On 01/24/2020 02:22 PM, Christophe Leroy wrote:
>
>
> Le 24/01/2020 à 08:17, Anshuman Khandual a écrit :
>>
>> On 01/07/2020 12:00 PM, Rong Chen wrote:
>>>
>>>
>>> On 1/7/20 1:57 PM, Anshuman Khandual wrote:
>>>> On 12/26/2019 02:19 PM, kernel test robot wrote:
>> ...............................................
>> p4d_free(mm, saved_p4dp);
>> pud_free(mm, saved_pudp);
>> pmd_free(mm, saved_pmdp);
>> pte_free(mm, saved_ptep);
>> mm_dec_nr_puds(mm);
>> mm_dec_nr_pmds(mm);
>> mm_dec_nr_ptes(mm);
>> __mmdrop(mm);
>> ..............................................
>>
>
> You should use mmdrop() instead of __mmdrop(), shouldn't you ?
Yes, though I am afraid that it does not change much as mm->mm_count
gets initialized to 1 through mm_alloc()->mm_init(). But will fix
this next time around.
Coming back to the original problem, seems like both the reported bugs
are probably related and because of CONFIG_X86_PAE. On X86 PAE systems,
there are these additional user and kernel PMD pages which are stored
in the page table (PREALLOCATED_USER_PMDS and MAX_PREALLOCATED_PMDS).
pgd_alloc()
preallocate_pmds()
__get_free_page()
pgtable_pmd_page_ctor()
pgd_prepopulate_pmd()
p4d = p4d_offset(pgd, 0);
pud = pud_offset(p4d, 0);
pud_populate(mm, pud, pmd); /* For each pre-allocated PMD */
The test case explicitly allocates and frees intermittent level page
table pages for any given vaddr. So when __mmdrop() --> pgd_free() -->
mop_up_pmds() --> mop_up_one_pmd() --> pmd_free(), it tries to free some
possible garbage memory (probably caused by the test case) and hits
VM_BUG_ON().
The test assumes a bare bones page table to conduct the test and the PAE
based page table setup violates that assumption. Will disable this test
on x86 platform when CONFIG_X86_PAE is enabled.
>
> Christophe
>
