Re: [PATCH v4 07/19] mm/sparse: Move subsection_map_init() into sparse_init()

[PATCH v4 00/19] mm: Refactor bootmem gigantic hugepage allocation · Muchun Song <hidden> · 2026-06-12
[PATCH v4 01/19] mm/hugetlb: Fix boot panic with CONFIG_DEBUG_VM and HVO bootmem pages · Muchun Song <hidden> · 2026-06-12
[PATCH v4 02/19] mm/hugetlb_vmemmap: Fix __hugetlb_vmemmap_optimize_folios() · Muchun Song <hidden> · 2026-06-12
Re: [PATCH v4 02/19] mm/hugetlb_vmemmap: Fix __hugetlb_vmemmap_optimize_folios() · Frank van der Linden <hidden> · 2026-06-12
[PATCH v4 03/19] powerpc/mm: Fix wrong addr_pfn tracking in compound vmemmap population · Muchun Song <hidden> · 2026-06-12
[PATCH v4 04/19] mm/hugetlb: Initialize gigantic bootmem hugepage struct pages earlier · Muchun Song <hidden> · 2026-06-12
[PATCH v4 05/19] mm/mm_init: Simplify deferred_free_pages() migratetype init · Muchun Song <hidden> · 2026-06-12
[PATCH v4 06/19] mm/sparse: Panic on memmap and usemap allocation failure · Muchun Song <hidden> · 2026-06-12
[PATCH v4 07/19] mm/sparse: Move subsection_map_init() into sparse_init() · Muchun Song <hidden> · 2026-06-12
Re: [PATCH v4 07/19] mm/sparse: Move subsection_map_init() into sparse_init() · XIAO WU <hidden> · 2026-06-15
Re: [PATCH v4 07/19] mm/sparse: Move subsection_map_init() into sparse_init() · Muchun Song <muchun.song@linux.dev> · 2026-06-16
[PATCH v4 08/19] mm/mm_init: Defer sparse_init() until after zone initialization · Muchun Song <hidden> · 2026-06-12
[PATCH v4 09/19] mm/mm_init: Defer hugetlb reservation until after zone initialization · Muchun Song <hidden> · 2026-06-12
[PATCH v4 10/19] mm/mm_init: Remove set_pageblock_order() call from sparse_init() · Muchun Song <hidden> · 2026-06-12
[PATCH v4 11/19] mm/sparse: Move sparse_vmemmap_init_nid_late() into sparse_init_nid() · Muchun Song <hidden> · 2026-06-12
[PATCH v4 12/19] mm/hugetlb_cma: Validate hugetlb CMA range by zone at reserve time · Muchun Song <hidden> · 2026-06-12
[PATCH v4 13/19] mm/hugetlb: Refactor early boot gigantic hugepage allocation · Muchun Song <hidden> · 2026-06-12
[PATCH v4 14/19] mm/hugetlb: Free cross-zone bootmem gigantic pages after allocation · Muchun Song <hidden> · 2026-06-12
Re: [PATCH v4 14/19] mm/hugetlb: Free cross-zone bootmem gigantic pages after allocation · Mike Rapoport <rppt@kernel.org> · 2026-06-14
[PATCH v4 15/19] mm/hugetlb_vmemmap: Move bootmem HVO setup to early init · Muchun Song <hidden> · 2026-06-12
[PATCH v4 16/19] mm/hugetlb: Remove obsolete bootmem cross-zone checks · Muchun Song <hidden> · 2026-06-12
[PATCH v4 17/19] mm/sparse-vmemmap: Remove sparse_vmemmap_init_nid_late() · Muchun Song <hidden> · 2026-06-12
[PATCH v4 18/19] mm/hugetlb: Remove unused bootmem cma field · Muchun Song <hidden> · 2026-06-12
[PATCH v4 19/19] mm/mm_init: Fold __init_page_from_nid() into __init_deferred_page() · Muchun Song <hidden> · 2026-06-12
Re: [PATCH v4 00/19] mm: Refactor bootmem gigantic hugepage allocation · Muchun Song <muchun.song@linux.dev> · 2026-06-17
Re: [PATCH v4 00/19] mm: Refactor bootmem gigantic hugepage allocation · Andrew Morton <akpm@linux-foundation.org> · 2026-06-26

From: XIAO WU <hidden>
Date: 2026-06-15 16:35:34
Also in: lkml

Hi Muchun,

Muchun Song [off-list ref] wrote:
 > mm/sparse: Move subsection_map_init() into sparse_init()
 >
 > This commit moves subsection_map_init() from free_area_init() into
 > sparse_init() so that sparse-specific setup stays together instead of 
being
 > split across the generic free_area_init() path.

This patch introduces a new `sparse_init_subsection_map()` that iterates
over all memblock ranges and calls `sparse_init_subsection_map_range()`:

 > +void __init sparse_init_subsection_map(void)
 > +{
 > +    int i, nid;
 > +    unsigned long start, end;
 > +
 > +    for_each_mem_pfn_range(i, MAX_NUMNODES, &start, &end, &nid)
 > +        sparse_init_subsection_map_range(start, end - start);

However, earlier in `sparse_init()`, `memblocks_present()` calls
`memory_present()`, which internally caps PFN ranges at
`max_sparsemem_pfn` via `mminit_validate_memmodel_limits()`. Sections
beyond this cap never have `ms->usage` allocated.

`for_each_mem_pfn_range()` returns the raw, uncapped memblock ranges.
If a range extends beyond `max_sparsemem_pfn`, then inside
`sparse_init_subsection_map_range()`:

     ms = __nr_to_section(nr);
     subsection_mask_set(ms->usage->subsection_map, pfn, pfns);

`ms->usage` is NULL because `sparse_init_early_section()` was never
called for this section, causing a NULL pointer dereference.

I was able to reproduce this on x86_64 with 4-level paging by booting
with `memmap=4G@0x400080000000` to place a memblock range beyond the
~64 TiB `max_sparsemem_pfn` limit.  The kernel crashes during early boot:

   node  -1: [mem 0x0000400080000000-0x000040017fffffff]
   ------------[ cut here ]------------
   WARNING: mm/sparse.c:142 at sparse_init+0x1ac/0x8a0
    ...
   PANIC: early exception 0x0d IP 
10:...sparse_init_subsection_map+0x12f/0x250
   RIP: 0010:sparse_init_subsection_map+0x12f/0x250
   Call Trace:
    sparse_init+0x69f/0x8a0
    mm_core_init_early+0x12fa/0x20c0
    start_kernel+0x89/0x4e0

The fix is a one-line NULL check in sparse_init_subsection_map_range():

--- a/mm/sparse-vmemmap.c
+++ b/mm/sparse-vmemmap.c

@@ -608,6 +608,8 @@ void __init sparse_init_subsection_map(unsigned long

pfn,
          pfns = min(nr_pages, PAGES_PER_SECTION
                  - (pfn & ~PAGE_SECTION_MASK));
          ms = __nr_to_section(nr);
+        if (!ms->usage)
+            continue;
          subsection_mask_set(ms->usage->subsection_map, pfn, pfns);

On most systems `max_sparsemem_pfn` is large enough that this is never
hit, but on 32-bit or PAE configurations where the limit is much lower,
the mismatch between `for_each_mem_pfn_range()` and
`mminit_validate_memmodel_limits()` can trigger with reasonable memory
sizes.

Thanks,
Xiao

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help