Skip to content
Snippets Groups Projects
Commit c6d8de0d authored by Tangquan Zheng's avatar Tangquan Zheng Committed by Treehugger Robot
Browse files

ANDROID: mm: usefaultfd: fix userfaultfd_move while large folios are from virtual zones 


While large folios originate from virtual zones, split_folio() migrates them into
nr_pages small folios and returns a value greater than 0. In this case, we should
retry the move operation using the new small folios as sources. Otherwise, this
may trigger a kernel BUG.

[   64.788670] ------------[ cut here ]------------
[   64.789179] WARNING: CPU: 0 PID: 126 at mm/userfaultfd.c:1760 move_pages+0x2bc/0x1960
[   64.790059] Modules linked in:
[   64.790866] CPU: 0 PID: 126 Comm: a.out Tainted: G        W          6.6.66-g29bb63ce7190-dirty #216
[   64.791467] Hardware name: linux,dummy-virt (DT)
[   64.791933] pstate: 21402005 (nzCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)
[   64.792412] pc : move_pages+0x2bc/0x1960
[   64.792810] lr : move_pages+0x1a4/0x1960
[   64.793194] sp : ffff800083ffbbc0
[   64.793552] x29: ffff800083ffbc50 x28: 0000ffff850a0000 x27: 0000000000000001
[   64.794412] x26: 0000ffff850b1000 x25: ffff00000576cd80 x24: ffff80008275aaf0
[   64.795182] x23: ffff0000057625e8 x22: 0000000000000000 x21: ffff000005762a20
[   64.795951] x20: 0000000000001000 x19: 0000ffff850b0000 x18: 0000000000000000
[   64.796738] x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000028
[   64.797534] x14: 000000000000467c x13: 0000000000004679 x12: ffff8000834693c8
[   64.798309] x11: 0000000000000000 x10: ffff8000825bdc20 x9 : ffff8000803e893c
[   64.799107] x8 : ffff000005123900 x7 : ffff8000826c3000 x6 : 0000000000000000
[   64.799882] x5 : 0000000000000001 x4 : ffff000005123900 x3 : ffff8000825bc008
[   64.800665] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff000005123900
[   64.801525] Call trace:
[   64.801929]  move_pages+0x2bc/0x1960
[   64.802346]  userfaultfd_ioctl+0x484/0x1b98
[   64.802742]  __arm64_sys_ioctl+0xb4/0x100
[   64.803137]  invoke_syscall+0x50/0x120
[   64.803521]  el0_svc_common.constprop.0+0x48/0xf0
[   64.803916]  do_el0_svc+0x24/0x38
[   64.804288]  el0_svc+0x58/0x148
[   64.804659]  el0t_64_sync_handler+0x120/0x130
[   64.805041]  el0t_64_sync+0x1a4/0x1a8
[   64.805472] irq event stamp: 492
[   64.805830] hardirqs last  enabled at (491): [<ffff8000803ce140>] uncharge_batch+0xd0/0x198
[   64.806333] hardirqs last disabled at (492): [<ffff8000816761dc>] el1_dbg+0x24/0x98
[   64.806829] softirqs last  enabled at (486): [<ffff800080063368>] handle_softirqs+0x548/0x570
[   64.807323] softirqs last disabled at (475): [<ffff800080010934>] __do_softirq+0x1c/0x28
[   64.807813] ---[ end trace 0000000000000000 ]---

Bug: 313807618
Change-Id: Ia8aef8301ed2c8bad3ce690f129c55788330cd26
Signed-off-by: default avatarBarry Song <v-songbaohua@oppo.com>
Signed-off-by: default avatarTangquan Zheng <zhengtangquan@oppo.com>
parent 6f195bb9
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 1 addition and 1 deletion
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment