| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <75cd8cf5b1cddc0914d29df20d3f664efd173b3c.camel@physik.fu-berlin.de>
Date: Fri, 25 Jul 2025 22:46:45 +0200
From: John Paul Adrian Glaubitz <glaubitz@...sik.fu-berlin.de>
To: Anthony Yznaga <anthony.yznaga@...cle.com>, sparclinux@...r.kernel.org,
davem@...emloft.net, andreas@...sler.com
Cc: linux-kernel@...r.kernel.org, agordeev@...ux.ibm.com, will@...nel.org,
ryan.roberts@....com, david@...hat.com, osalvador@...e.de
Subject: Re: [PATCH] sparc64: fix hugetlb for sun4u
Hi Anthony,
On Tue, 2025-07-15 at 18:24 -0700, Anthony Yznaga wrote:
> An attempt to exercise sparc hugetlb code in a sun4u-based guest
> running under qemu results in the guest hanging due to being stuck
> in a trap loop. This is due to invalid hugetlb TTEs being installed
> that do not have the expected _PAGE_PMD_HUGE and page size bits set.
> Although the breakage has gone apparently unnoticed for several years,
> fix it now so there is the option to exercise sparc hugetlb code under
> qemu. This can be useful because sun4v support in qemu does not support
> linux guests currently and sun4v-based hardware resources may not be
> readily available.
>
> Fix tested with a 6.15.2 and 6.16-rc6 kernels by running libhugetlbfs
> tests on a qemu guest running Debian 13.
>
> Fixes: c7d9f77d33a7 ("sparc64: Multi-page size support")
> Cc: stable@...r.kernel.org
> Signed-off-by: Anthony Yznaga <anthony.yznaga@...cle.com>
> ---
> arch/sparc/mm/hugetlbpage.c | 20 ++++++++++++++++++++
> 1 file changed, 20 insertions(+)
>
> diff --git a/arch/sparc/mm/hugetlbpage.c b/arch/sparc/mm/hugetlbpage.c
> index 80504148d8a5..2048b5c42ca8 100644
> --- a/arch/sparc/mm/hugetlbpage.c
> +++ b/arch/sparc/mm/hugetlbpage.c
> @@ -22,6 +22,26 @@
>
> static pte_t sun4u_hugepage_shift_to_tte(pte_t entry, unsigned int shift)
> {
> + unsigned long hugepage_size = _PAGE_SZ4MB_4U;
> +
> + pte_val(entry) = pte_val(entry) & ~_PAGE_SZALL_4U;
> +
> + switch (shift) {
> + case HPAGE_256MB_SHIFT:
> + hugepage_size = _PAGE_SZ256MB_4U;
> + pte_val(entry) |= _PAGE_PMD_HUGE;
> + break;
> + case HPAGE_SHIFT:
> + pte_val(entry) |= _PAGE_PMD_HUGE;
> + break;
> + case HPAGE_64K_SHIFT:
> + hugepage_size = _PAGE_SZ64K_4U;
> + break;
> + default:
> + WARN_ONCE(1, "unsupported hugepage shift=%u\n", shift);
> + }
> +
> + pte_val(entry) = pte_val(entry) | hugepage_size;
> return entry;
> }
>
I have compiled a 4.19.325 kernel with the patched applied on top and booted
that kernel onto an UltraSPARC IIIi machine. I cannot test a current kernel
at the moment as newer kernels do not run stable on sun4u machines at the
moment.
I will try to bisect this problem within the next days. Currently, I don't have
serial access to this machine, so I cannot easily reboot it when the kernel
crashes but this should be resolved within the next days.
Here is the output from /proc/cpuinfo:
root@...erin:/home/glaubitz/libhugetlbfs# cat /proc/cpuinfo
cpu : TI UltraSparc IIIi (Jalapeno)
fpu : UltraSparc IIIi integrated FPU
pmu : ultra3i
prom : OBP 4.22.33 2007/06/18 12:45
type : sun4u
ncpus probed : 1
ncpus active : 1
D$ parity tl1 : 0
I$ parity tl1 : 0
Cpu0ClkTck : 000000005995f5c0
cpucaps : flush,stbar,swap,muldiv,v9,ultra3,mul32,div32,v8plus,vis,vis2
MMU Type : Cheetah+
MMU PGSZs : 8K,64K,512K,4MB
root@...erin:/home/glaubitz/libhugetlbfs#
I allocated 25 huge pages:
root@...erin:/home/glaubitz/libhugetlbfs# echo 25 > /proc/sys/vm/nr_hugepages
root@...erin:/home/glaubitz/libhugetlbfs# hugeadm --pool-list
Size Minimum Current Maximum Default
65536 0 0 0
8388608 25 25 25 *
268435456 0 0 0
2147483648 0 0 0
root@...erin:/home/glaubitz/libhugetlbfs#
The testsuite then passed without any problems:
root@...erin:/home/glaubitz/libhugetlbfs# make check
PASS
zero_filesize_segment (8M: 64):
test_root (8M: 64): PASS
meminfo_nohuge (8M: 64): PASS
gethugepagesize (8M: 64): PASS
gethugepagesizes (8M: 64): PASS
HUGETLB_VERBOSE=1 empty_mounts (8M: 64): PASS
HUGETLB_VERBOSE=1 large_mounts (8M: 64): PASS
find_path (8M: 64): PASS
unlinked_fd (8M: 64): PASS
readback (8M: 64): PASS
truncate (8M: 64): PASS
shared (8M: 64): PASS
mprotect (8M: 64): PASS
mlock (8M: 64): PASS
misalign (8M: 64): PASS
fallocate_basic.sh (8M: 64): PASS
fallocate_align.sh (8M: 64): PASS
ptrace-write-hugepage (8M: 64): PASS
icache-hygiene (8M: 64): PASS
slbpacaflush (8M: 64): Bad configuration: Atleast online 2 cpus are required
straddle_4GB_static (8M: 64): PASS
huge_at_4GB_normal_below_static (8M: 64): FAIL Wrong address with MAP_FIXED normal
huge_below_4GB_normal_above_static (8M: 64): PASS
map_high_truncate_2 (8M: 64): PASS
misaligned_offset (8M: 64): PASS (inconclusive)
truncate_above_4GB (8M: 64): PASS
brk_near_huge (8M: 64): Fatal glibc error: malloc.c:2601 (sysmalloc): assertion failed:
task-size-overrun (8M: 64): PASS
stack_grow_into_huge (8M: 64): PASS
corrupt-by-cow-opt (8M: 64): PASS
noresv-preserve-resv-page (8M: 64): PASS
noresv-regarded-as-resv (8M: 64): PASS
readahead_reserve.sh (8M: 64): PASS
madvise_reserve.sh (8M: 64): PASS
fadvise_reserve.sh (8M: 64): PASS
mremap-expand-slice-collision.sh (8M: 64): PASS
mremap-fixed-normal-near-huge.sh (8M: 64): PASS
mremap-fixed-huge-near-normal.sh (8M: 64): PASS
set shmmax limit to 67108864
shm-perms (8M: 64): PASS
private (8M: 64): PASS
fork-cow (8M: 64): PASS
direct (8M: 64): Bad configuration: Failed to open direct-IO file: Invalid argument
malloc (8M: 64): PASS
LD_PRELOAD=libhugetlbfs.so HUGETLB_MORECORE=yes malloc (8M: 64): SKIPPED
LD_PRELOAD=libhugetlbfs.so HUGETLB_MORECORE=yes HUGETLB_RESTRICT_EXE=unknown:none malloc (8M: 64): SKIPPED
LD_PRELOAD=libhugetlbfs.so HUGETLB_MORECORE=yes HUGETLB_RESTRICT_EXE=unknown:malloc malloc (8M: 64): SKIPPED
malloc_manysmall (8M: 64): PASS
LD_PRELOAD=libhugetlbfs.so HUGETLB_MORECORE=yes malloc_manysmall (8M: 64): SKIPPED
GLIBC_TUNABLES=glibc.malloc.tcache_count=0 heapshrink (8M: 64): PASS
GLIBC_TUNABLES=glibc.malloc.tcache_count=0 LD_PRELOAD=libheapshrink.so heapshrink (8M: 64): PASS
GLIBC_TUNABLES=glibc.malloc.tcache_count=0 LD_PRELOAD=libhugetlbfs.so HUGETLB_MORECORE=yes heapshrink (8M: 64): SKIPPED
GLIBC_TUNABLES=glibc.malloc.tcache_count=0 LD_PRELOAD=libhugetlbfs.so libheapshrink.so HUGETLB_MORECORE=yes heapshrink (8M: 64): SKIPPED
GLIBC_TUNABLES=glibc.malloc.tcache_count=0 LD_PRELOAD=libheapshrink.so HUGETLB_MORECORE=yes HUGETLB_MORECORE_SHRINK=yes heapshrink (8M: 64): SKIPPED
GLIBC_TUNABLES=glibc.malloc.tcache_count=0 LD_PRELOAD=libhugetlbfs.so libheapshrink.so HUGETLB_MORECORE=yes HUGETLB_MORECORE_SHRINK=yes heapshrink (8M: 64): SKIPPED
HUGETLB_VERBOSE=1 HUGETLB_MORECORE=yes heap-overflow (8M: 64): SKIPPED
HUGETLB_VERBOSE=0 linkhuge_nofd (8M: 64):
LD_PRELOAD=libhugetlbfs.so HUGETLB_VERBOSE=0 linkhuge_nofd (8M: 64):
HUGETLB_VERBOSE=0 xB.linkhuge_nofd (8M: 64):
HUGETLB_VERBOSE=0 xBDT.linkhuge_nofd (8M: 64):
HUGETLB_MINIMAL_COPY=no HUGETLB_VERBOSE=0 xB.linkhuge_nofd (8M: 64):
HUGETLB_MINIMAL_COPY=no HUGETLB_VERBOSE=0 xBDT.linkhuge_nofd (8M: 64):
HUGETLB_ELFMAP=no HUGETLB_VERBOSE=0 xB.linkhuge_nofd (8M: 64):
HUGETLB_ELFMAP=no HUGETLB_VERBOSE=0 xBDT.linkhuge_nofd (8M: 64):
linkhuge (8M: 64):
LD_PRELOAD=libhugetlbfs.so linkhuge (8M: 64):
xB.linkhuge (8M: 64):
xBDT.linkhuge (8M: 64):
HUGETLB_MINIMAL_COPY=no xB.linkhuge (8M: 64):
HUGETLB_MINIMAL_COPY=no xBDT.linkhuge (8M: 64):
HUGETLB_ELFMAP=no xB.linkhuge (8M: 64):
HUGETLB_ELFMAP=no xBDT.linkhuge (8M: 64):
HUGETLB_SHARE=1 xB.linkshare (8M: 64):
HUGETLB_SHARE=1 xBDT.linkshare (8M: 64):
HUGETLB_SHARE=1 xB.linkshare (8M: 64):
HUGETLB_SHARE=1 xBDT.linkshare (8M: 64):
HUGETLB_SHARE=0 xB.linkhuge (8M: 64):
HUGETLB_SHARE=1 xB.linkhuge (8M: 64):
HUGETLB_SHARE=0 xBDT.linkhuge (8M: 64):
HUGETLB_SHARE=1 xBDT.linkhuge (8M: 64):
linkhuge_rw (8M: 64):
HUGETLB_ELFMAP=R linkhuge_rw (8M: 64):
HUGETLB_ELFMAP=W linkhuge_rw (8M: 64):
HUGETLB_ELFMAP=RW linkhuge_rw (8M: 64):
HUGETLB_ELFMAP=no linkhuge_rw (8M: 64):
HUGETLB_MINIMAL_COPY=no HUGETLB_ELFMAP=R linkhuge_rw (8M: 64):
HUGETLB_MINIMAL_COPY=no HUGETLB_ELFMAP=W linkhuge_rw (8M: 64):
HUGETLB_MINIMAL_COPY=no HUGETLB_ELFMAP=RW linkhuge_rw (8M: 64):
HUGETLB_ELFMAP=R HUGETLB_SHARE=0 linkhuge_rw (8M: 64):
HUGETLB_ELFMAP=R HUGETLB_SHARE=1 linkhuge_rw (8M: 64):
HUGETLB_ELFMAP=W HUGETLB_SHARE=0 linkhuge_rw (8M: 64):
HUGETLB_ELFMAP=W HUGETLB_SHARE=1 linkhuge_rw (8M: 64):
HUGETLB_ELFMAP=RW HUGETLB_SHARE=0 linkhuge_rw (8M: 64):
HUGETLB_ELFMAP=RW HUGETLB_SHARE=1 linkhuge_rw (8M: 64):
chunk-overcommit (8M: 64): PASS
alloc-instantiate-race shared (8M: 64): Bad configuration: Atleast online 2 cpus are required
alloc-instantiate-race private (8M: 64): Bad configuration: Atleast online 2 cpus are required
truncate_reserve_wraparound (8M: 64): PASS
truncate_sigbus_versus_oom (8M: 64): PASS
get_huge_pages (8M: 64): PASS
shmoverride_linked (8M: 64): PASS
HUGETLB_SHM=yes shmoverride_linked (8M: 64): PASS
LD_PRELOAD=libhugetlbfs.so shmoverride_unlinked (8M: 64): PASS
LD_PRELOAD=libhugetlbfs.so HUGETLB_SHM=yes shmoverride_unlinked (8M: 64): PASS
quota.sh (8M: 64): PASS
counters.sh (8M: 64): PASS
mmap-gettest 10 25 (8M: 64): PASS
mmap-cow 24 25 (8M: 64): PASS
set shmmax limit to 209715200
shm-fork 10 12 (8M: 64): PASS
set shmmax limit to 209715200
shm-fork 10 25 (8M: 64): PASS
set shmmax limit to 209715200
shm-getraw 25 /dev/full (8M: 64): PASS
fallocate_stress.sh (8M: 64): PASS
********** TEST SUMMARY
* 8M
* 32-bit 64-bit
* Total testcases: 0 111
* Skipped: 0 9
* PASS: 0 57
* FAIL: 0 1
* Killed by signal: 0 1
* Bad configuration: 0 4
* Expected FAIL: 0 0
* Unexpected PASS: 0 0
* Test not present: 0 39
* Strange test result: 0 0
**********
root@...erin:/home/glaubitz/libhugetlbfs#
Tested-by: John Paul Adrian Glaubitz <glaubitz@...sik.fu-berlin.de>
Adrian
--
.''`. John Paul Adrian Glaubitz
: :' : Debian Developer
`. `' Physicist
`- GPG: 62FF 8A75 84E0 2956 9546 0006 7426 3B37 F5B5 F913
Powered by blists - more mailing lists