• Qian Cai's avatar
    Revert "mm: use early_pfn_to_nid in page_ext_init" · 53dcaeef
    Qian Cai authored
    [ Upstream commit 2f1ee091 ]
    
    This reverts commit fe53ca54 ("mm: use early_pfn_to_nid in
    page_ext_init").
    
    When booting a system with "page_owner=on",
    
    start_kernel
      page_ext_init
        invoke_init_callbacks
          init_section_page_ext
            init_page_owner
              init_early_allocated_pages
                init_zones_in_node
                  init_pages_in_zone
                    lookup_page_ext
                      page_to_nid
    
    The issue here is that page_to_nid() will not work since some page flags
    have no node information until later in page_alloc_init_late() due to
    DEFERRED_STRUCT_PAGE_INIT.  Hence, it could trigger an out-of-bounds
    access with an invalid nid.
    
      UBSAN: Undefined behaviour in ./include/linux/mm.h:1104:50
      index 7 is out of range for type 'zone [5]'
    
    Also, kernel will panic since flags were poisoned earlier with,
    
    CONFIG_DEBUG_VM_PGFLAGS=y
    CONFIG_NODE_NOT_IN_PAGE_FLAGS=n
    
    start_kernel
      setup_arch
        pagetable_init
          paging_init
            sparse_init
              sparse_init_nid
                memblock_alloc_try_nid_raw
    
    It did not handle it well in init_pages_in_zone() which ends up calling
    page_to_nid().
    
      page:ffffea0004200000 is uninitialized and poisoned
      raw: ffffffffffffffff ffffffffffffffff ffffffffffffffff ffffffffffffffff
      raw: ffffffffffffffff ffffffffffffffff ffffffffffffffff ffffffffffffffff
      page dumped because: VM_BUG_ON_PAGE(PagePoisoned(p))
      page_owner info is not active (free page?)
      kernel BUG at include/linux/mm.h:990!
      RIP: 0010:init_page_owner+0x486/0x520
    
    This means that assumptions behind commit fe53ca54 ("mm: use
    early_pfn_to_nid in page_ext_init") are incomplete.  Therefore, revert
    the commit for now.  A proper way to move the page_owner initialization
    to sooner is to hook into memmap initialization.
    
    Link: http://lkml.kernel.org/r/20190115202812.75820-1-cai@lca.pwSigned-off-by: default avatarQian Cai <cai@lca.pw>
    Acked-by: default avatarMichal Hocko <mhocko@kernel.org>
    Cc: Pasha Tatashin <Pavel.Tatashin@microsoft.com>
    Cc: Mel Gorman <mgorman@techsingularity.net>
    Cc: Yang Shi <yang.shi@linaro.org>
    Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
    Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
    Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
    53dcaeef
page_ext.c 11 KB