BIT)
--
2.54.0
^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH v2 0/2] riscv: mm: Avoid spurious fault after hotplugging vmemmap
2026-06-04 11:11 ` Vivian Wang
@ 2026-06-04 14:59 ` Mike Rapoport
-1 siblings, 0 replies; 8+ messages in thread
From: Mike Rapoport @ 2026-06-04 14:59 UTC (permalink / raw)
To: Vivian Wang
Cc: Paul Walmsley, Palmer Dabbelt, Alexandre Ghiti, Andrew Morton,
David Hildenbrand, Lorenzo Stoakes, Liam R. Howlett,
Vlastimil Babka, Suren Baghdasaryan, Michal Hocko, linux-riscv,
linux-kernel, linux-mm
On Thu, Jun 04, 2026 at 07:11:53PM +0800, Vivian Wang wrote:
> Patch 1 adds a hook and should be no functional change on its own,
> whereas patch 2 is the actual fix, which depends on my earlier kfence
> fixes for mark_new_valid_map() [1].
>
> Found while testing AMD_HSA/ZONE_DEVICE on SpacemiT K3. Using
> ZONE_DEVICE requires another fix [2].
>
> [1]: https://lore.kernel.org/linux-riscv/20260303-handle-kfence-protect-spurious-fault-v2-0-f80d8354d79d@iscas.ac.cn
> [2]: https://lore.kernel.org/linux-riscv/20260309-riscv-sparsemem-vmemmap-limits-v1-2-f40efe18e3cd@iscas.ac.cn
>
> ---
> Changes in v2:
> - Split patch in two, hook point and riscv hook
I don't think it should be split. You can add a hook and it's riscv
implementation in one patch, anyway this should go upstream via the same
tree.
> - Explain hook necessity in patch 1 message (Mike)
> - Make hook #define based (Mike)
> - Call finalize hook only on populate success
> - Link to v1: https://patch.msgid.link/20260525-mark-after-vmemmap-populate-v1-1-e698d859ba16@iscas.ac.cn
>
> ---
> Vivian Wang (2):
> mm/vmemmap: Add a post-population hook for architectures
> riscv: mm: Avoid spurious fault after hotplugging vmemmap
>
> arch/riscv/include/asm/pgtable.h | 4 ++++
> arch/riscv/mm/init.c | 6 ++++++
> mm/sparse-vmemmap.c | 8 ++++++++
> 3 files changed, 18 insertions(+)
> ---
> base-commit: 254f49634ee16a731174d2ae34bc50bd5f45e731
> change-id: 20260525-mark-after-vmemmap-populate-68bd790839c9
> prerequisite-message-id: <20260303-handle-kfence-protect-spurious-fault-v2-0-f80d8354d79d@iscas.ac.cn>
> prerequisite-patch-id: fdc42f2647e21d111f44a6532887a6705cd470a9
> prerequisite-patch-id: 096fa339c84c36643ae4311fd8362dc63e23d950
> prerequisite-patch-id: 305c876a5f4a23a840a8142aea79b796ed297545
> prerequisite-patch-id: d78cb55d6a616b1170f06a401c8fd44acd11e5d5
> prerequisite-patch-id: b02b4a76e94f3e2821291d4c23b46f6e5ecf5203
>
> Best regards,
> --
> Vivian Wang <wangruikang@iscas.ac.cn>
>
--
Sincerely yours,
Mike.
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH v2 0/2] riscv: mm: Avoid spurious fault after hotplugging vmemmap
@ 2026-06-04 14:59 ` Mike Rapoport
0 siblings, 0 replies; 8+ messages in thread
From: Mike Rapoport @ 2026-06-04 14:59 UTC (permalink / raw)
To: Vivian Wang
Cc: Paul Walmsley, Palmer Dabbelt, Alexandre Ghiti, Andrew Morton,
David Hildenbrand, Lorenzo Stoakes, Liam R. Howlett,
Vlastimil Babka, Suren Baghdasaryan, Michal Hocko, linux-riscv,
linux-kernel, linux-mm
On Thu, Jun 04, 2026 at 07:11:53PM +0800, Vivian Wang wrote:
> Patch 1 adds a hook and should be no functional change on its own,
> whereas patch 2 is the actual fix, which depends on my earlier kfence
> fixes for mark_new_valid_map() [1].
>
> Found while testing AMD_HSA/ZONE_DEVICE on SpacemiT K3. Using
> ZONE_DEVICE requires another fix [2].
>
> [1]: https://lore.kernel.org/linux-riscv/20260303-handle-kfence-protect-spurious-fault-v2-0-f80d8354d79d@iscas.ac.cn
> [2]: https://lore.kernel.org/linux-riscv/20260309-riscv-sparsemem-vmemmap-limits-v1-2-f40efe18e3cd@iscas.ac.cn
>
> ---
> Changes in v2:
> - Split patch in two, hook point and riscv hook
I don't think it should be split. You can add a hook and it's riscv
implementation in one patch, anyway this should go upstream via the same
tree.
> - Explain hook necessity in patch 1 message (Mike)
> - Make hook #define based (Mike)
> - Call finalize hook only on populate success
> - Link to v1: https://patch.msgid.link/20260525-mark-after-vmemmap-populate-v1-1-e698d859ba16@iscas.ac.cn
>
> ---
> Vivian Wang (2):
> mm/vmemmap: Add a post-population hook for architectures
> riscv: mm: Avoid spurious fault after hotplugging vmemmap
>
> arch/riscv/include/asm/pgtable.h | 4 ++++
> arch/riscv/mm/init.c | 6 ++++++
> mm/sparse-vmemmap.c | 8 ++++++++
> 3 files changed, 18 insertions(+)
> ---
> base-commit: 254f49634ee16a731174d2ae34bc50bd5f45e731
> change-id: 20260525-mark-after-vmemmap-populate-68bd790839c9
> prerequisite-message-id: <20260303-handle-kfence-protect-spurious-fault-v2-0-f80d8354d79d@iscas.ac.cn>
> prerequisite-patch-id: fdc42f2647e21d111f44a6532887a6705cd470a9
> prerequisite-patch-id: 096fa339c84c36643ae4311fd8362dc63e23d950
> prerequisite-patch-id: 305c876a5f4a23a840a8142aea79b796ed297545
> prerequisite-patch-id: d78cb55d6a616b1170f06a401c8fd44acd11e5d5
> prerequisite-patch-id: b02b4a76e94f3e2821291d4c23b46f6e5ecf5203
>
> Best regards,
> --
> Vivian Wang <wangruikang@iscas.ac.cn>
>
--
Sincerely yours,
Mike.
_______________________________________________
linux-riscv mailing list
linux-riscv@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-riscv
^ permalink raw reply [flat|nested] 8+ messages in thread