From: Michal Hocko <mhocko@suse.cz>
To: David Rientjes <rientjes@google.com>
Cc: linux-mm@kvack.org, linux-kernel@vger.kernel.org,
Andrew Morton <akpm@linux-foundation.org>,
Mel Gorman <mgorman@suse.de>,
KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>,
Andrea Arcangeli <aarcange@redhat.com>
Subject: Re: [PATCH] mm: Fix NULL ptr dereference in __count_immobile_pages
Date: Wed, 11 Jan 2012 09:48:02 +0100 [thread overview]
Message-ID: <20120111084802.GA16466@tiehlicka.suse.cz> (raw)
In-Reply-To: <alpine.DEB.2.00.1201101326080.10821@chino.kir.corp.google.com>
On Tue 10-01-12 13:31:08, David Rientjes wrote:
> On Tue, 10 Jan 2012, Michal Hocko wrote:
[...]
> > mm/page_alloc.c | 11 +++++++++++
> > 1 files changed, 11 insertions(+), 0 deletions(-)
> >
> > diff --git a/mm/page_alloc.c b/mm/page_alloc.c
> > index 2b8ba3a..485be89 100644
> > --- a/mm/page_alloc.c
> > +++ b/mm/page_alloc.c
> > @@ -5608,6 +5608,17 @@ __count_immobile_pages(struct zone *zone, struct page *page, int count)
> > bool is_pageblock_removable_nolock(struct page *page)
> > {
> > struct zone *zone = page_zone(page);
> > + unsigned long pfn = page_to_pfn(page);
> > +
> > + /*
> > + * We have to be careful here because we are iterating over memory
> > + * sections which are not zone aware so we might end up outside of
> > + * the zone but still within the section.
> > + */
> > + if (!zone || zone->zone_start_pfn > pfn ||
> > + zone->zone_start_pfn + zone->spanned_pages <= pfn)
> > + return false;
> > +
> > return __count_immobile_pages(zone, page, 0);
> > }
> >
>
> This seems partially bogus, why would
>
> page_zone(page)->zone_start_pfn > page_to_pfn(page) ||
> page_zone(page)->zone_start_pfn + page_zone(page)->spanned_pages <= page_to_pfn(page)
>
> ever be true? That would certainly mean that the struct zone is corrupted
> and seems to be unnecessary to fix the problem you're addressing.
Not really. Consider the case when the node 0 is present. Uninitialized
page would lead to node=0, zone=0 and then we have to check for the zone
boundaries.
> I think this should be handled in is_mem_section_removable() on the pfn
> rather than using the struct page in is_pageblock_removable_nolock() and
> converting back and forth. We should make sure that any page passed to
> is_pageblock_removable_nolock() is valid.
Yes, I do not like pfn->page->pfn dance as well and in fact I do not
have a strong opinion which one is better. I just put it at the place
where we care about zone to be more obvious. If others think that I
should move the check one level higher I'll do that. I just think this
is more obvious.
Thanks for your comments.
--
Michal Hocko
SUSE Labs
SUSE LINUX s.r.o.
Lihovarska 1060/12
190 00 Praha 9
Czech Republic
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Fight unfair telecom internet charges in Canada: sign http://stopthemeter.ca/
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
WARNING: multiple messages have this Message-ID (diff)
From: Michal Hocko <mhocko@suse.cz>
To: David Rientjes <rientjes@google.com>
Cc: linux-mm@kvack.org, linux-kernel@vger.kernel.org,
Andrew Morton <akpm@linux-foundation.org>,
Mel Gorman <mgorman@suse.de>,
KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>,
Andrea Arcangeli <aarcange@redhat.com>
Subject: Re: [PATCH] mm: Fix NULL ptr dereference in __count_immobile_pages
Date: Wed, 11 Jan 2012 09:48:02 +0100 [thread overview]
Message-ID: <20120111084802.GA16466@tiehlicka.suse.cz> (raw)
In-Reply-To: <alpine.DEB.2.00.1201101326080.10821@chino.kir.corp.google.com>
On Tue 10-01-12 13:31:08, David Rientjes wrote:
> On Tue, 10 Jan 2012, Michal Hocko wrote:
[...]
> > mm/page_alloc.c | 11 +++++++++++
> > 1 files changed, 11 insertions(+), 0 deletions(-)
> >
> > diff --git a/mm/page_alloc.c b/mm/page_alloc.c
> > index 2b8ba3a..485be89 100644
> > --- a/mm/page_alloc.c
> > +++ b/mm/page_alloc.c
> > @@ -5608,6 +5608,17 @@ __count_immobile_pages(struct zone *zone, struct page *page, int count)
> > bool is_pageblock_removable_nolock(struct page *page)
> > {
> > struct zone *zone = page_zone(page);
> > + unsigned long pfn = page_to_pfn(page);
> > +
> > + /*
> > + * We have to be careful here because we are iterating over memory
> > + * sections which are not zone aware so we might end up outside of
> > + * the zone but still within the section.
> > + */
> > + if (!zone || zone->zone_start_pfn > pfn ||
> > + zone->zone_start_pfn + zone->spanned_pages <= pfn)
> > + return false;
> > +
> > return __count_immobile_pages(zone, page, 0);
> > }
> >
>
> This seems partially bogus, why would
>
> page_zone(page)->zone_start_pfn > page_to_pfn(page) ||
> page_zone(page)->zone_start_pfn + page_zone(page)->spanned_pages <= page_to_pfn(page)
>
> ever be true? That would certainly mean that the struct zone is corrupted
> and seems to be unnecessary to fix the problem you're addressing.
Not really. Consider the case when the node 0 is present. Uninitialized
page would lead to node=0, zone=0 and then we have to check for the zone
boundaries.
> I think this should be handled in is_mem_section_removable() on the pfn
> rather than using the struct page in is_pageblock_removable_nolock() and
> converting back and forth. We should make sure that any page passed to
> is_pageblock_removable_nolock() is valid.
Yes, I do not like pfn->page->pfn dance as well and in fact I do not
have a strong opinion which one is better. I just put it at the place
where we care about zone to be more obvious. If others think that I
should move the check one level higher I'll do that. I just think this
is more obvious.
Thanks for your comments.
--
Michal Hocko
SUSE Labs
SUSE LINUX s.r.o.
Lihovarska 1060/12
190 00 Praha 9
Czech Republic
next prev parent reply other threads:[~2012-01-11 8:48 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-01-10 16:30 [PATCH] mm: Fix NULL ptr dereference in __count_immobile_pages Michal Hocko
2012-01-10 16:30 ` Michal Hocko
2012-01-10 21:31 ` David Rientjes
2012-01-10 21:31 ` David Rientjes
2012-01-11 8:48 ` Michal Hocko [this message]
2012-01-11 8:48 ` Michal Hocko
2012-01-12 2:17 ` KAMEZAWA Hiroyuki
2012-01-12 2:17 ` KAMEZAWA Hiroyuki
2012-01-12 8:27 ` Michal Hocko
2012-01-12 8:27 ` Michal Hocko
2012-01-12 8:35 ` KAMEZAWA Hiroyuki
2012-01-12 8:35 ` KAMEZAWA Hiroyuki
2012-01-12 9:23 ` Michal Hocko
2012-01-12 9:23 ` Michal Hocko
2012-01-12 9:33 ` KAMEZAWA Hiroyuki
2012-01-12 9:33 ` KAMEZAWA Hiroyuki
2012-01-12 10:05 ` [PATCH] mm: __count_immobile_pages make sure the node is online Michal Hocko
2012-01-12 10:05 ` Michal Hocko
2012-01-12 11:14 ` Mel Gorman
2012-01-12 11:14 ` Mel Gorman
2012-01-12 12:35 ` Michal Hocko
2012-01-12 12:35 ` Michal Hocko
2012-01-12 21:26 ` Andrew Morton
2012-01-12 21:26 ` Andrew Morton
2012-01-12 21:39 ` Michal Hocko
2012-01-12 21:39 ` Michal Hocko
2012-01-13 10:04 ` Mel Gorman
2012-01-13 10:04 ` Mel Gorman
2012-01-11 22:34 ` [PATCH] mm: Fix NULL ptr dereference in __count_immobile_pages Andrew Morton
2012-01-11 22:34 ` Andrew Morton
2012-01-12 8:21 ` Michal Hocko
2012-01-12 8:21 ` Michal Hocko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120111084802.GA16466@tiehlicka.suse.cz \
--to=mhocko@suse.cz \
--cc=aarcange@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=kamezawa.hiroyu@jp.fujitsu.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mgorman@suse.de \
--cc=rientjes@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.