From: Muchun Song <muchun.song@linux.dev>
To: XIAO WU <xiaowu.417@qq.com>
Cc: Muchun Song <songmuchun@bytedance.com>,
Oscar Salvador <osalvador@suse.de>,
David Hildenbrand <david@kernel.org>,
Andrew Morton <akpm@linux-foundation.org>,
Madhavan Srinivasan <maddy@linux.ibm.com>,
Michael Ellerman <mpe@ellerman.id.au>,
Mike Rapoport <rppt@kernel.org>, Lorenzo Stoakes <ljs@kernel.org>,
"Liam R . Howlett" <liam@infradead.org>,
Vlastimil Babka <vbabka@kernel.org>,
linux-mm@kvack.org, linux-kernel@vger.kernel.org,
Nicholas Piggin <npiggin@gmail.com>,
Christophe Leroy <chleroy@kernel.org>,
Ritesh Harjani <ritesh.list@gmail.com>,
"Aneesh Kumar K . V" <aneesh.kumar@linux.ibm.com>,
linuxppc-dev@lists.ozlabs.org,
Mike Kravetz <mike.kravetz@oracle.com>
Subject: Re: [PATCH v4 07/19] mm/sparse: Move subsection_map_init() into sparse_init()
Date: Tue, 16 Jun 2026 11:04:38 +0800 [thread overview]
Message-ID: <DC123A77-79AE-42F1-89F9-4001D0B63E9E@linux.dev> (raw)
In-Reply-To: <tencent_5D21B8CE461994D9323FDEDA6441E4234407@qq.com>
> On Jun 16, 2026, at 00:35, XIAO WU <xiaowu.417@qq.com> wrote:
>
> Hi Muchun,
Hi,
>
> Muchun Song <muchun.song@linux.dev> wrote:
> > mm/sparse: Move subsection_map_init() into sparse_init()
> >
> > This commit moves subsection_map_init() from free_area_init() into
> > sparse_init() so that sparse-specific setup stays together instead of being
> > split across the generic free_area_init() path.
>
> This patch introduces a new `sparse_init_subsection_map()` that iterates
> over all memblock ranges and calls `sparse_init_subsection_map_range()`:
>
> > +void __init sparse_init_subsection_map(void)
> > +{
> > + int i, nid;
> > + unsigned long start, end;
> > +
> > + for_each_mem_pfn_range(i, MAX_NUMNODES, &start, &end, &nid)
> > + sparse_init_subsection_map_range(start, end - start);
>
> However, earlier in `sparse_init()`, `memblocks_present()` calls
> `memory_present()`, which internally caps PFN ranges at
> `max_sparsemem_pfn` via `mminit_validate_memmodel_limits()`. Sections
> beyond this cap never have `ms->usage` allocated.
>
> `for_each_mem_pfn_range()` returns the raw, uncapped memblock ranges.
> If a range extends beyond `max_sparsemem_pfn`, then inside
> `sparse_init_subsection_map_range()`:
>
> ms = __nr_to_section(nr);
> subsection_mask_set(ms->usage->subsection_map, pfn, pfns);
>
> `ms->usage` is NULL because `sparse_init_early_section()` was never
> called for this section, causing a NULL pointer dereference.
Thanks for your report. IIUC, it is a pre-existing issue.
>
> I was able to reproduce this on x86_64 with 4-level paging by booting
> with `memmap=4G@0x400080000000` to place a memblock range beyond the
> ~64 TiB `max_sparsemem_pfn` limit. The kernel crashes during early boot:
>
> node -1: [mem 0x0000400080000000-0x000040017fffffff]
> ------------[ cut here ]------------
> WARNING: mm/sparse.c:142 at sparse_init+0x1ac/0x8a0
> ...
> PANIC: early exception 0x0d IP 10:...sparse_init_subsection_map+0x12f/0x250
> RIP: 0010:sparse_init_subsection_map+0x12f/0x250
> Call Trace:
> sparse_init+0x69f/0x8a0
> mm_core_init_early+0x12fa/0x20c0
> start_kernel+0x89/0x4e0
>
> The fix is a one-line NULL check in sparse_init_subsection_map_range():
Would you mind sending a separate fix patch since it is not introduced by
this patch? I would like to review it.
Muchun,
Thanks.
>
> --- a/mm/sparse-vmemmap.c
> +++ b/mm/sparse-vmemmap.c
> @@ -608,6 +608,8 @@ void __init sparse_init_subsection_map(unsigned long pfn,
> pfns = min(nr_pages, PAGES_PER_SECTION
> - (pfn & ~PAGE_SECTION_MASK));
> ms = __nr_to_section(nr);
> + if (!ms->usage)
> + continue;
> subsection_mask_set(ms->usage->subsection_map, pfn, pfns);
>
> On most systems `max_sparsemem_pfn` is large enough that this is never
> hit, but on 32-bit or PAE configurations where the limit is much lower,
> the mismatch between `for_each_mem_pfn_range()` and
> `mminit_validate_memmodel_limits()` can trigger with reasonable memory
> sizes.
>
> Thanks,
> Xiao
>
>
next prev parent reply other threads:[~2026-06-16 3:05 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-12 3:58 [PATCH v4 00/19] mm: Refactor bootmem gigantic hugepage allocation Muchun Song
2026-06-12 3:58 ` [PATCH v4 01/19] mm/hugetlb: Fix boot panic with CONFIG_DEBUG_VM and HVO bootmem pages Muchun Song
2026-06-12 3:58 ` [PATCH v4 02/19] mm/hugetlb_vmemmap: Fix __hugetlb_vmemmap_optimize_folios() Muchun Song
2026-06-12 15:37 ` Frank van der Linden
2026-06-12 3:58 ` [PATCH v4 03/19] powerpc/mm: Fix wrong addr_pfn tracking in compound vmemmap population Muchun Song
2026-06-12 3:58 ` [PATCH v4 04/19] mm/hugetlb: Initialize gigantic bootmem hugepage struct pages earlier Muchun Song
2026-06-12 3:58 ` [PATCH v4 05/19] mm/mm_init: Simplify deferred_free_pages() migratetype init Muchun Song
2026-06-12 3:58 ` [PATCH v4 06/19] mm/sparse: Panic on memmap and usemap allocation failure Muchun Song
2026-06-12 3:58 ` [PATCH v4 07/19] mm/sparse: Move subsection_map_init() into sparse_init() Muchun Song
2026-06-15 16:35 ` XIAO WU
2026-06-16 3:04 ` Muchun Song [this message]
2026-06-12 3:58 ` [PATCH v4 08/19] mm/mm_init: Defer sparse_init() until after zone initialization Muchun Song
2026-06-12 3:58 ` [PATCH v4 09/19] mm/mm_init: Defer hugetlb reservation " Muchun Song
2026-06-12 3:58 ` [PATCH v4 10/19] mm/mm_init: Remove set_pageblock_order() call from sparse_init() Muchun Song
2026-06-12 3:58 ` [PATCH v4 11/19] mm/sparse: Move sparse_vmemmap_init_nid_late() into sparse_init_nid() Muchun Song
2026-06-12 3:58 ` [PATCH v4 12/19] mm/hugetlb_cma: Validate hugetlb CMA range by zone at reserve time Muchun Song
2026-06-12 3:58 ` [PATCH v4 13/19] mm/hugetlb: Refactor early boot gigantic hugepage allocation Muchun Song
2026-06-12 3:58 ` [PATCH v4 14/19] mm/hugetlb: Free cross-zone bootmem gigantic pages after allocation Muchun Song
2026-06-14 9:46 ` Mike Rapoport
2026-06-12 3:58 ` [PATCH v4 15/19] mm/hugetlb_vmemmap: Move bootmem HVO setup to early init Muchun Song
2026-06-12 3:59 ` [PATCH v4 16/19] mm/hugetlb: Remove obsolete bootmem cross-zone checks Muchun Song
2026-06-12 3:59 ` [PATCH v4 17/19] mm/sparse-vmemmap: Remove sparse_vmemmap_init_nid_late() Muchun Song
2026-06-12 3:59 ` [PATCH v4 18/19] mm/hugetlb: Remove unused bootmem cma field Muchun Song
2026-06-12 3:59 ` [PATCH v4 19/19] mm/mm_init: Fold __init_page_from_nid() into __init_deferred_page() Muchun Song
2026-06-17 6:54 ` [PATCH v4 00/19] mm: Refactor bootmem gigantic hugepage allocation Muchun Song
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=DC123A77-79AE-42F1-89F9-4001D0B63E9E@linux.dev \
--to=muchun.song@linux.dev \
--cc=akpm@linux-foundation.org \
--cc=aneesh.kumar@linux.ibm.com \
--cc=chleroy@kernel.org \
--cc=david@kernel.org \
--cc=liam@infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=ljs@kernel.org \
--cc=maddy@linux.ibm.com \
--cc=mike.kravetz@oracle.com \
--cc=mpe@ellerman.id.au \
--cc=npiggin@gmail.com \
--cc=osalvador@suse.de \
--cc=ritesh.list@gmail.com \
--cc=rppt@kernel.org \
--cc=songmuchun@bytedance.com \
--cc=vbabka@kernel.org \
--cc=xiaowu.417@qq.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox