lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <ec965a79-dad8-4358-a8e9-ebc9f330b67b@gaisler.com>
Date: Tue, 3 Feb 2026 11:17:08 +0100
From: Andreas Larsson <andreas@...sler.com>
To: Mike Rapoport <rppt@...nel.org>
Cc: Andrew Morton <akpm@...ux-foundation.org>, Borislav Petkov
 <bp@...en8.de>, Brian Cain <bcain@...nel.org>,
 Catalin Marinas <catalin.marinas@....com>,
 "David S. Miller" <davem@...emloft.net>,
 Dave Hansen <dave.hansen@...ux.intel.com>,
 David Hildenbrand <david@...nel.org>, Dinh Nguyen <dinguyen@...nel.org>,
 Geert Uytterhoeven <geert@...ux-m68k.org>, Guo Ren <guoren@...nel.org>,
 Helge Deller <deller@....de>, Huacai Chen <chenhuacai@...nel.org>,
 Ingo Molnar <mingo@...hat.com>, Johannes Berg <johannes@...solutions.net>,
 John Paul Adrian Glaubitz <glaubitz@...sik.fu-berlin.de>,
 "Liam R. Howlett" <Liam.Howlett@...cle.com>,
 Lorenzo Stoakes <lorenzo.stoakes@...cle.com>,
 Madhavan Srinivasan <maddy@...ux.ibm.com>,
 Magnus Lindholm <linmag7@...il.com>, Matt Turner <mattst88@...il.com>,
 Max Filippov <jcmvbkbc@...il.com>, Michael Ellerman <mpe@...erman.id.au>,
 Michal Hocko <mhocko@...e.com>, Michal Simek <monstr@...str.eu>,
 Palmer Dabbelt <palmer@...belt.com>, Richard Weinberger <richard@....at>,
 Russell King <linux@...linux.org.uk>, Stafford Horne <shorne@...il.com>,
 Suren Baghdasaryan <surenb@...gle.com>, Thomas Gleixner <tglx@...nel.org>,
 Vineet Gupta <vgupta@...nel.org>, Vlastimil Babka <vbabka@...e.cz>,
 Will Deacon <will@...nel.org>, linux-alpha@...r.kernel.org,
 linux-kernel@...r.kernel.org, linux-snps-arc@...ts.infradead.org,
 linux-arm-kernel@...ts.infradead.org, linux-csky@...r.kernel.org,
 linux-hexagon@...r.kernel.org, loongarch@...ts.linux.dev,
 linux-m68k@...ts.linux-m68k.org, linux-openrisc@...r.kernel.org,
 linux-parisc@...r.kernel.org, linuxppc-dev@...ts.ozlabs.org,
 linux-riscv@...ts.infradead.org, linux-sh@...r.kernel.org,
 sparclinux@...r.kernel.org, linux-um@...ts.infradead.org,
 linux-mm@...ck.org, x86@...nel.org
Subject: Re: [PATCH mm-unstable] arch, mm: consolidate empty_zero_page

On 2026-01-27 19:11, Mike Rapoport wrote:
> On Tue, Jan 27, 2026 at 05:02:39PM +0100, Andreas Larsson wrote:
>> On 2026-01-24 10:56, Mike Rapoport wrote:
>>
>>> Every architecture defines empty_zero_page that way or another, but for the
>>> most of them it is always a page aligned page in BSS and most definitions
>>> of ZERO_PAGE do virt_to_page(empty_zero_page).
>>
>> Running this in an LDOM on an UltraSparc T4 sparc64, the entire LDOM
>> hangs after a while during boot.
>>
>>> diff --git a/arch/sparc/mm/init_64.c b/arch/sparc/mm/init_64.c
>>> index c2d19c9a9244..2bd99944176d 100644
>>> --- a/arch/sparc/mm/init_64.c
>>> +++ b/arch/sparc/mm/init_64.c
>>> @@ -177,9 +177,6 @@ extern unsigned long sparc_ramdisk_image64;
>>>  extern unsigned int sparc_ramdisk_image;
>>>  extern unsigned int sparc_ramdisk_size;
>>>  
>>> -struct page *mem_map_zero __read_mostly;
>>> -EXPORT_SYMBOL(mem_map_zero);
>>> -
>>>  unsigned int sparc64_highest_unlocked_tlb_ent __read_mostly;
>>>  
>>>  unsigned long sparc64_kern_pri_context __read_mostly;
>>> @@ -2506,18 +2503,6 @@ void __init mem_init(void)
>>>  	 */
>>>  	register_page_bootmem_info();
>>>  
>>> -	/*
>>> -	 * Set up the zero page, mark it reserved, so that page count
>>> -	 * is not manipulated when freeing the page from user ptes.
>>> -	 */
>>> -	mem_map_zero = alloc_pages(GFP_KERNEL|__GFP_ZERO, 0);
>>> -	if (mem_map_zero == NULL) {
>>> -		prom_printf("paging_init: Cannot alloc zero page.\n");
>>> -		prom_halt();
>>> -	}
>>> -	mark_page_reserved(mem_map_zero);
>>> -
>>> -
>>>  	if (tlb_type == cheetah || tlb_type == cheetah_plus)
>>>  		cheetah_ecache_flush_init();
>>>  }
>>
>> This just removes the mark_page_reserved(mem_map_zero) without 
>> replacing it with something corresponding to that. Perhaps part
>> of the problem?
> 
> I don't think so, empty_zero_page is in BSS now an it's reserved as a part
> of the kernel image.
> 
> I suspect that virt_to_page() does not work BSS symbols on sparc64. Can you
> please try with this patch:
> 
> diff --git a/arch/sparc/include/asm/pgtable_64.h b/arch/sparc/include/asm/pgtable_64.h
> index 74ede706fb32..0578c5172d4e 100644
> --- a/arch/sparc/include/asm/pgtable_64.h
> +++ b/arch/sparc/include/asm/pgtable_64.h
> @@ -22,6 +22,7 @@
>  #include <asm/adi.h>
>  #include <asm/page.h>
>  #include <asm/processor.h>
> +#include <asm/vaddrs.h>
>  
>  /* The kernel image occupies 0x4000000 to 0x6000000 (4MB --> 96MB).
>   * The page copy blockops can use 0x6000000 to 0x8000000.
> @@ -210,6 +211,11 @@ extern unsigned long _PAGE_CACHE;
>  extern unsigned long pg_iobits;
>  extern unsigned long _PAGE_ALL_SZ_BITS;
>  
> +extern unsigned long kern_base;
> +#define ZERO_PAGE(vaddr)						   \
> +	(virt_to_page(empty_zero_page + ((unsigned long)__va(kern_base)) - \
> +		      ((unsigned long)KERNBASE)))
> +
>  /* PFNs are real physical page numbers.  However, mem_map only begins to record
>   * per-page information starting at pfn_base.  This is to handle systems where
>   * the first physical page in the machine is at some huge physical address,
> diff --git a/arch/sparc/mm/init_64.c b/arch/sparc/mm/init_64.c
> index 2bd99944176d..d2d724ba4f83 100644
> --- a/arch/sparc/mm/init_64.c
> +++ b/arch/sparc/mm/init_64.c
> @@ -170,6 +170,8 @@ static void __init read_obp_memory(const char *property,
>  
>  /* Kernel physical address base and size in bytes.  */
>  unsigned long kern_base __read_mostly;
> +EXPORT_SYMBOL(kern_base);
> +
>  unsigned long kern_size __read_mostly;
>  
>  /* Initial ramdisk setup */
Hi,

Unfortunately, that does not help. The LDOM goes down in the same fashion.

In QEMU, with or without this extra patch, I get this:

[    3.310674] BUG: Bad page map in process mount  pte:ffffc800016436b0
[    3.310778] pgd:027dc000 p4d:027dc000 pud:027d8000 pmd:0269a000
[    3.311686] addr:000001000020a000 vm_flags:00100077 anon_vma:fffff80002688548 mapping:0000000000000000 index:8000105
[    3.312449] file:(null) fault:0x0 mmap:0x0 mmap_prepare: 0x0 read_folio:0x0
[    3.313622] CPU: 0 UID: 0 PID: 46 Comm: mount Not tainted 6.19.0-rc5-00269-g28acabacf9b0 #22 VOLUNTARY 
[    3.314056] Call Trace:
[    3.314182] [<00000000005e822c>] print_bad_page_map+0x10c/0x260
[    3.314375] [<00000000005e9f30>] vm_normal_page+0x70/0x80
[    3.314400] [<00000000005ea5a8>] unmap_page_range+0x4e8/0x13c0
[    3.314421] [<00000000005eb54c>] unmap_vmas+0x2c/0x120
[    3.314440] [<00000000005f781c>] exit_mmap+0xdc/0x440
[    3.314457] [<000000000047193c>] mmput+0x3c/0x100
[    3.314477] [<0000000000479e94>] do_exit+0x1f4/0xa00
[    3.314494] [<000000000047a83c>] do_group_exit+0x1c/0xa0
[    3.314511] [<0000000000489b28>] get_signal+0x8a8/0x8e0
[    3.314529] [<000000000043be24>] do_notify_resume+0xa4/0x5a0
[    3.314549] [<0000000000404b48>] __handle_signal+0xc/0x30
[    3.314687] Disabling lock debugging due to kernel taint

Cheers,
Andreas

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ