• Youquan Song's avatar
    thp: set compound tail page _count to zero · 58a84aa9
    Youquan Song authored
    Commit 70b50f94 ("mm: thp: tail page refcounting fix") keeps all
    page_tail->_count zero at all times.  But the current kernel does not
    set page_tail->_count to zero if a 1GB page is utilized.  So when an
    IOMMU 1GB page is used by KVM, it wil result in a kernel oops because a
    tail page's _count does not equal zero.
    
      kernel BUG at include/linux/mm.h:386!
      invalid opcode: 0000 [#1] SMP
      Call Trace:
        gup_pud_range+0xb8/0x19d
        get_user_pages_fast+0xcb/0x192
        ? trace_hardirqs_off+0xd/0xf
        hva_to_pfn+0x119/0x2f2
        gfn_to_pfn_memslot+0x2c/0x2e
        kvm_iommu_map_pages+0xfd/0x1c1
        kvm_iommu_map_memslots+0x7c/0xbd
        kvm_iommu_map_guest+0xaa/0xbf
        kvm_vm_ioctl_assigned_device+0x2ef/0xa47
        kvm_vm_ioctl+0x36c/0x3a2
        do_vfs_ioctl+0x49e/0x4e4
        sys_ioctl+0x5a/0x7c
        system_call_fastpath+0x16/0x1b
      RIP  gup_huge_pud+0xf2/0x159
    Signed-off-by: default avatarYouquan Song <youquan.song@intel.com>
    Reviewed-by: default avatarAndrea Arcangeli <aarcange@redhat.com>
    Cc: <stable@vger.kernel.org>
    Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
    Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    58a84aa9
page_alloc.c 160 KB