From nobody Sat May 9 09:06:00 2026 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 970FE1E7C39 for ; Fri, 24 Jan 2025 21:38:15 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737754699; cv=none; b=rZYbPBbO+LEPqJv6F7D9OMfcc+2+sfiqn/c22ysX2niYDEFYFdRVdS2G09SXP4gP/Mps4bPaePJDR9k/l2vDUJbaLoGXTY5k2omHp3neHB2EvxL6huc3c6/YwoiDEg5Oh0IkwMA28+SUluD6Oi2vnq3PwWjqgy4IvIsNYb18fiw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737754699; c=relaxed/simple; bh=lO/ByQsGDgiEZGl51kshpRTX6Q+QU9Ghqn+Eap15HoM=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=ZDlNZek4eF464XoQ6u/j9zSWXmqA2YKi/+BPG8ihd2Jslc7BkUpitu440u7+r3Zy04L22Lfeoox3FBpoL6z7Q8ESzxai1EYLkg3QTastQyUQc2+cGt+hsAL9JjOSx3J6Zbe1p6H6iflVfnvHj4EGDwLbtqQfEcXEsAWpWWzkfx8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=FZ3W0fpx; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="FZ3W0fpx" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1737754694; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=upr7vHxw+moDnUyoNmdOrdtldZZRztXFPosSk1iZLLs=; b=FZ3W0fpxlSNut4gpcdVc6VdXMwApQk/NrEeSL12UcBzkcJsqBxhdBOVYsA8l9ihjlfsLLu 3Ytz91n4+/0qwAv1IypGIAVBvSjNUKMKk/ibbXpNG+tgr7ZHofAKNfRX8iJCQZbbSGGn6m 6OWMN7o1lNJCXmmNvvt+C8YcnFmlJtg= Received: from mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-320-TwaOxa-OPeiDnT_sg6coXw-1; Fri, 24 Jan 2025 16:38:10 -0500 X-MC-Unique: TwaOxa-OPeiDnT_sg6coXw-1 X-Mimecast-MFC-AGG-ID: TwaOxa-OPeiDnT_sg6coXw Received: from mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.111]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 901FB180036E; Fri, 24 Jan 2025 21:38:08 +0000 (UTC) Received: from fedora.redhat.com (unknown [10.22.81.148]) by mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 7E739180035F; Fri, 24 Jan 2025 21:38:06 +0000 (UTC) From: Luiz Capitulino To: linux-kernel@vger.kernel.org, linux-mm@kvack.org, david@redhat.com, yuzhao@google.com Cc: akpm@linux-foundation.org, hannes@cmpxchg.org, muchun.song@linux.dev, lcapitulino@gmail.com, luizcap@redhat.com Subject: [RFC 1/4] mm: page_ext: add an iteration API for page extensions Date: Fri, 24 Jan 2025 16:37:51 -0500 Message-ID: <70bc5513e599d3386533fcc25dfe33685d2ca1bb.1737754625.git.luizcap@redhat.com> In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.111 Content-Type: text/plain; charset="utf-8" The page extension implementation assumes that all page extensions of a given page order are stored in the same memory section. The function page_ext_next() relies on this assumption by adding an offset to the current object to return the next adjacent page extension. This behavior works as expected for flatmem but fails for sparsemem when using 1G pages. Commit e98337d11bbd ("mm/contig_alloc: support __GFP_COMP") exposes this issue, making it possible for a crash when using page_owner or page_table_check page extensions. The problem is that for 1G pages, the page extensions may span memory section boundaries and be stored in different memory sections. This issue was not visible before commit e98337d11bbd ("mm/contig_alloc: support __GFP_COMP") because alloc_contig_pages() never passed more than MAX_PAGE_ORDER to post_alloc_hook(). However, the mentioned commit changed this behavior allowing the full 1G page order to be passed. Reproducer: 1. Build the kernel with CONFIG_SPARSEMEM=3Dy and the table extensions 2. Pass 'default_hugepagesz=3D1 page_owner=3Don' in the kernel command-line 3. Reserve one 1G page at run-time, this should crash (backtrace below) To address this issue, this commit introduces a new API for iterating through page extensions. In page_ext_iter_next(), we always go through page_ext_get() to guarantee that we do a new memory section lookup for the next page extension. In the future, this API could be used as a basis to implement for_each_page_ext() type of macro. Thanks to David Hildenbrand for helping identify the root cause and providing suggestions on how to fix it (final implementation and bugs are all mine though). Here's the backtrace, without kasan you can get random crashes: [ 76.052526] BUG: KASAN: slab-out-of-bounds in __update_page_owner_handle= +0x238/0x298 [ 76.060283] Write of size 4 at addr ffff07ff96240038 by task tee/3598 [ 76.066714] [ 76.068203] CPU: 88 UID: 0 PID: 3598 Comm: tee Kdump: loaded Not tainted= 6.13.0-rep1 #3 [ 76.076202] Hardware name: WIWYNN Mt.Jade Server System B81.030Z1.0007/M= t.Jade Motherboard, BIOS 2.10.20220810 (SCP: 2.10.20220810) 2022/08/10 [ 76.088972] Call trace: [ 76.091411] show_stack+0x20/0x38 (C) [ 76.095073] dump_stack_lvl+0x80/0xf8 [ 76.098733] print_address_description.constprop.0+0x88/0x398 [ 76.104476] print_report+0xa8/0x278 [ 76.108041] kasan_report+0xa8/0xf8 [ 76.111520] __asan_report_store4_noabort+0x20/0x30 [ 76.116391] __update_page_owner_handle+0x238/0x298 [ 76.121259] __set_page_owner+0xdc/0x140 [ 76.125173] post_alloc_hook+0x190/0x1d8 [ 76.129090] alloc_contig_range_noprof+0x54c/0x890 [ 76.133874] alloc_contig_pages_noprof+0x35c/0x4a8 [ 76.138656] alloc_gigantic_folio.isra.0+0x2c0/0x368 [ 76.143616] only_alloc_fresh_hugetlb_folio.isra.0+0x24/0x150 [ 76.149353] alloc_pool_huge_folio+0x11c/0x1f8 [ 76.153787] set_max_huge_pages+0x364/0xca8 [ 76.157961] __nr_hugepages_store_common+0xb0/0x1a0 [ 76.162829] nr_hugepages_store+0x108/0x118 [ 76.167003] kobj_attr_store+0x3c/0x70 [ 76.170745] sysfs_kf_write+0xfc/0x188 [ 76.174492] kernfs_fop_write_iter+0x274/0x3e0 [ 76.178927] vfs_write+0x64c/0x8e0 [ 76.182323] ksys_write+0xf8/0x1f0 [ 76.185716] __arm64_sys_write+0x74/0xb0 [ 76.189630] invoke_syscall.constprop.0+0xd8/0x1e0 [ 76.194412] do_el0_svc+0x164/0x1e0 [ 76.197891] el0_svc+0x40/0xe0 [ 76.200939] el0t_64_sync_handler+0x144/0x168 [ 76.205287] el0t_64_sync+0x1ac/0x1b0 Fixes: e98337d11bbd ("mm/contig_alloc: support __GFP_COMP") Signed-off-by: Luiz Capitulino --- include/linux/page_ext.h | 10 ++++++++ mm/page_ext.c | 55 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 65 insertions(+) diff --git a/include/linux/page_ext.h b/include/linux/page_ext.h index e4b48a0dda244..df904544d3fac 100644 --- a/include/linux/page_ext.h +++ b/include/linux/page_ext.h @@ -93,6 +93,16 @@ static inline struct page_ext *page_ext_next(struct page= _ext *curr) return next; } =20 +struct page_ext_iter { + unsigned long pfn; + struct page_ext *page_ext; +}; + +struct page_ext *page_ext_iter_begin(struct page_ext_iter *iter, struct pa= ge *page); +struct page_ext *page_ext_iter_get(const struct page_ext_iter *iter); +struct page_ext *page_ext_iter_next(struct page_ext_iter *iter); +void page_ext_iter_end(struct page_ext_iter *iter); + #else /* !CONFIG_PAGE_EXTENSION */ struct page_ext; =20 diff --git a/mm/page_ext.c b/mm/page_ext.c index 641d93f6af4c1..0b6eb5524cb2c 100644 --- a/mm/page_ext.c +++ b/mm/page_ext.c @@ -549,3 +549,58 @@ void page_ext_put(struct page_ext *page_ext) =20 rcu_read_unlock(); } + +/** + * page_ext_iter_begin() - Prepare for iterating through page extensions. + * @iter: page extension iterator. + * @page: The page we're interested in. + * + * Return: NULL if no page_ext exists for this page. + */ +struct page_ext *page_ext_iter_begin(struct page_ext_iter *iter, struct pa= ge *page) +{ + iter->pfn =3D page_to_pfn(page); + iter->page_ext =3D page_ext_get(page); + + return iter->page_ext; +} + +/** + * page_ext_iter_get() - Get current page extension + * @iter: page extension iterator. + * + * Return: NULL if no page_ext exists for this iterator. + */ +struct page_ext *page_ext_iter_get(const struct page_ext_iter *iter) +{ + return iter->page_ext; +} + +/** + * page_ext_iter_next() - Get next page extension + * @iter: page extension iterator. + * + * Return: NULL if no next page_ext exists. + */ +struct page_ext *page_ext_iter_next(struct page_ext_iter *iter) +{ + if (!iter->page_ext) + return NULL; + + page_ext_put(iter->page_ext); + + iter->pfn++; + iter->page_ext =3D page_ext_get(pfn_to_page(iter->pfn)); + + return iter->page_ext; +} + +/** + * page_ext_iter_end() - End iteration through page extensions. + * @iter: page extension iterator. + */ +void page_ext_iter_end(struct page_ext_iter *iter) +{ + page_ext_put(iter->page_ext); + iter->page_ext =3D NULL; +} --=20 2.47.1 From nobody Sat May 9 09:06:00 2026 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8C7031E98E8 for ; Fri, 24 Jan 2025 21:38:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737754703; cv=none; b=j0BpQAGlSireeUhREGaausLamdYzaRuRvT11wmTKE/jY/LhB18Q1XnmFaMe5oUQvfnwiWU+xGLh8wsOYTAuVjWiw+/+1Z345nSxgScdsDvYBFnzxgPDEQn1GjfE6bByIF3nSoh7DxDJY0KLFhQwIfw1YhfIyHJgD3P/WDIYrznY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737754703; c=relaxed/simple; bh=0vkF5qU/ExOPII5U8Gu32T+PJArVh0DmWlEgZQD+XrQ=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=AeJnxSEMNQ46xUaYvokTqHFKNQoqh/o+bzg9/VjlT452XUyyhdJzNBlB5MMRZd9S8rEtNytTBV3wWfCN2kiYvL10OB9S0xRzyujLF6SDIYNzMNHrZZqsZyW1xqXu5wUAnh/eoJM7Kc7DN+Y+r/JSPm9IJWZ3+v8ATmpweYFPPZQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=ILCxTjz9; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="ILCxTjz9" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1737754700; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=mpq60malTbL1a0tgUfkQY0dx9GoNhyxzjB2FnEhg2RU=; b=ILCxTjz92TwXuqkoh2QXp/Wv0yjj+jMpSBGQEfp0/Kcrx7SD9Xo5kSDYt3LFV7y3/AbDkl 08+UOJuhWesaG/mZtw+D46fF19NZzB8UqDOLjaOpwi3K+h23W7VUTDiBwLkCCd9h1Mcsl7 aGaMOMG0wto3f2PikOlHL730/QfK/Bk= Received: from mx-prod-mc-05.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-658-OcIZJC7zOteXDG1lMPmgNg-1; Fri, 24 Jan 2025 16:38:12 -0500 X-MC-Unique: OcIZJC7zOteXDG1lMPmgNg-1 X-Mimecast-MFC-AGG-ID: OcIZJC7zOteXDG1lMPmgNg Received: from mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.111]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id E74F4195608B; Fri, 24 Jan 2025 21:38:10 +0000 (UTC) Received: from fedora.redhat.com (unknown [10.22.81.148]) by mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id D2B121800348; Fri, 24 Jan 2025 21:38:08 +0000 (UTC) From: Luiz Capitulino To: linux-kernel@vger.kernel.org, linux-mm@kvack.org, david@redhat.com, yuzhao@google.com Cc: akpm@linux-foundation.org, hannes@cmpxchg.org, muchun.song@linux.dev, lcapitulino@gmail.com, luizcap@redhat.com Subject: [RFC 2/4] mm: page_owner: use new iteration API Date: Fri, 24 Jan 2025 16:37:52 -0500 Message-ID: <712c1e058c58ba0d4c407089fbcc45c55ceb8efc.1737754625.git.luizcap@redhat.com> In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.111 Content-Type: text/plain; charset="utf-8" The page_ext_next() function assumes that page extension objects for a page order allocation always reside in the same memory section, which may not be true and could lead to crashes. Use the page_ext_iter API instead. Fixes: e98337d11bbd ("mm/contig_alloc: support __GFP_COMP") Signed-off-by: Luiz Capitulino --- mm/page_owner.c | 68 ++++++++++++++++++++++++++++++++----------------- 1 file changed, 44 insertions(+), 24 deletions(-) diff --git a/mm/page_owner.c b/mm/page_owner.c index 2d6360eaccbb6..14b4ec8ceb83e 100644 --- a/mm/page_owner.c +++ b/mm/page_owner.c @@ -229,7 +229,7 @@ static void dec_stack_record_count(depot_stack_handle_t= handle, handle); } =20 -static inline void __update_page_owner_handle(struct page_ext *page_ext, +static inline void __update_page_owner_handle(struct page_ext_iter *iter, depot_stack_handle_t handle, unsigned short order, gfp_t gfp_mask, @@ -237,8 +237,11 @@ static inline void __update_page_owner_handle(struct p= age_ext *page_ext, pid_t pid, pid_t tgid, char *comm) { int i; + struct page_ext *page_ext; struct page_owner *page_owner; =20 + page_ext =3D page_ext_iter_get(iter); + for (i =3D 0; i < (1 << order); i++) { page_owner =3D get_page_owner(page_ext); page_owner->handle =3D handle; @@ -252,19 +255,22 @@ static inline void __update_page_owner_handle(struct = page_ext *page_ext, sizeof(page_owner->comm)); __set_bit(PAGE_EXT_OWNER, &page_ext->flags); __set_bit(PAGE_EXT_OWNER_ALLOCATED, &page_ext->flags); - page_ext =3D page_ext_next(page_ext); + page_ext =3D page_ext_iter_next(iter); } } =20 -static inline void __update_page_owner_free_handle(struct page_ext *page_e= xt, +static inline void __update_page_owner_free_handle(struct page_ext_iter *i= ter, depot_stack_handle_t handle, unsigned short order, pid_t pid, pid_t tgid, u64 free_ts_nsec) { int i; + struct page_ext *page_ext; struct page_owner *page_owner; =20 + page_ext =3D page_ext_iter_get(iter); + for (i =3D 0; i < (1 << order); i++) { page_owner =3D get_page_owner(page_ext); /* Only __reset_page_owner() wants to clear the bit */ @@ -275,7 +281,7 @@ static inline void __update_page_owner_free_handle(stru= ct page_ext *page_ext, page_owner->free_ts_nsec =3D free_ts_nsec; page_owner->free_pid =3D current->pid; page_owner->free_tgid =3D current->tgid; - page_ext =3D page_ext_next(page_ext); + page_ext =3D page_ext_iter_next(iter); } } =20 @@ -286,8 +292,9 @@ void __reset_page_owner(struct page *page, unsigned sho= rt order) depot_stack_handle_t alloc_handle; struct page_owner *page_owner; u64 free_ts_nsec =3D local_clock(); + struct page_ext_iter iter; =20 - page_ext =3D page_ext_get(page); + page_ext =3D page_ext_iter_begin(&iter, page); if (unlikely(!page_ext)) return; =20 @@ -295,9 +302,10 @@ void __reset_page_owner(struct page *page, unsigned sh= ort order) alloc_handle =3D page_owner->handle; =20 handle =3D save_stack(GFP_NOWAIT | __GFP_NOWARN); - __update_page_owner_free_handle(page_ext, handle, order, current->pid, + __update_page_owner_free_handle(&iter, handle, order, current->pid, current->tgid, free_ts_nsec); - page_ext_put(page_ext); + + page_ext_iter_end(&iter); =20 if (alloc_handle !=3D early_handle) /* @@ -314,18 +322,19 @@ noinline void __set_page_owner(struct page *page, uns= igned short order, gfp_t gfp_mask) { struct page_ext *page_ext; + struct page_ext_iter iter; u64 ts_nsec =3D local_clock(); depot_stack_handle_t handle; =20 handle =3D save_stack(gfp_mask); =20 - page_ext =3D page_ext_get(page); + page_ext =3D page_ext_iter_begin(&iter, page); if (unlikely(!page_ext)) return; - __update_page_owner_handle(page_ext, handle, order, gfp_mask, -1, + __update_page_owner_handle(&iter, handle, order, gfp_mask, -1, ts_nsec, current->pid, current->tgid, current->comm); - page_ext_put(page_ext); + page_ext_iter_end(&iter); inc_stack_record_count(handle, gfp_mask, 1 << order); } =20 @@ -345,18 +354,21 @@ void __set_page_owner_migrate_reason(struct page *pag= e, int reason) void __split_page_owner(struct page *page, int old_order, int new_order) { int i; - struct page_ext *page_ext =3D page_ext_get(page); + struct page_ext *page_ext; + struct page_ext_iter iter; struct page_owner *page_owner; =20 + page_ext =3D page_ext_iter_begin(&iter, page); if (unlikely(!page_ext)) return; =20 for (i =3D 0; i < (1 << old_order); i++) { page_owner =3D get_page_owner(page_ext); page_owner->order =3D new_order; - page_ext =3D page_ext_next(page_ext); + page_ext =3D page_ext_iter_next(&iter); } - page_ext_put(page_ext); + + page_ext_iter_end(&iter); } =20 void __folio_copy_owner(struct folio *newfolio, struct folio *old) @@ -364,24 +376,26 @@ void __folio_copy_owner(struct folio *newfolio, struc= t folio *old) int i; struct page_ext *old_ext; struct page_ext *new_ext; + struct page_ext_iter old_iter; + struct page_ext_iter new_iter; struct page_owner *old_page_owner; struct page_owner *new_page_owner; depot_stack_handle_t migrate_handle; =20 - old_ext =3D page_ext_get(&old->page); + old_ext =3D page_ext_iter_begin(&old_iter, &old->page); if (unlikely(!old_ext)) return; =20 - new_ext =3D page_ext_get(&newfolio->page); + new_ext =3D page_ext_iter_begin(&new_iter, &newfolio->page); if (unlikely(!new_ext)) { - page_ext_put(old_ext); + page_ext_iter_end(&old_iter); return; } =20 old_page_owner =3D get_page_owner(old_ext); new_page_owner =3D get_page_owner(new_ext); migrate_handle =3D new_page_owner->handle; - __update_page_owner_handle(new_ext, old_page_owner->handle, + __update_page_owner_handle(&new_iter, old_page_owner->handle, old_page_owner->order, old_page_owner->gfp_mask, old_page_owner->last_migrate_reason, old_page_owner->ts_nsec, old_page_owner->pid, @@ -390,8 +404,13 @@ void __folio_copy_owner(struct folio *newfolio, struct= folio *old) * Do not proactively clear PAGE_EXT_OWNER{_ALLOCATED} bits as the folio * will be freed after migration. Keep them until then as they may be * useful. + * + * Note that we need to re-grab the page_ext iterator since + * __update_page_owner_handle changed it. */ - __update_page_owner_free_handle(new_ext, 0, old_page_owner->order, + page_ext_iter_end(&new_iter); + page_ext_iter_begin(&new_iter, &newfolio->page); + __update_page_owner_free_handle(&new_iter, 0, old_page_owner->order, old_page_owner->free_pid, old_page_owner->free_tgid, old_page_owner->free_ts_nsec); @@ -402,12 +421,12 @@ void __folio_copy_owner(struct folio *newfolio, struc= t folio *old) */ for (i =3D 0; i < (1 << new_page_owner->order); i++) { old_page_owner->handle =3D migrate_handle; - old_ext =3D page_ext_next(old_ext); + old_ext =3D page_ext_iter_next(&old_iter); old_page_owner =3D get_page_owner(old_ext); } =20 - page_ext_put(new_ext); - page_ext_put(old_ext); + page_ext_iter_end(&new_iter); + page_ext_iter_end(&old_iter); } =20 void pagetypeinfo_showmixedcount_print(struct seq_file *m, @@ -782,6 +801,7 @@ static void init_pages_in_zone(pg_data_t *pgdat, struct= zone *zone) for (; pfn < block_end_pfn; pfn++) { struct page *page =3D pfn_to_page(pfn); struct page_ext *page_ext; + struct page_ext_iter iter; =20 if (page_zone(page) !=3D zone) continue; @@ -804,7 +824,7 @@ static void init_pages_in_zone(pg_data_t *pgdat, struct= zone *zone) if (PageReserved(page)) continue; =20 - page_ext =3D page_ext_get(page); + page_ext =3D page_ext_iter_begin(&iter, page); if (unlikely(!page_ext)) continue; =20 @@ -813,12 +833,12 @@ static void init_pages_in_zone(pg_data_t *pgdat, stru= ct zone *zone) goto ext_put_continue; =20 /* Found early allocated page */ - __update_page_owner_handle(page_ext, early_handle, 0, 0, + __update_page_owner_handle(&iter, early_handle, 0, 0, -1, local_clock(), current->pid, current->tgid, current->comm); count++; ext_put_continue: - page_ext_put(page_ext); + page_ext_iter_end(&iter); } cond_resched(); } --=20 2.47.1 From nobody Sat May 9 09:06:00 2026 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0AC391E7C3C for ; Fri, 24 Jan 2025 21:38:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737754701; cv=none; b=nNNCBMcMB1rXIiLbOSlUQz9WljF4xk75ZwpyPu2xItCBpz1D1X+Ua/gC7Jb+NfO6cSxRg0D1vRcc5P51GvVIc5YossNVvRJ1tTFkiCYskdfhE5GyF1GwtVfFGz18MUya9KJmwb0TcPGCBRnwSLHLkELP3HeP5x8QsYh2gq1VMHk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737754701; c=relaxed/simple; bh=o9ML6VFML/Gd+NwyGOyutOdI0Ql83xW/Jq/ZGnSTDUM=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=fSalyrAXqdX5qL58m3qFPN5TMb5QrgDSMtIAgnXZhDAz4ZWKt28nBejEAiJNkXnyJaGH/kolvi5wq2FO26V9qVo+6m6cbtuuqDpfPym/GMPNquQzHyDtWWWpQHQahNkypBc9FpNaI0G4PiyFbtpGb72OC3y8bdOslXcGVO5UC9w= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=S5XKRyb9; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="S5XKRyb9" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1737754698; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=dHZen3jASZAcDKP1E/9kqmJ6ro+oBIs3mr0xQsHdQRw=; b=S5XKRyb9sLcOEp/qWWCXkAs9oHiGvTNXowZk/6d76nFVaNk3oyavptDZzwNE9yf1d05CF8 zfyGgc026JD+mbZJqwa49YMlpTC1EP9I5xAOyCtMdGuJVhkq6XPkfnvbPEW0DlVPe7Lpn2 tCq/EvkyidJiaXBWfCr7roYyIPJcFXg= Received: from mx-prod-mc-04.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-586-ozohZGrwMVyQaWMVpeJFqw-1; Fri, 24 Jan 2025 16:38:14 -0500 X-MC-Unique: ozohZGrwMVyQaWMVpeJFqw-1 X-Mimecast-MFC-AGG-ID: ozohZGrwMVyQaWMVpeJFqw Received: from mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.111]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-04.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id D5C001956048; Fri, 24 Jan 2025 21:38:12 +0000 (UTC) Received: from fedora.redhat.com (unknown [10.22.81.148]) by mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 146E41800358; Fri, 24 Jan 2025 21:38:10 +0000 (UTC) From: Luiz Capitulino To: linux-kernel@vger.kernel.org, linux-mm@kvack.org, david@redhat.com, yuzhao@google.com Cc: akpm@linux-foundation.org, hannes@cmpxchg.org, muchun.song@linux.dev, lcapitulino@gmail.com, luizcap@redhat.com Subject: [RFC 3/4] mm: page_table_check: use new iteration API Date: Fri, 24 Jan 2025 16:37:53 -0500 Message-ID: <1a661d3c94890df06dc82583f883ee5cc6346d75.1737754625.git.luizcap@redhat.com> In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.111 Content-Type: text/plain; charset="utf-8" The page_ext_next() function assumes that page extension objects for a page order allocation always reside in the same memory section, which may not be true and could lead to crashes. Use the page_ext_iter API instead. Fixes: e98337d11bbd ("mm/contig_alloc: support __GFP_COMP") Signed-off-by: Luiz Capitulino --- mm/page_table_check.c | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/mm/page_table_check.c b/mm/page_table_check.c index 509c6ef8de400..361322a5bc7ab 100644 --- a/mm/page_table_check.c +++ b/mm/page_table_check.c @@ -63,6 +63,7 @@ static struct page_table_check *get_page_table_check(stru= ct page_ext *page_ext) static void page_table_check_clear(unsigned long pfn, unsigned long pgcnt) { struct page_ext *page_ext; + struct page_ext_iter iter; struct page *page; unsigned long i; bool anon; @@ -71,7 +72,7 @@ static void page_table_check_clear(unsigned long pfn, uns= igned long pgcnt) return; =20 page =3D pfn_to_page(pfn); - page_ext =3D page_ext_get(page); + page_ext =3D page_ext_iter_begin(&iter, page); =20 if (!page_ext) return; @@ -89,9 +90,9 @@ static void page_table_check_clear(unsigned long pfn, uns= igned long pgcnt) BUG_ON(atomic_read(&ptc->anon_map_count)); BUG_ON(atomic_dec_return(&ptc->file_map_count) < 0); } - page_ext =3D page_ext_next(page_ext); + page_ext =3D page_ext_iter_next(&iter); } - page_ext_put(page_ext); + page_ext_iter_end(&iter); } =20 /* @@ -103,6 +104,7 @@ static void page_table_check_set(unsigned long pfn, uns= igned long pgcnt, bool rw) { struct page_ext *page_ext; + struct page_ext_iter iter; struct page *page; unsigned long i; bool anon; @@ -111,7 +113,7 @@ static void page_table_check_set(unsigned long pfn, uns= igned long pgcnt, return; =20 page =3D pfn_to_page(pfn); - page_ext =3D page_ext_get(page); + page_ext =3D page_ext_iter_begin(&iter, page); =20 if (!page_ext) return; @@ -129,9 +131,9 @@ static void page_table_check_set(unsigned long pfn, uns= igned long pgcnt, BUG_ON(atomic_read(&ptc->anon_map_count)); BUG_ON(atomic_inc_return(&ptc->file_map_count) < 0); } - page_ext =3D page_ext_next(page_ext); + page_ext =3D page_ext_iter_next(&iter); } - page_ext_put(page_ext); + page_ext_iter_end(&iter); } =20 /* @@ -141,11 +143,12 @@ static void page_table_check_set(unsigned long pfn, u= nsigned long pgcnt, void __page_table_check_zero(struct page *page, unsigned int order) { struct page_ext *page_ext; + struct page_ext_iter iter; unsigned long i; =20 BUG_ON(PageSlab(page)); =20 - page_ext =3D page_ext_get(page); + page_ext =3D page_ext_iter_begin(&iter, page); =20 if (!page_ext) return; @@ -155,9 +158,9 @@ void __page_table_check_zero(struct page *page, unsigne= d int order) =20 BUG_ON(atomic_read(&ptc->anon_map_count)); BUG_ON(atomic_read(&ptc->file_map_count)); - page_ext =3D page_ext_next(page_ext); + page_ext =3D page_ext_iter_next(&iter); } - page_ext_put(page_ext); + page_ext_iter_end(&iter); } =20 void __page_table_check_pte_clear(struct mm_struct *mm, pte_t pte) --=20 2.47.1 From nobody Sat May 9 09:06:00 2026 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 34B4A1E7C1F for ; Fri, 24 Jan 2025 21:38:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737754704; cv=none; b=oijr56cXzPHW49ycl+ncYTqZkGIVhY3X5oniGw3NPrf2pXpWErsAdbhvF1VL74FKBkbA7Yuo4kADVVyELTIPf6YGCz64UlS6gy0Gj3Dc13JD61BpXBr19KtpWR9n34x8l5qeszRKxiUmpl3bQovVC8d9NmKx1WZm3SHAX8V4wa4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737754704; c=relaxed/simple; bh=ncA9crD3DINVbzRqLtoT7f7dUPsAwyvD8ri7zhJ7Dfo=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=GRBXzwRD50OEutp9bbKBvnv+7q+IaeGQRe6b4Jcs6yL/cksCCSVDDuE2CxI3C7p5X/yH2wj50xBa8JoSAbM+p7RGksP4U0623y2I7n5hLvlrPTpqZ7+tqoFA5l+XwIyTr1V9kk4KMc0GnALhjnpZ+3HHHZTee1MpPrTKkcktqT8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=aMpARsqF; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="aMpARsqF" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1737754702; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=f0R/RjNUfg0XRwtqhdLZpjGZZp5v7kFJ6of5fRAQFs8=; b=aMpARsqFZp6LA2OrzJzPu0A3yp0ZWdZpfXCRCNkOry1aKt6cTV1jxppYlydy4xxT6yfMvu ++EVmCceDVuahpD01bBIEId/PIVcrM7c2K/OeXkg2IPRMyxXLDmwYijuRRJh02OxH25uu+ 3iIguOmvyJbqPAHTgvl8k9koJbYma6M= Received: from mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-614-2E4ptrrdPoGF2gRstTT0zw-1; Fri, 24 Jan 2025 16:38:17 -0500 X-MC-Unique: 2E4ptrrdPoGF2gRstTT0zw-1 X-Mimecast-MFC-AGG-ID: 2E4ptrrdPoGF2gRstTT0zw Received: from mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.111]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id D42F6180034D; Fri, 24 Jan 2025 21:38:14 +0000 (UTC) Received: from fedora.redhat.com (unknown [10.22.81.148]) by mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 244AD1800348; Fri, 24 Jan 2025 21:38:13 +0000 (UTC) From: Luiz Capitulino To: linux-kernel@vger.kernel.org, linux-mm@kvack.org, david@redhat.com, yuzhao@google.com Cc: akpm@linux-foundation.org, hannes@cmpxchg.org, muchun.song@linux.dev, lcapitulino@gmail.com, luizcap@redhat.com Subject: [RFC 4/4] mm: page_ext: drop page_ext_next() Date: Fri, 24 Jan 2025 16:37:54 -0500 Message-ID: <3604c0ceeb0942b25ef645f4b74154c0122149f4.1737754625.git.luizcap@redhat.com> In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.111 Content-Type: text/plain; charset="utf-8" Previous commits converted users to the new page extension iteration API. TODO: We can use this implementation for flatmem. Fixes: e98337d11bbd ("mm/contig_alloc: support __GFP_COMP") Signed-off-by: Luiz Capitulino --- include/linux/page_ext.h | 7 ------- 1 file changed, 7 deletions(-) diff --git a/include/linux/page_ext.h b/include/linux/page_ext.h index df904544d3fac..4bbc6638fe14f 100644 --- a/include/linux/page_ext.h +++ b/include/linux/page_ext.h @@ -86,13 +86,6 @@ static inline void *page_ext_data(struct page_ext *page_= ext, return (void *)(page_ext) + ops->offset; } =20 -static inline struct page_ext *page_ext_next(struct page_ext *curr) -{ - void *next =3D curr; - next +=3D page_ext_size; - return next; -} - struct page_ext_iter { unsigned long pfn; struct page_ext *page_ext; --=20 2.47.1