From: Hou Tao <houtao1@huawei.com>
Commit b7e282378773 has already changed the initial page refcount of
p2pdma page from one to zero, however, in p2pmem_alloc_mmap() it uses
"VM_WARN_ON_ONCE_PAGE(!page_ref_count(page))" to assert the initial page
refcount should not be zero and the following will be reported when
CONFIG_DEBUG_VM is enabled:
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x380400000
flags: 0x20000000002000(reserved|node=0|zone=4)
raw: 0020000000002000 ff1100015e3ab440 0000000000000000 0000000000000000
raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: VM_WARN_ON_ONCE_PAGE(!page_ref_count(page))
------------[ cut here ]------------
WARNING: CPU: 5 PID: 449 at drivers/pci/p2pdma.c:240 p2pmem_alloc_mmap+0x83a/0xa60
Fix by using "page_ref_count(page)" as the assertion condition.
Fixes: b7e282378773 ("mm/mm_init: move p2pdma page refcount initialisation to p2pdma")
Signed-off-by: Hou Tao <houtao1@huawei.com>
---
drivers/pci/p2pdma.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/pci/p2pdma.c b/drivers/pci/p2pdma.c
index 218c1f5252b6..dd64ec830fdd 100644
--- a/drivers/pci/p2pdma.c
+++ b/drivers/pci/p2pdma.c
@@ -147,7 +147,7 @@ static int p2pmem_alloc_mmap(struct file *filp, struct kobject *kobj,
* we have just allocated the page no one else should be
* using it.
*/
- VM_WARN_ON_ONCE_PAGE(!page_ref_count(page), page);
+ VM_WARN_ON_ONCE_PAGE(page_ref_count(page), page);
set_page_count(page, 1);
ret = vm_insert_page(vma, vaddr, page);
if (ret) {
--
2.29.2On 2025-12-20 at 15:04 +1100, Hou Tao <houtao@huaweicloud.com> wrote...
> From: Hou Tao <houtao1@huawei.com>
>
> Commit b7e282378773 has already changed the initial page refcount of
> p2pdma page from one to zero, however, in p2pmem_alloc_mmap() it uses
> "VM_WARN_ON_ONCE_PAGE(!page_ref_count(page))" to assert the initial page
> refcount should not be zero and the following will be reported when
> CONFIG_DEBUG_VM is enabled:
>
> page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x380400000
> flags: 0x20000000002000(reserved|node=0|zone=4)
> raw: 0020000000002000 ff1100015e3ab440 0000000000000000 0000000000000000
> raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
> page dumped because: VM_WARN_ON_ONCE_PAGE(!page_ref_count(page))
> ------------[ cut here ]------------
> WARNING: CPU: 5 PID: 449 at drivers/pci/p2pdma.c:240 p2pmem_alloc_mmap+0x83a/0xa60
>
> Fix by using "page_ref_count(page)" as the assertion condition.
>
> Fixes: b7e282378773 ("mm/mm_init: move p2pdma page refcount initialisation to p2pdma")
Argh, thanks for fixing that.
Reviewed-by: Alistair Popple <apopple@nvidia.com>
> Signed-off-by: Hou Tao <houtao1@huawei.com>
> ---
> drivers/pci/p2pdma.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/pci/p2pdma.c b/drivers/pci/p2pdma.c
> index 218c1f5252b6..dd64ec830fdd 100644
> --- a/drivers/pci/p2pdma.c
> +++ b/drivers/pci/p2pdma.c
> @@ -147,7 +147,7 @@ static int p2pmem_alloc_mmap(struct file *filp, struct kobject *kobj,
> * we have just allocated the page no one else should be
> * using it.
> */
> - VM_WARN_ON_ONCE_PAGE(!page_ref_count(page), page);
> + VM_WARN_ON_ONCE_PAGE(page_ref_count(page), page);
> set_page_count(page, 1);
> ret = vm_insert_page(vma, vaddr, page);
> if (ret) {
> --
> 2.29.2
>
On 2025-12-19 21:04, Hou Tao wrote:
> From: Hou Tao <houtao1@huawei.com>
>
> Commit b7e282378773 has already changed the initial page refcount of
> p2pdma page from one to zero, however, in p2pmem_alloc_mmap() it uses
> "VM_WARN_ON_ONCE_PAGE(!page_ref_count(page))" to assert the initial page
> refcount should not be zero and the following will be reported when
> CONFIG_DEBUG_VM is enabled:
>
> page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x380400000
> flags: 0x20000000002000(reserved|node=0|zone=4)
> raw: 0020000000002000 ff1100015e3ab440 0000000000000000 0000000000000000
> raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
> page dumped because: VM_WARN_ON_ONCE_PAGE(!page_ref_count(page))
> ------------[ cut here ]------------
> WARNING: CPU: 5 PID: 449 at drivers/pci/p2pdma.c:240 p2pmem_alloc_mmap+0x83a/0xa60
>
> Fix by using "page_ref_count(page)" as the assertion condition.
>
> Fixes: b7e282378773 ("mm/mm_init: move p2pdma page refcount initialisation to p2pdma")
> Signed-off-by: Hou Tao <houtao1@huawei.com>
Thanks for the fix
Reviewed-by: Logan Gunthorpe <logang@deltatee.com>
Logan
On Mon, Dec 22, 2025 at 09:50:18AM -0700, Logan Gunthorpe wrote:
> > Fixes: b7e282378773 ("mm/mm_init: move p2pdma page refcount initialisation to p2pdma")
> > Signed-off-by: Hou Tao <houtao1@huawei.com>
>
> Thanks for the fix
>
> Reviewed-by: Logan Gunthorpe <logang@deltatee.com>
Can we get these fixes queued up ASAP while discussing the new
feature?
On Wed, Jan 07, 2026 at 03:39:42PM +0100, Christoph Hellwig wrote:
> On Mon, Dec 22, 2025 at 09:50:18AM -0700, Logan Gunthorpe wrote:
> > > Fixes: b7e282378773 ("mm/mm_init: move p2pdma page refcount initialisation to p2pdma")
> > > Signed-off-by: Hou Tao <houtao1@huawei.com>
> >
> > Thanks for the fix
> >
> > Reviewed-by: Logan Gunthorpe <logang@deltatee.com>
>
> Can we get these fixes queued up ASAP while discussing the new
> feature?
I assume you mean the first two patches:
PCI/P2PDMA: Release the per-cpu ref of pgmap when vm_insert_page() fails
PCI/P2PDMA: Fix the warning condition in p2pmem_alloc_mmap()
I can certainly queue these up. The second is a warning fix, and the
first fixes a hang that has apparently been around since v6.2
(7e9c7ef83d78 ("PCI/P2PDMA: Allow userspace VMA allocations through
sysfs")).
Given that, I would ordinarily target the v6.20 merge window, but the
"ASAP" suggests more urgency. Do you want one or both for v6.19?
Bjorn
On Wed, Jan 07, 2026 at 11:17:24AM -0600, Bjorn Helgaas wrote:
> On Wed, Jan 07, 2026 at 03:39:42PM +0100, Christoph Hellwig wrote:
> > On Mon, Dec 22, 2025 at 09:50:18AM -0700, Logan Gunthorpe wrote:
> > > > Fixes: b7e282378773 ("mm/mm_init: move p2pdma page refcount initialisation to p2pdma")
> > > > Signed-off-by: Hou Tao <houtao1@huawei.com>
> > >
> > > Thanks for the fix
> > >
> > > Reviewed-by: Logan Gunthorpe <logang@deltatee.com>
> >
> > Can we get these fixes queued up ASAP while discussing the new
> > feature?
>
> I assume you mean the first two patches:
>
> PCI/P2PDMA: Release the per-cpu ref of pgmap when vm_insert_page() fails
> PCI/P2PDMA: Fix the warning condition in p2pmem_alloc_mmap()
>
> I can certainly queue these up. The second is a warning fix, and the
> first fixes a hang that has apparently been around since v6.2
> (7e9c7ef83d78 ("PCI/P2PDMA: Allow userspace VMA allocations through
> sysfs")).
>
> Given that, I would ordinarily target the v6.20 merge window, but the
> "ASAP" suggests more urgency. Do you want one or both for v6.19?
I put the patches above on pci/p2pdma for v6.20 until I hear
otherwise.
Bjorn
On Wed, Jan 07, 2026 at 02:34:39PM -0600, Bjorn Helgaas wrote: > > > > Given that, I would ordinarily target the v6.20 merge window, but the > > "ASAP" suggests more urgency. Do you want one or both for v6.19? > > I put the patches above on pci/p2pdma for v6.20 until I hear > otherwise. Sounds good, thanks!
© 2016 - 2026 Red Hat, Inc.