From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Colin Ian King <colin.king@canonical.com>,
Andrew Morton <akpm@linux-foundation.org>,
Vladimir Davydov <vdavydov.dev@gmail.com>,
Michal Hocko <mhocko@suse.com>,
Mike Rapoport <rppt@linux.vnet.ibm.com>,
Mel Gorman <mgorman@techsingularity.net>,
Stephen Rothwell <sfr@canb.auug.org.au>,
Andrey Ryabinin <aryabinin@virtuozzo.com>,
Linus Torvalds <torvalds@linux-foundation.org>
Subject: [PATCH 4.19 38/72] mm/page_idle.c: fix oops because end_pfn is larger than max_pfn
Date: Tue, 2 Jul 2019 10:01:39 +0200 [thread overview]
Message-ID: <20190702080126.637385479@linuxfoundation.org> (raw)
In-Reply-To: <20190702080124.564652899@linuxfoundation.org>
From: Colin Ian King <colin.king@canonical.com>
commit 7298e3b0a149c91323b3205d325e942c3b3b9ef6 upstream.
Currently the calcuation of end_pfn can round up the pfn number to more
than the actual maximum number of pfns, causing an Oops. Fix this by
ensuring end_pfn is never more than max_pfn.
This can be easily triggered when on systems where the end_pfn gets
rounded up to more than max_pfn using the idle-page stress-ng stress test:
sudo stress-ng --idle-page 0
BUG: unable to handle kernel paging request at 00000000000020d8
#PF error: [normal kernel read fault]
PGD 0 P4D 0
Oops: 0000 [#1] SMP PTI
CPU: 1 PID: 11039 Comm: stress-ng-idle- Not tainted 5.0.0-5-generic #6-Ubuntu
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014
RIP: 0010:page_idle_get_page+0xc8/0x1a0
Code: 0f b1 0a 75 7d 48 8b 03 48 89 c2 48 c1 e8 33 83 e0 07 48 c1 ea 36 48 8d 0c 40 4c 8d 24 88 49 c1 e4 07 4c 03 24 d5 00 89 c3 be <49> 8b 44 24 58 48 8d b8 80 a1 02 00 e8 07 d5 77 00 48 8b 53 08 48
RSP: 0018:ffffafd7c672fde8 EFLAGS: 00010202
RAX: 0000000000000005 RBX: ffffe36341fff700 RCX: 000000000000000f
RDX: 0000000000000284 RSI: 0000000000000275 RDI: 0000000001fff700
RBP: ffffafd7c672fe00 R08: ffffa0bc34056410 R09: 0000000000000276
R10: ffffa0bc754e9b40 R11: ffffa0bc330f6400 R12: 0000000000002080
R13: ffffe36341fff700 R14: 0000000000080000 R15: ffffa0bc330f6400
FS: 00007f0ec1ea5740(0000) GS:ffffa0bc7db00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000000020d8 CR3: 0000000077d68000 CR4: 00000000000006e0
Call Trace:
page_idle_bitmap_write+0x8c/0x140
sysfs_kf_bin_write+0x5c/0x70
kernfs_fop_write+0x12e/0x1b0
__vfs_write+0x1b/0x40
vfs_write+0xab/0x1b0
ksys_write+0x55/0xc0
__x64_sys_write+0x1a/0x20
do_syscall_64+0x5a/0x110
entry_SYSCALL_64_after_hwframe+0x44/0xa9
Link: http://lkml.kernel.org/r/20190618124352.28307-1-colin.king@canonical.com
Fixes: 33c3fc71c8cf ("mm: introduce idle page tracking")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Reviewed-by: Andrew Morton <akpm@linux-foundation.org>
Acked-by: Vladimir Davydov <vdavydov.dev@gmail.com>
Cc: Michal Hocko <mhocko@suse.com>
Cc: Mike Rapoport <rppt@linux.vnet.ibm.com>
Cc: Mel Gorman <mgorman@techsingularity.net>
Cc: Stephen Rothwell <sfr@canb.auug.org.au>
Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/page_idle.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/mm/page_idle.c
+++ b/mm/page_idle.c
@@ -136,7 +136,7 @@ static ssize_t page_idle_bitmap_read(str
end_pfn = pfn + count * BITS_PER_BYTE;
if (end_pfn > max_pfn)
- end_pfn = ALIGN(max_pfn, BITMAP_CHUNK_BITS);
+ end_pfn = max_pfn;
for (; pfn < end_pfn; pfn++) {
bit = pfn % BITMAP_CHUNK_BITS;
@@ -181,7 +181,7 @@ static ssize_t page_idle_bitmap_write(st
end_pfn = pfn + count * BITS_PER_BYTE;
if (end_pfn > max_pfn)
- end_pfn = ALIGN(max_pfn, BITMAP_CHUNK_BITS);
+ end_pfn = max_pfn;
for (; pfn < end_pfn; pfn++) {
bit = pfn % BITMAP_CHUNK_BITS;
next prev parent reply other threads:[~2019-07-02 8:14 UTC|newest]
Thread overview: 85+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-07-02 8:01 [PATCH 4.19 00/72] 4.19.57-stable review Greg Kroah-Hartman
2019-07-02 8:01 ` [PATCH 4.19 01/72] perf ui helpline: Use strlcpy() as a shorter form of strncpy() + explicit set nul Greg Kroah-Hartman
2019-07-02 8:01 ` [PATCH 4.19 02/72] perf help: Remove needless use of strncpy() Greg Kroah-Hartman
2019-07-02 8:01 ` [PATCH 4.19 03/72] perf header: Fix unchecked usage " Greg Kroah-Hartman
2019-07-02 8:01 ` [PATCH 4.19 04/72] arm64: Dont unconditionally add -Wno-psabi to KBUILD_CFLAGS Greg Kroah-Hartman
2019-07-02 8:01 ` [PATCH 4.19 05/72] Revert "x86/uaccess, ftrace: Fix ftrace_likely_update() vs. SMAP" Greg Kroah-Hartman
2019-07-02 8:01 ` [PATCH 4.19 06/72] IB/hfi1: Close PSM sdma_progress sleep window Greg Kroah-Hartman
2019-07-02 8:01 ` [PATCH 4.19 07/72] 9p/xen: fix check for xenbus_read error in front_probe Greg Kroah-Hartman
2019-07-02 8:01 ` [PATCH 4.19 08/72] 9p: Use a slab for allocating requests Greg Kroah-Hartman
2019-07-02 8:01 ` [PATCH 4.19 09/72] 9p: embed fcall in req to round down buffer allocs Greg Kroah-Hartman
2019-07-02 8:01 ` [PATCH 4.19 10/72] 9p: add a per-client fcall kmem_cache Greg Kroah-Hartman
2019-07-02 8:01 ` [PATCH 4.19 11/72] 9p: rename p9_free_req() function Greg Kroah-Hartman
2019-07-02 8:01 ` [PATCH 4.19 12/72] 9p: Add refcount to p9_req_t Greg Kroah-Hartman
2019-07-02 8:01 ` [PATCH 4.19 13/72] 9p/rdma: do not disconnect on down_interruptible EAGAIN Greg Kroah-Hartman
2019-07-02 8:01 ` [PATCH 4.19 14/72] 9p: Rename req to rreq in trans_fd Greg Kroah-Hartman
2019-07-02 8:01 ` [PATCH 4.19 15/72] 9p: acl: fix uninitialized iattr access Greg Kroah-Hartman
2019-07-02 8:01 ` [PATCH 4.19 16/72] 9p/rdma: remove useless check in cm_event_handler Greg Kroah-Hartman
2019-07-02 8:01 ` [PATCH 4.19 17/72] 9p: p9dirent_read: check network-provided name length Greg Kroah-Hartman
2019-07-02 8:01 ` [PATCH 4.19 18/72] 9p: potential NULL dereference Greg Kroah-Hartman
2019-07-02 8:01 ` [PATCH 4.19 19/72] 9p/trans_fd: abort p9_read_work if req status changed Greg Kroah-Hartman
2019-07-02 8:01 ` [PATCH 4.19 20/72] 9p/trans_fd: put worker reqs on destroy Greg Kroah-Hartman
2019-07-02 8:01 ` [PATCH 4.19 21/72] net/9p: include trans_common.h to fix missing prototype warning Greg Kroah-Hartman
2019-07-02 8:01 ` [PATCH 4.19 22/72] qmi_wwan: Fix out-of-bounds read Greg Kroah-Hartman
2019-07-02 8:01 ` [PATCH 4.19 23/72] Revert "usb: dwc3: gadget: Clear req->needs_extra_trb flag on cleanup" Greg Kroah-Hartman
2019-07-02 8:01 ` [PATCH 4.19 24/72] usb: dwc3: gadget: combine unaligned and zero flags Greg Kroah-Hartman
2019-07-02 8:01 ` [PATCH 4.19 25/72] usb: dwc3: gadget: track number of TRBs per request Greg Kroah-Hartman
2019-07-02 8:01 ` [PATCH 4.19 26/72] usb: dwc3: gadget: use num_trbs when skipping TRBs on ->dequeue() Greg Kroah-Hartman
2019-07-03 2:03 ` Sasha Levin
2019-07-03 7:20 ` Greg Kroah-Hartman
2019-07-03 19:59 ` Sasha Levin
2019-07-02 8:01 ` [PATCH 4.19 27/72] usb: dwc3: gadget: extract dwc3_gadget_ep_skip_trbs() Greg Kroah-Hartman
2019-07-02 8:01 ` [PATCH 4.19 28/72] usb: dwc3: gadget: introduce cancelled_list Greg Kroah-Hartman
2019-07-02 8:01 ` [PATCH 4.19 29/72] usb: dwc3: gadget: move requests to cancelled_list Greg Kroah-Hartman
2019-07-02 8:01 ` [PATCH 4.19 30/72] usb: dwc3: gadget: remove wait_end_transfer Greg Kroah-Hartman
2019-07-02 8:01 ` [PATCH 4.19 31/72] usb: dwc3: gadget: Clear req->needs_extra_trb flag on cleanup Greg Kroah-Hartman
2019-07-02 8:01 ` [PATCH 4.19 32/72] fs/proc/array.c: allow reporting eip/esp for all coredumping threads Greg Kroah-Hartman
2019-07-02 8:01 ` [PATCH 4.19 33/72] mm/mempolicy.c: fix an incorrect rebind node in mpol_rebind_nodemask Greg Kroah-Hartman
2019-07-02 8:01 ` [PATCH 4.19 34/72] fs/binfmt_flat.c: make load_flat_shared_library() work Greg Kroah-Hartman
2019-07-02 8:01 ` [PATCH 4.19 35/72] clk: socfpga: stratix10: fix divider entry for the emac clocks Greg Kroah-Hartman
2019-07-02 8:01 ` [PATCH 4.19 36/72] mm: soft-offline: return -EBUSY if set_hwpoison_free_buddy_page() fails Greg Kroah-Hartman
2019-07-02 8:01 ` [PATCH 4.19 37/72] mm: hugetlb: soft-offline: dissolve_free_huge_page() return zero on !PageHuge Greg Kroah-Hartman
2019-07-02 8:01 ` Greg Kroah-Hartman [this message]
2019-07-02 8:01 ` [PATCH 4.19 39/72] dm log writes: make sure super sector log updates are written in order Greg Kroah-Hartman
2019-07-02 8:01 ` [PATCH 4.19 40/72] scsi: vmw_pscsi: Fix use-after-free in pvscsi_queue_lck() Greg Kroah-Hartman
2019-07-02 8:01 ` [PATCH 4.19 41/72] x86/speculation: Allow guests to use SSBD even if host does not Greg Kroah-Hartman
2019-07-02 8:01 ` [PATCH 4.19 42/72] x86/microcode: Fix the microcode load on CPU hotplug for real Greg Kroah-Hartman
2019-07-02 8:01 ` [PATCH 4.19 43/72] x86/resctrl: Prevent possible overrun during bitmap operations Greg Kroah-Hartman
2019-07-02 8:01 ` [PATCH 4.19 44/72] KVM: x86/mmu: Allocate PAE root array when using SVMs 32-bit NPT Greg Kroah-Hartman
2019-07-02 8:01 ` [PATCH 4.19 45/72] NFS/flexfiles: Use the correct TCP timeout for flexfiles I/O Greg Kroah-Hartman
2019-07-02 8:01 ` [PATCH 4.19 46/72] cpu/speculation: Warn on unsupported mitigations= parameter Greg Kroah-Hartman
2019-07-02 8:01 ` [PATCH 4.19 47/72] SUNRPC: Clean up initialisation of the struct rpc_rqst Greg Kroah-Hartman
2019-07-02 8:01 ` [PATCH 4.19 48/72] irqchip/mips-gic: Use the correct local interrupt map registers Greg Kroah-Hartman
2019-07-02 8:01 ` [PATCH 4.19 49/72] eeprom: at24: fix unexpected timeout under high load Greg Kroah-Hartman
2019-07-02 8:01 ` [PATCH 4.19 50/72] af_packet: Block execution of tasks waiting for transmit to complete in AF_PACKET Greg Kroah-Hartman
2019-07-02 8:01 ` [PATCH 4.19 51/72] bonding: Always enable vlan tx offload Greg Kroah-Hartman
2019-07-02 8:01 ` [PATCH 4.19 52/72] ipv4: Use return value of inet_iif() for __raw_v4_lookup in the while loop Greg Kroah-Hartman
2019-07-02 8:01 ` [PATCH 4.19 53/72] net/packet: fix memory leak in packet_set_ring() Greg Kroah-Hartman
2019-07-02 8:01 ` [PATCH 4.19 54/72] net: remove duplicate fetch in sock_getsockopt Greg Kroah-Hartman
2019-07-02 8:01 ` [PATCH 4.19 55/72] net: stmmac: fixed new system time seconds value calculation Greg Kroah-Hartman
2019-07-02 8:01 ` [PATCH 4.19 56/72] net: stmmac: set IC bit when transmitting frames with HW timestamp Greg Kroah-Hartman
2019-07-02 8:01 ` [PATCH 4.19 57/72] sctp: change to hold sk after auth shkey is created successfully Greg Kroah-Hartman
2019-07-02 8:01 ` [PATCH 4.19 58/72] team: Always enable vlan tx offload Greg Kroah-Hartman
2019-07-02 8:02 ` [PATCH 4.19 59/72] tipc: change to use register_pernet_device Greg Kroah-Hartman
2019-07-02 8:02 ` [PATCH 4.19 60/72] tipc: check msg->req data len in tipc_nl_compat_bearer_disable Greg Kroah-Hartman
2019-07-02 8:02 ` [PATCH 4.19 61/72] tun: wake up waitqueues after IFF_UP is set Greg Kroah-Hartman
2019-07-02 8:02 ` [PATCH 4.19 62/72] bpf: simplify definition of BPF_FIB_LOOKUP related flags Greg Kroah-Hartman
2019-07-02 8:02 ` [PATCH 4.19 63/72] bpf: lpm_trie: check left child of last leftmost node for NULL Greg Kroah-Hartman
2019-07-02 8:02 ` [PATCH 4.19 64/72] bpf: fix nested bpf tracepoints with per-cpu data Greg Kroah-Hartman
2019-07-02 8:02 ` [PATCH 4.19 65/72] bpf: fix unconnected udp hooks Greg Kroah-Hartman
2019-07-02 8:02 ` [PATCH 4.19 66/72] bpf: udp: Avoid calling reuseports bpf_prog from udp_gro Greg Kroah-Hartman
2019-07-02 8:02 ` [PATCH 4.19 67/72] bpf: udp: ipv6: Avoid running reuseports bpf_prog from __udp6_lib_err Greg Kroah-Hartman
2019-07-02 8:02 ` [PATCH 4.19 68/72] arm64: futex: Avoid copying out uninitialised stack in failed cmpxchg() Greg Kroah-Hartman
2019-07-02 8:02 ` [PATCH 4.19 69/72] bpf, arm64: use more scalable stadd over ldxr / stxr loop in xadd Greg Kroah-Hartman
2019-07-02 8:02 ` [PATCH 4.19 70/72] futex: Update comments and docs about return values of arch futex code Greg Kroah-Hartman
2019-07-02 8:02 ` [PATCH 4.19 71/72] RDMA: Directly cast the sockaddr union to sockaddr Greg Kroah-Hartman
2019-07-02 8:02 ` [PATCH 4.19 72/72] tipc: pass tunnel dev as NULL to udp_tunnel(6)_xmit_skb Greg Kroah-Hartman
2019-07-02 12:32 ` [PATCH 4.19 00/72] 4.19.57-stable review kernelci.org bot
2019-07-02 16:54 ` Naresh Kamboju
2019-07-02 20:23 ` Guenter Roeck
2019-07-03 14:46 ` Greg Kroah-Hartman
2019-07-02 21:08 ` Kelsey Skunberg
2019-07-02 22:52 ` shuah
2019-07-03 10:21 ` Jon Hunter
2019-07-03 10:21 ` Jon Hunter
2019-07-04 5:29 ` Bharath Vedartham
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190702080126.637385479@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=akpm@linux-foundation.org \
--cc=aryabinin@virtuozzo.com \
--cc=colin.king@canonical.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mgorman@techsingularity.net \
--cc=mhocko@suse.com \
--cc=rppt@linux.vnet.ibm.com \
--cc=sfr@canb.auug.org.au \
--cc=stable@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=vdavydov.dev@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.