Hi Andrea Thanks for the review. On 6/8/2018 7:38 AM, Andrea Arcangeli Wrote: > On Thu, Jun 07, 2018 at 03:13:44PM -0700, Andrew Morton wrote: >> This patch is quite urgent and is tagged for -stable backporting, yet >> it remains in an unreviewed state. Any takers? > > It looks a straightforward safe fix, on x86 hva_to_gfn_memslot would > zap those bits and hide the misalignment caused by the low metadata > bits being erroneously left set in the address, but the arm code > notices when that's the last page in the memslot and the hva_end is > getting aligned and the size is below one page. > >> [35380.933345] [<ffff000008088f00>] dump_backtrace+0x0/0x22c >> [35380.938723] [<ffff000008089150>] show_stack+0x24/0x2c >> [35380.943759] [<ffff00000893c078>] dump_stack+0x8c/0xb0 >> [35380.948794] [<ffff00000820ab50>] bad_page+0xf4/0x154 >> [35380.953740] [<ffff000008211ce8>] free_pages_check_bad+0x90/0x9c >> [35380.959642] [<ffff00000820c430>] free_pcppages_bulk+0x464/0x518 >> [35380.965545] [<ffff00000820db98>] free_hot_cold_page+0x22c/0x300 >> [35380.971448] [<ffff0000082176fc>] __put_page+0x54/0x60 >> [35380.976484] [<ffff0000080b1164>] unmap_stage2_range+0x170/0x2b4 >> [35380.982385] [<ffff0000080b12d8>] kvm_unmap_hva_handler+0x30/0x40 >> [35380.988375] [<ffff0000080b0104>] handle_hva_to_gpa+0xb0/0xec >> [35380.994016] [<ffff0000080b2644>] kvm_unmap_hva_range+0x5c/0xd0 >> [35380.999833] [<ffff0000080a8054>] >> >> I even injected a fault on purpose in kvm_unmap_hva_range by seting >> size=size-0x200, the call trace is similar as above. So I thought the >> panic is similarly caused by the root cause of WARN_ON. > > I think the problem triggers in the addr += PAGE_SIZE of > unmap_stage2_ptes that never matches end because end is aligned but > addr is not. > > } while (pte++, addr += PAGE_SIZE, addr != end); > > x86 again only works on hva_start/hva_end after converting it to > gfn_start/end and that being in pfn units the bits are zapped before > they risk to cause trouble. For this panic issue on arm64, I started another thread to discuss https://lkml.org/lkml/2018/5/2/61 -- Cheers, Jia > >> >> Link: http://lkml.kernel.org/r/1525403506-6750-1-git-send-email-hejianet@xxxxxxxxx >> Signed-off-by: Jia He <jia.he@xxxxxxxxxxxxxxxx> >> Cc: Suzuki K Poulose <Suzuki.Poulose@xxxxxxx> >> Cc: Andrea Arcangeli <aarcange@xxxxxxxxxx> >> Cc: Minchan Kim <minchan@xxxxxxxxxx> >> Cc: Claudio Imbrenda <imbrenda@xxxxxxxxxxxxxxxxxx> >> Cc: Arvind Yadav <arvind.yadav.cs@xxxxxxxxx> >> Cc: Mike Rapoport <rppt@xxxxxxxxxxxxxxxxxx> >> Cc: Jia He <hejianet@xxxxxxxxx> >> Cc: <stable@xxxxxxxxxxxxxxx> >> Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> >> --- >> > > Reviewed-by: Andrea Arcangeli <aarcange@xxxxxxxxxx> >
