From: Muchun Song <muchun.song@linux.dev>
To: "Ritesh Harjani (IBM)" <ritesh.list@gmail.com>
Cc: Muchun Song <songmuchun@bytedance.com>,
Oscar Salvador <osalvador@suse.de>,
David Hildenbrand <david@kernel.org>,
Andrew Morton <akpm@linux-foundation.org>,
Madhavan Srinivasan <maddy@linux.ibm.com>,
Michael Ellerman <mpe@ellerman.id.au>,
Mike Rapoport <rppt@kernel.org>, Lorenzo Stoakes <ljs@kernel.org>,
"Liam R. Howlett" <liam@infradead.org>,
Vlastimil Babka <vbabka@kernel.org>,
linux-mm@kvack.org, linux-kernel@vger.kernel.org,
Nicholas Piggin <npiggin@gmail.com>,
"Christophe Leroy (CS GROUP)" <chleroy@kernel.org>,
"Aneesh Kumar K.V" <aneesh.kumar@linux.ibm.com>,
linuxppc-dev@lists.ozlabs.org,
Mike Kravetz <mike.kravetz@oracle.com>
Subject: Re: [PATCH v3 03/19] powerpc/mm: Fix wrong addr_pfn tracking in compound vmemmap population
Date: Thu, 4 Jun 2026 10:09:05 +0800 [thread overview]
Message-ID: <4242FACE-1A30-4EE9-8679-A0B6284BB0B9@linux.dev> (raw)
In-Reply-To: <a4tbwv0s.ritesh.list@gmail.com>
> On Jun 3, 2026, at 22:36, Ritesh Harjani (IBM) <ritesh.list@gmail.com> wrote:
>
> Muchun Song <songmuchun@bytedance.com> writes:
>
>> vmemmap_populate_compound_pages() uses addr_pfn to determine the PFN
>> offset within a compound page and to decide whether the current
>> vmemmap slot should be populated as a head page mapping or should reuse
>> a tail page mapping.
>>
>> However, addr_pfn is advanced manually in parallel with addr. The loop
>> itself progresses in vmemmap address space, so each PAGE_SIZE step in
>> addr covers PAGE_SIZE / sizeof(struct page) struct page slots. Since
>> addr_pfn is compared against nr_pages in data-PFN units, it should
>> advance by the same number of PFNs. The existing manual increments do
>> not match that and therefore do not reliably track the PFN
>> corresponding to the current addr.
>>
>> As a result, pfn_offset can be computed from the wrong PFN and the code
>> can make the head/tail decision for the wrong compound-page position.
>>
>> Fix this by deriving addr_pfn directly from the current vmemmap address
>> instead of carrying it as loop state.
>>
>> Fixes: f2b79c0d7968 ("powerpc/book3s64/radix: add support for vmemmap optimization for radix")
>> Signed-off-by: Muchun Song <songmuchun@bytedance.com>
>> Acked-by: Oscar Salvador <osalvador@suse.de>
>
> Thanks for fixing it. I guess this was not caught because section size
> on powerpc is 16MB and with 64K pagesize we have 256 pfns to map. The
> vmemmap size required for this is 256*sizeof(struct page) = 16KB which
> is < 64K (pagesize). So basically we never loop in
> vmemmap_populate_compound_page(), because
> next = addr+PAGE_SIZE will be > end after the 1st iteration itself.
>
> But I agree this is a bug which needs fixing and it can be easily caught
> with 4K pagesize, where we have 4096 pfns to map within a 16MB section.
>
>
> The change looks good to me. Can we please add stable tag too?
> Cc: stable@kernel.org
Yes. I'll add it next version.
>
> Also, feel free to add:
> Reviewed-by: Ritesh Harjani (IBM) <ritesh.list@gmail.com>
Thanks.
next prev parent reply other threads:[~2026-06-04 2:10 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-02 10:10 [PATCH v3 00/19] mm: Refactor bootmem gigantic hugepage allocation Muchun Song
2026-06-02 10:10 ` [PATCH v3 01/19] mm/hugetlb: Fix boot panic with CONFIG_DEBUG_VM and HVO bootmem pages Muchun Song
2026-06-02 10:10 ` [PATCH v3 02/19] mm/hugetlb_vmemmap: Fix __hugetlb_vmemmap_optimize_folios() Muchun Song
2026-06-02 10:10 ` [PATCH v3 03/19] powerpc/mm: Fix wrong addr_pfn tracking in compound vmemmap population Muchun Song
2026-06-03 14:36 ` Ritesh Harjani
2026-06-04 2:09 ` Muchun Song [this message]
2026-06-02 10:10 ` [PATCH v3 04/19] mm/hugetlb: Initialize gigantic bootmem hugepage struct pages earlier Muchun Song
2026-06-02 10:10 ` [PATCH v3 05/19] mm/mm_init: Simplify deferred_free_pages() migratetype init Muchun Song
2026-06-02 10:10 ` [PATCH v3 06/19] mm/sparse: Panic on memmap and usemap allocation failure Muchun Song
2026-06-02 10:10 ` [PATCH v3 07/19] mm/sparse: Move subsection_map_init() into sparse_init() Muchun Song
2026-06-02 10:10 ` [PATCH v3 08/19] mm/mm_init: Defer sparse_init() until after zone initialization Muchun Song
2026-06-02 10:10 ` [PATCH v3 09/19] mm/mm_init: Defer hugetlb reservation " Muchun Song
2026-06-02 10:10 ` [PATCH v3 10/19] mm/mm_init: Remove set_pageblock_order() call from sparse_init() Muchun Song
2026-06-02 10:10 ` [PATCH v3 11/19] mm/sparse: Move sparse_vmemmap_init_nid_late() into sparse_init_nid() Muchun Song
2026-06-02 10:10 ` [PATCH v3 12/19] mm/hugetlb_cma: Validate hugetlb CMA range by zone at reserve time Muchun Song
2026-06-02 10:10 ` [PATCH v3 13/19] mm/hugetlb: Refactor early boot gigantic hugepage allocation Muchun Song
2026-06-02 10:10 ` [PATCH v3 14/19] mm/hugetlb: Free cross-zone bootmem gigantic pages after allocation Muchun Song
2026-06-02 15:41 ` Mike Rapoport
2026-06-03 2:53 ` Muchun Song
2026-06-02 10:10 ` [PATCH v3 15/19] mm/hugetlb_vmemmap: Move bootmem HVO setup to early init Muchun Song
2026-06-02 15:41 ` Mike Rapoport
2026-06-03 2:42 ` Muchun Song
2026-06-03 12:02 ` Usama Arif
2026-06-03 12:24 ` Muchun Song
2026-06-03 12:35 ` Usama Arif
2026-06-02 10:10 ` [PATCH v3 16/19] mm/hugetlb: Remove obsolete bootmem cross-zone checks Muchun Song
2026-06-02 15:41 ` Mike Rapoport
2026-06-02 10:10 ` [PATCH v3 17/19] mm/sparse-vmemmap: Remove sparse_vmemmap_init_nid_late() Muchun Song
2026-06-02 15:41 ` Mike Rapoport
2026-06-02 10:10 ` [PATCH v3 18/19] mm/hugetlb: Remove unused bootmem cma field Muchun Song
2026-06-02 15:41 ` Mike Rapoport
2026-06-03 2:41 ` Muchun Song
2026-06-02 10:10 ` [PATCH v3 19/19] mm/mm_init: Fold __init_page_from_nid() into __init_deferred_page() Muchun Song
2026-06-02 14:46 ` Mike Rapoport
2026-06-02 15:41 ` Mike Rapoport
2026-06-03 2:39 ` Muchun Song
2026-06-02 10:34 ` [PATCH v3 00/19] mm: Refactor bootmem gigantic hugepage allocation Oscar Salvador (SUSE)
2026-06-02 12:01 ` Muchun Song
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4242FACE-1A30-4EE9-8679-A0B6284BB0B9@linux.dev \
--to=muchun.song@linux.dev \
--cc=akpm@linux-foundation.org \
--cc=aneesh.kumar@linux.ibm.com \
--cc=chleroy@kernel.org \
--cc=david@kernel.org \
--cc=liam@infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=ljs@kernel.org \
--cc=maddy@linux.ibm.com \
--cc=mike.kravetz@oracle.com \
--cc=mpe@ellerman.id.au \
--cc=npiggin@gmail.com \
--cc=osalvador@suse.de \
--cc=ritesh.list@gmail.com \
--cc=rppt@kernel.org \
--cc=songmuchun@bytedance.com \
--cc=vbabka@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox