Re: [PATCH v8 03/23] mm: Check against orig_pte for finish_fault()

From: Peter Xu
Date: Fri Apr 15 2022 - 10:41:41 EST


On Fri, Apr 15, 2022 at 07:21:12AM -0700, Guenter Roeck wrote:
> Hi,

Hi, Guenter,

>
> On Mon, Apr 04, 2022 at 09:48:36PM -0400, Peter Xu wrote:
> > We used to check against none pte in finish_fault(), with the assumption
> > that the orig_pte is always none pte.
> >
> > This change prepares us to be able to call do_fault() on !none ptes. For
> > example, we should allow that to happen for pte marker so that we can restore
> > information out of the pte markers.
> >
> > Let's change the "pte_none" check into detecting changes since we fetched
> > orig_pte. One trivial thing to take care of here is, when pmd==NULL for
> > the pgtable we may not initialize orig_pte at all in handle_pte_fault().
> >
> > By default orig_pte will be all zeros however the problem is not all
> > architectures are using all-zeros for a none pte. pte_clear() will be the
> > right thing to use here so that we'll always have a valid orig_pte value
> > for the whole handle_pte_fault() call.
> >
> > Signed-off-by: Peter Xu <peterx@xxxxxxxxxx>
>
> This patch crashes pretty much all arm images in linux-next. Reverting it
> fixes the problem. Sample crash log and bisect results attached.

Sorry for the issue, and thanks for reporting and bisecting.

It's already reported by Marek and this problematic patch will be replaced
by this one (already updated in -mm, but may land -next later I think):

https://lore.kernel.org/all/Ylb9rXJyPm8%2Fao8f@xz-m1.local/

Thanks,

>
> Guenter
>
> ---
> [ 11.232343] 8<--- cut here ---
> [ 11.232564] Unable to handle kernel paging request at virtual address 88016664
> [ 11.232735] [88016664] *pgd=41cfd811, *pte=00000000, *ppte=00000000
> [ 11.233128] Internal error: Oops: 807 [#1] ARM
> [ 11.233385] CPU: 0 PID: 1 Comm: swapper Not tainted 5.18.0-rc2-next-20220414 #1
> [ 11.233564] Hardware name: Generic DT based system
> [ 11.233695] PC is at cpu_arm926_set_pte_ext+0x2c/0x40
> [ 11.233863] LR is at handle_mm_fault+0x4b0/0x11a8
> [ 11.233963] pc : [<8010e60c>] lr : [<802944ec>] psr: 00000113
> [ 11.234080] sp : 88015e20 ip : 88015e7c fp : 00000492
> [ 11.234179] r10: 00000000 r9 : 00000000 r8 : 81167e50
> [ 11.234280] r7 : 00000000 r6 : 00000081 r5 : 7efffff1 r4 : 83034690
> [ 11.234402] r3 : 00000043 r2 : 00000000 r1 : 00000000 r0 : 88016664
> [ 11.234549] Flags: nzcv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none
> [ 11.234691] Control: 00093177 Table: 40004000 DAC: 00000053
> [ 11.234816] Register r0 information: non-paged memory
> [ 11.235031] Register r1 information: NULL pointer
> [ 11.235127] Register r2 information: NULL pointer
> [ 11.235219] Register r3 information: non-paged memory
> [ 11.235316] Register r4 information: slab vm_area_struct start 83034688 data offset 8 pointer offset 0 allocated at vm_area_alloc+0x20/0x5c
> [ 11.235825] kmem_cache_alloc+0x1fc/0x21c
> [ 11.235926] vm_area_alloc+0x20/0x5c
> [ 11.236007] alloc_bprm+0xd0/0x298
> [ 11.236082] kernel_execve+0x34/0x194
> [ 11.236159] kernel_init+0x6c/0x138
> [ 11.236235] ret_from_fork+0x14/0x3c
> [ 11.236330] Register r5 information: non-paged memory
> [ 11.236432] Register r6 information: non-paged memory
> [ 11.236529] Register r7 information: NULL pointer
> [ 11.236620] Register r8 information: non-slab/vmalloc memory
> [ 11.236741] Register r9 information: NULL pointer
> [ 11.236833] Register r10 information: NULL pointer
> [ 11.236926] Register r11 information: non-paged memory
> [ 11.237023] Register r12 information: 2-page vmalloc region starting at 0x88014000 allocated at kernel_clone+0xa0/0x440
> [ 11.237253] Process swapper (pid: 1, stack limit = 0x88014000)
> [ 11.237388] Stack: (0x88015e20 to 0x88016000)
> [ 11.237518] 5e20: ffffffff fffffffe 81d29be0 00000000 a0000193 00000000 81d2a1e8 00007f7e
> [ 11.237670] 5e40: 816580a8 83034690 00000cc0 0007efff 7efff000 7efffff1 00000081 83199fb8
> [ 11.237814] 5e60: 83199fb8 00000000 00000000 00000000 00000000 00000000 00000000 0a363e34
> [ 11.237957] 5e80: 88015ea4 83034690 7efffff1 00002017 00000081 81f4dd00 00001fb8 00000000
> [ 11.238100] 5ea0: 00000492 8028d160 00000000 81d29be0 00000001 00002017 80deedcc 81d29be0
> [ 11.238241] 5ec0: 00000000 81f4dd00 7efffff1 88015f38 81f4dd60 00002017 00000000 8028d64c
> [ 11.238383] 5ee0: 88015f38 00000000 00000000 7efffff1 81f4dd00 00000000 00000001 00000000
> [ 11.238524] 5f00: 00000011 82d80800 00000001 7efffff1 81f4dd00 00000011 7efffff1 0000000b
> [ 11.238666] 5f20: 82d80800 802ca218 88015f38 00000000 00000000 000001d3 80e0b43c 0a363e34
> [ 11.238808] 5f40: 00000ffc 82d80800 81d73140 81d29be0 0000000b 802cb390 81d7315b 802ca0bc
> [ 11.238950] 5f60: 8110c940 0000000c 82d80800 81d73140 8110c8b0 8110c93c 00000000 00000000
> [ 11.239091] 5f80: 00000000 802cbf44 81107820 8110c8b0 00000000 00000000 00000000 80b05400
> [ 11.239234] 5fa0: 00000000 80b05394 00000000 801000f8 00000000 00000000 00000000 00000000
> [ 11.239376] 5fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
> [ 11.239518] 5fe0: 00000000 00000000 00000000 00000000 00000013 00000000 00000000 00000000
> [ 11.239770] Code: e31300c0 03822e55 e3130003 13a02000 (e5802000)
> [ 11.240097] ---[ end trace 0000000000000000 ]---
> [ 11.240307] Kernel panic - not syncing: Fatal exception
>
> --
> # bad: [40354149f4d738dc3492d9998e45b3f02950369a] Add linux-next specific files for 20220414
> # good: [ce522ba9ef7e2d9fb22a39eb3371c0c64e2a433e] Linux 5.18-rc2
> git bisect start 'HEAD' 'v5.18-rc2'
> # good: [0f52e407eccb0f7ed62fdd8907b0042f4195159e] Merge branch 'drm-next' of git://git.freedesktop.org/git/drm/drm.git
> git bisect good 0f52e407eccb0f7ed62fdd8907b0042f4195159e
> # good: [22b1b3a579c91a6afa945711eac72ab740b8f8e4] Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace.git
> git bisect good 22b1b3a579c91a6afa945711eac72ab740b8f8e4
> # good: [cbb5c08b3182cb498f67fa547392191a1d5622dd] Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/vkoul/dmaengine.git
> git bisect good cbb5c08b3182cb498f67fa547392191a1d5622dd
> # good: [2acd94b759428825f0e8835fa24ad22c7b5c0e2c] Merge branch 'for-next/kspp' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git
> git bisect good 2acd94b759428825f0e8835fa24ad22c7b5c0e2c
> # bad: [d2d293faec99124d95590e88030ae3c8382fac7f] mm/shmem: persist uffd-wp bit across zapping for file-backed
> git bisect bad d2d293faec99124d95590e88030ae3c8382fac7f
> # good: [8cbcc910aec560e78e879cf82ed17e7e72d8a7d4] doc: update documentation for swap_activate and swap_rw
> git bisect good 8cbcc910aec560e78e879cf82ed17e7e72d8a7d4
> # good: [8c55a1ed1f9b95520b0307ba0ac6ff7f1aadfe9d] mm/page_alloc: simplify update of pgdat in wake_all_kswapds
> git bisect good 8c55a1ed1f9b95520b0307ba0ac6ff7f1aadfe9d
> # good: [3e68e467590511e2cf7f47194464a5512583f641] mm: hugetlb_vmemmap: cleanup CONFIG_HUGETLB_PAGE_FREE_VMEMMAP*
> git bisect good 3e68e467590511e2cf7f47194464a5512583f641
> # good: [3fb21f4e38824f4d8a183ffcccc03b357ad836d4] mm: mmap: register suitable readonly file vmas for khugepaged
> git bisect good 3fb21f4e38824f4d8a183ffcccc03b357ad836d4
> # bad: [fa600994916318341cf53e18769be547aa5975d2] mm: check against orig_pte for finish_fault()
> git bisect bad fa600994916318341cf53e18769be547aa5975d2
> # good: [1112411b72b5e9774897538260028a677d616779] fixup! mm: Introduce PTE_MARKER swap entry
> git bisect good 1112411b72b5e9774897538260028a677d616779
> # good: [1ae034d98f81a6cf8896b37c3dee9e099daeb3e7] mm: teach core mm about pte markers
> git bisect good 1ae034d98f81a6cf8896b37c3dee9e099daeb3e7
> # first bad commit: [fa600994916318341cf53e18769be547aa5975d2] mm: check against orig_pte for finish_fault()
>

--
Peter Xu