| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <e7575e61-fa82-4f4b-b413-85732930f075@os.amperecomputing.com>
Date: Mon, 29 Sep 2025 09:15:23 -0700
From: Yang Shi <yang@...amperecomputing.com>
To: David Hildenbrand <david@...hat.com>, muchun.song@...ux.dev,
osalvador@...e.de, akpm@...ux-foundation.org, catalin.marinas@....com,
will@...nel.org, carl@...amperecomputing.com, cl@...two.org
Cc: linux-mm@...ck.org, linux-arm-kernel@...ts.infradead.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] mm: hugetlb: avoid soft lockup when mprotect with
PROT_MTE
On 9/29/25 1:29 AM, David Hildenbrand wrote:
> On 26.09.25 18:20, Yang Shi wrote:
>> When calling mprotect() with PROT_MTE, kernel will initialize MTE tags
>> for every single page in the affected area. Soft lockup was observed
>> when doing this for large HugeTLB memory area in our customer's workload
>> (~300GB memory):
>>
>> watchdog: BUG: soft lockup - CPU#98 stuck for 23s! [t2_new_sysv:126916]
>>
>> CPU: 98 PID: 126916 Comm: t2_new_sysv Kdump: loaded Not tainted 6.17-rc7
>> Hardware name: GIGACOMPUTING R2A3-T40-AAV1/Jefferson CIO, BIOS
>> 5.4.4.1 07/15/2025
>> pstate: 20400009 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
>> pc : mte_clear_page_tags+0x14/0x24
>> lr : mte_sync_tags+0x1c0/0x240
>> sp : ffff80003150bb80
>> x29: ffff80003150bb80 x28: ffff00739e9705a8 x27: 0000ffd2d6a00000
>> x26: 0000ff8e4bc00000 x25: 00e80046cde00f45 x24: 0000000000022458
>> x23: 0000000000000000 x22: 0000000000000004 x21: 000000011b380000
>> x20: ffff000000000000 x19: 000000011b379f40 x18: 0000000000000000
>> x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000
>> x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000
>> x11: 0000000000000000 x10: 0000000000000000 x9 : ffffc875e0aa5e2c
>> x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000
>> x5 : fffffc01ce7a5c00 x4 : 00000000046cde00 x3 : fffffc0000000000
>> x2 : 0000000000000004 x1 : 0000000000000040 x0 : ffff0046cde7c000
>>
>> Call trace:
>> mte_clear_page_tags+0x14/0x24
>> set_huge_pte_at+0x25c/0x280
>> hugetlb_change_protection+0x220/0x430
>> change_protection+0x5c/0x8c
>> mprotect_fixup+0x10c/0x294
>> do_mprotect_pkey.constprop.0+0x2e0/0x3d4
>> __arm64_sys_mprotect+0x24/0x44
>> invoke_syscall+0x50/0x160
>> el0_svc_common+0x48/0x144
>> do_el0_svc+0x30/0xe0
>> el0_svc+0x30/0xf0
>> el0t_64_sync_handler+0xc4/0x148
>> el0t_64_sync+0x1a4/0x1a8
>>
>> Soft lockup is not triggered with THP or base page because there is
>> cond_resched() called for each PMD size.
>>
>> So add cond_resched() for hugetlb to avoid soft lockup.
>>
>> Fixes: 25c17c4b55de ("hugetlb: arm64: add mte support")
>> Tested-by: Carl Worth <carl@...amperecomputing.com>
>> Signed-off-by: Yang Shi <yang@...amperecomputing.com>
>> ---
>
> Agreed that the issue likely predates MTE support, but likely in
> practice only PROT_MTE makes it pop up in practice.
>
> With a refined subject/description + Fixes:
>
> Acked-by: David Hildenbrand <david@...hat.com>
Thank you. Dig into the history, it seems like the fix tag should point
to 8f860591ffb2 ("[PATCH] Enable mprotect on huge pages"), which is a
2.6.17 commit.
Yang
Powered by blists - more mailing lists