From: Alistair Popple <apopple@nvidia.com>
To: liuqiangneo@163.com
Cc: jgg@ziepe.ca, leon@kernel.org, akpm@linux-foundation.org,
linux-mm@kvack.org, linux-kernel@vger.kernel.org,
Qiang Liu <liuqiang@kylinos.cn>
Subject: Re: [PATCH v2] lib/test_hmm: Check alloc_page_vma() return value
Date: Tue, 19 May 2026 09:39:32 +1000 [thread overview]
Message-ID: <agugdKKApUGLWkaz@nvdebian.thelocal> (raw)
In-Reply-To: <20260518031903.63455-1-liuqiangneo@163.com>
On 2026-05-18 at 13:19 +1000, liuqiangneo@163.com wrote...
> From: Qiang Liu <liuqiang@kylinos.cn>
>
> Return VM_FAULT_OOM if page allocation fails, which
> avoids a NULL pointer dereference when calling lock_page().
>
> Signed-off-by: Qiang Liu <liuqiang@kylinos.cn>
> ---
> v2:
> - Add unlock and free allocated pages before return.
> - https://lore.kernel.org/all/20260514032345.32256-1-liuqiangneo@163.com/
> ---
> lib/test_hmm.c | 11 +++++++++++
> 1 file changed, 11 insertions(+)
>
> diff --git a/lib/test_hmm.c b/lib/test_hmm.c
> index 213504915737..90aec4ca2e01 100644
> --- a/lib/test_hmm.c
> +++ b/lib/test_hmm.c
> @@ -1063,6 +1063,17 @@ static vm_fault_t dmirror_devmem_fault_alloc_and_copy(struct migrate_vma *args,
> /* Try with smaller pages if large allocation fails */
> if (!dpage && order) {
> dpage = alloc_page_vma(GFP_HIGHUSER_MOVABLE, args->vma, addr);
> + if (!dpage) {
> + /* Unlock and free pages already allocated. */
> + while (i > 0) {
> + struct page *fpage;
You will need to clear dst[i] as well to avoid subsequent calls to
migrate_vma_pages/finalize() trying to continue with the migration. But then the
whole error handling for this function already seems to be broken because not
all callers do this :-)
Looking at the two callers for this, one ignores the return code
(dmirror_migrate_to_system) and the other (dmirror_devmem_fault) gets the
error handling wrong because it skips calling migrate_vma_finalize() if
dmirror_devmem_fault_alloc_and_copy() failed.
What needs to happen is we propagate the error up to the test so the test fails,
but we still need to call migrate_vma_finalize() to remove the migration entries
created in the migrate_vma_setup() step.
- Alistair
> + fpage = migrate_pfn_to_page(dst[--i]);
> + unlock_page(fpage);
> + __free_page(fpage);
> + }
> + return VM_FAULT_OOM;
> + }
> lock_page(dpage);
> dst[i] = migrate_pfn(page_to_pfn(dpage));
> dst_page = pfn_to_page(page_to_pfn(dpage));
> --
> 2.43.0
>
>
prev parent reply other threads:[~2026-05-18 23:39 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-18 3:19 [PATCH v2] lib/test_hmm: Check alloc_page_vma() return value liuqiangneo
2026-05-18 21:33 ` Andrew Morton
2026-05-18 23:39 ` Alistair Popple [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=agugdKKApUGLWkaz@nvdebian.thelocal \
--to=apopple@nvidia.com \
--cc=akpm@linux-foundation.org \
--cc=jgg@ziepe.ca \
--cc=leon@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=liuqiang@kylinos.cn \
--cc=liuqiangneo@163.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.