From: Nico Pache <npache@redhat.com>
To: linux-kernel@vger.kernel.org, linux-mm@kvack.org,
akpm@linux-foundation.org
Cc: shakeelb@google.com, ktkhai@virtuozzo.com, shy828301@gmail.com,
guro@fb.com, vbabka@suse.cz, vdavydov.dev@gmail.com,
raquini@redhat.com
Subject: [RFC PATCH 2/2] mm/vmscan.c: Prevent allocating shrinker_info on offlined nodes
Date: Sun, 5 Dec 2021 22:33:38 -0500 [thread overview]
Message-ID: <20211206033338.743270-3-npache@redhat.com> (raw)
In-Reply-To: <20211206033338.743270-1-npache@redhat.com>
We have run into a panic caused by a shrinker allocation being attempted
on an offlined node.
Our crash analysis has determined that the issue originates from trying
to allocate pages on an offlined node in expand_one_shrinker_info. This
function makes the incorrect assumption that we can allocate on any node.
To correct this we make sure we only itterate over online nodes.
This assumption can lead to an incorrect address being assigned to ac->zonelist
in the following callchain:
__alloc_pages
-> prepare_alloc_pages
-> node_zonelist
static inline struct zonelist *node_zonelist(int nid, gfp_t flags)
{
return NODE_DATA(nid)->node_zonelists + gfp_zonelist(flags);
}
if the node is not online the return of node_zonelist will evaluate to a
invalid pointer of 0x00000 + offset_of(node_zonelists) + (1|0)
This address is then dereferenced further down the callchain in:
prepare_alloc_pages
-> first_zones_zonelist
-> next_zones_zonelist
-> zonelist_zone_idx
static inline int zonelist_zone_idx(struct zoneref *zoneref)
{
return zoneref->zone_idx;
}
Leading the system to panic.
We also correct this behavior in alloc_shrinker_info, free_shrinker_info,
and reparent_shrinker_deferred.
Fixes: 2bfd36374edd ("mm: vmscan: consolidate shrinker_maps handling code")
Fixes: 0a4465d34028 ("mm, memcg: assign memcg-aware shrinkers bitmap to memcg")
Signed-off-by: Nico Pache <npache@redhat.com>
---
mm/vmscan.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/mm/vmscan.c b/mm/vmscan.c
index fb9584641ac7..731564b61e3f 100644
--- a/mm/vmscan.c
+++ b/mm/vmscan.c
@@ -221,7 +221,7 @@ static int expand_one_shrinker_info(struct mem_cgroup *memcg,
int nid;
int size = map_size + defer_size;
- for_each_node(nid) {
+ for_each_online_node(nid) {
pn = memcg->nodeinfo[nid];
old = shrinker_info_protected(memcg, nid);
/* Not yet online memcg */
@@ -256,7 +256,7 @@ void free_shrinker_info(struct mem_cgroup *memcg)
struct shrinker_info *info;
int nid;
- for_each_node(nid) {
+ for_each_online_node(nid) {
pn = memcg->nodeinfo[nid];
info = rcu_dereference_protected(pn->shrinker_info, true);
kvfree(info);
@@ -274,7 +274,7 @@ int alloc_shrinker_info(struct mem_cgroup *memcg)
map_size = shrinker_map_size(shrinker_nr_max);
defer_size = shrinker_defer_size(shrinker_nr_max);
size = map_size + defer_size;
- for_each_node(nid) {
+ for_each_online_node(nid) {
info = kvzalloc_node(sizeof(*info) + size, GFP_KERNEL, nid);
if (!info) {
free_shrinker_info(memcg);
@@ -417,7 +417,7 @@ void reparent_shrinker_deferred(struct mem_cgroup *memcg)
/* Prevent from concurrent shrinker_info expand */
down_read(&shrinker_rwsem);
- for_each_node(nid) {
+ for_each_online_node(nid) {
child_info = shrinker_info_protected(memcg, nid);
parent_info = shrinker_info_protected(parent, nid);
for (i = 0; i < shrinker_nr_max; i++) {
--
2.33.1
next prev parent reply other threads:[~2021-12-06 3:35 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-12-06 3:33 [RFC PATCH 0/2] mm: Dont allocate pages on a offline node Nico Pache
2021-12-06 3:33 ` [RFC PATCH 1/2] include/linux/gfp.h: Do not allocate pages on a offlined node Nico Pache
2021-12-06 3:37 ` Matthew Wilcox
2021-12-06 9:22 ` Michal Hocko
2021-12-07 21:24 ` Nico Pache
2021-12-06 3:33 ` Nico Pache [this message]
2021-12-06 9:22 ` [RFC PATCH 2/2] mm/vmscan.c: Prevent allocating shrinker_info on offlined nodes Michal Hocko
2021-12-06 9:24 ` Michal Hocko
[not found] ` <d9d14beb-ee20-7ebb-e007-fbf58fb28535@redhat.com>
2021-12-06 10:54 ` Michal Hocko
[not found] ` <840cb3d0-61fe-b6cb-9918-69146ba06cf7@redhat.com>
2021-12-06 11:22 ` Michal Hocko
[not found] ` <51c65635-1dae-6ba4-daf9-db9df0ec35d8@redhat.com>
2021-12-06 13:06 ` Michal Hocko
[not found] ` <05157de4-e5df-11fc-fc46-8a9f79d0ddb4@redhat.com>
2021-12-06 14:06 ` Michal Hocko
[not found] ` <d4f281e6-1999-a3de-b879-c6ca6a25ae67@redhat.com>
2021-12-06 14:21 ` Michal Hocko
2021-12-06 14:30 ` Vlastimil Babka
2021-12-06 14:53 ` Michal Hocko
2021-12-06 18:26 ` Yang Shi
2021-12-07 10:15 ` Michal Hocko
2021-12-06 14:15 ` Michal Hocko
[not found] ` <24b4455c-aff9-ca9f-e29f-350833e7a0d1@virtuozzo.com>
2021-12-06 13:24 ` Michal Hocko
2021-12-08 19:00 ` Nico Pache
2021-12-06 18:42 ` Yang Shi
[not found] ` <a48c16d6-07df-ff44-67e6-f0942672ec28@redhat.com>
2021-12-06 21:28 ` Yang Shi
2021-12-07 10:15 ` David Hildenbrand
2021-12-07 10:55 ` Michal Hocko
2021-12-07 21:45 ` Nico Pache
2021-12-07 21:40 ` Nico Pache
2021-12-07 21:34 ` Nico Pache
2021-12-06 18:45 ` Yang Shi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211206033338.743270-3-npache@redhat.com \
--to=npache@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=guro@fb.com \
--cc=ktkhai@virtuozzo.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=raquini@redhat.com \
--cc=shakeelb@google.com \
--cc=shy828301@gmail.com \
--cc=vbabka@suse.cz \
--cc=vdavydov.dev@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).