Linux-mm Archive on lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] mm/vmalloc: Do not trigger BUG() on BH disabled context
@ 2026-05-15 15:30 Uladzislau Rezki (Sony)
  2026-05-18 23:10 ` Andrew Morton
  2026-05-19  1:40 ` Baoquan He
  0 siblings, 2 replies; 5+ messages in thread
From: Uladzislau Rezki (Sony) @ 2026-05-15 15:30 UTC (permalink / raw)
  To: linux-mm, Andrew Morton
  Cc: Baoquan He, LKML, Uladzislau Rezki, Ido Schimmel,
	syzbot+8b12fc6e0fb139765b58

__get_vm_area_node() currently triggers a BUG() if in_interrupt()
returns true. However, in_interrupt() also reports true when BH
are disabled.

The bridge code can call rhashtable_lookup_insert_fast() with
bottom halves disabled:

__vlan_add()
 -> br_fdb_add_local()
  spin_lock_bh(&br->hash_lock); <-- Disable BH
   -> fdb_add_local()
    -> fdb_create()
     -> rhashtable_lookup_insert_fast()
      -> kvmalloc()
       -> vmalloc()
        -> __get_vm_area_node()
         -> BUG_ON(in_interrupt())
  spin_unlock_bh(&br->hash_lock)

this triggers the BUG() despite the caller not being in NMI or
hard IRQ context.

Replace the in_interrupt() check with in_nmi() || in_hardirq().

Cc: Ido Schimmel <idosch@nvidia.com>
Fixes: c6307674ed82 ("mm: kvmalloc: add non-blocking support for vmalloc")
Reported-by: syzbot+8b12fc6e0fb139765b58@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/all/69ff8c7c.050a0220.1036b8.000b.GAE@google.com/
Signed-off-by: Uladzislau Rezki (Sony) <urezki@gmail.com>
---
 mm/vmalloc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mm/vmalloc.c b/mm/vmalloc.c
index 676851d5cfe7..273bbe49eaef 100644
--- a/mm/vmalloc.c
+++ b/mm/vmalloc.c
@@ -3209,7 +3209,7 @@ struct vm_struct *__get_vm_area_node(unsigned long size,
 	struct vm_struct *area;
 	unsigned long requested_size = size;
 
-	BUG_ON(in_interrupt());
+	BUG_ON(in_nmi() || in_hardirq());
 	size = ALIGN(size, 1ul << shift);
 	if (unlikely(!size))
 		return NULL;
-- 
2.47.3



^ permalink raw reply related	[flat|nested] 5+ messages in thread
* Re: [PATCH] mm/vmalloc: Do not trigger BUG() on BH disabled context
  2026-05-15 15:30 [PATCH] mm/vmalloc: Do not trigger BUG() on BH disabled context Uladzislau Rezki (Sony)
@ 2026-05-18 23:10 ` Andrew Morton
  2026-05-19 16:19   ` Uladzislau Rezki
  2026-05-19  1:40 ` Baoquan He
  1 sibling, 1 reply; 5+ messages in thread
From: Andrew Morton @ 2026-05-18 23:10 UTC (permalink / raw)
  To: Uladzislau Rezki (Sony)
  Cc: linux-mm, Baoquan He, LKML, Ido Schimmel,
	syzbot+8b12fc6e0fb139765b58

On Fri, 15 May 2026 17:30:09 +0200 "Uladzislau Rezki (Sony)" <urezki@gmail.com> wrote:

> __get_vm_area_node() currently triggers a BUG() if in_interrupt()
> returns true. However, in_interrupt() also reports true when BH
> are disabled.
> 
> The bridge code can call rhashtable_lookup_insert_fast() with
> bottom halves disabled:
> 
> __vlan_add()
>  -> br_fdb_add_local()
>   spin_lock_bh(&br->hash_lock); <-- Disable BH
>    -> fdb_add_local()
>     -> fdb_create()
>      -> rhashtable_lookup_insert_fast()
>       -> kvmalloc()
>        -> vmalloc()
>         -> __get_vm_area_node()
>          -> BUG_ON(in_interrupt())
>   spin_unlock_bh(&br->hash_lock)
> 
> this triggers the BUG() despite the caller not being in NMI or
> hard IRQ context.
> 
> Replace the in_interrupt() check with in_nmi() || in_hardirq().
> 
> Cc: Ido Schimmel <idosch@nvidia.com>
> Fixes: c6307674ed82 ("mm: kvmalloc: add non-blocking support for vmalloc")

Was added in 6.19 so I assumed we want cc:stable on this.

> Reported-by: syzbot+8b12fc6e0fb139765b58@syzkaller.appspotmail.com
> Closes: https://lore.kernel.org/all/69ff8c7c.050a0220.1036b8.000b.GAE@google.com/
> Signed-off-by: Uladzislau Rezki (Sony) <urezki@gmail.com>


^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [PATCH] mm/vmalloc: Do not trigger BUG() on BH disabled context
  2026-05-15 15:30 [PATCH] mm/vmalloc: Do not trigger BUG() on BH disabled context Uladzislau Rezki (Sony)
  2026-05-18 23:10 ` Andrew Morton
@ 2026-05-19  1:40 ` Baoquan He
  2026-05-19 16:20   ` Uladzislau Rezki
  1 sibling, 1 reply; 5+ messages in thread
From: Baoquan He @ 2026-05-19  1:40 UTC (permalink / raw)
  To: Uladzislau Rezki (Sony)
  Cc: linux-mm, Andrew Morton, Baoquan He, LKML, Ido Schimmel,
	syzbot+8b12fc6e0fb139765b58

On 05/15/26 at 05:30pm, Uladzislau Rezki (Sony) wrote:
> __get_vm_area_node() currently triggers a BUG() if in_interrupt()
> returns true. However, in_interrupt() also reports true when BH
> are disabled.
> 
> The bridge code can call rhashtable_lookup_insert_fast() with
> bottom halves disabled:
> 
> __vlan_add()
>  -> br_fdb_add_local()
>   spin_lock_bh(&br->hash_lock); <-- Disable BH
>    -> fdb_add_local()
>     -> fdb_create()
>      -> rhashtable_lookup_insert_fast()
>       -> kvmalloc()
>        -> vmalloc()
>         -> __get_vm_area_node()
>          -> BUG_ON(in_interrupt())
>   spin_unlock_bh(&br->hash_lock)
> 
> this triggers the BUG() despite the caller not being in NMI or
> hard IRQ context.

Because the current vmalloc supports non-blocking allocation, so we
need to skip disabled BH or in_serving_softirq() cases to avoid unwanted
BUG(). This change looks great to me, not sure if I undersand it
correctly.

Reviewed-by: Baoquan He <baoquan.he@linux.dev>

Thanks
Baoquan

> 
> Replace the in_interrupt() check with in_nmi() || in_hardirq().
> 
> Cc: Ido Schimmel <idosch@nvidia.com>
> Fixes: c6307674ed82 ("mm: kvmalloc: add non-blocking support for vmalloc")
> Reported-by: syzbot+8b12fc6e0fb139765b58@syzkaller.appspotmail.com
> Closes: https://lore.kernel.org/all/69ff8c7c.050a0220.1036b8.000b.GAE@google.com/
> Signed-off-by: Uladzislau Rezki (Sony) <urezki@gmail.com>
> ---
>  mm/vmalloc.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/mm/vmalloc.c b/mm/vmalloc.c
> index 676851d5cfe7..273bbe49eaef 100644
> --- a/mm/vmalloc.c
> +++ b/mm/vmalloc.c
> @@ -3209,7 +3209,7 @@ struct vm_struct *__get_vm_area_node(unsigned long size,
>  	struct vm_struct *area;
>  	unsigned long requested_size = size;
>  
> -	BUG_ON(in_interrupt());
> +	BUG_ON(in_nmi() || in_hardirq());
>  	size = ALIGN(size, 1ul << shift);
>  	if (unlikely(!size))
>  		return NULL;
> -- 
> 2.47.3
> 


^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [PATCH] mm/vmalloc: Do not trigger BUG() on BH disabled context
  2026-05-18 23:10 ` Andrew Morton
@ 2026-05-19 16:19   ` Uladzislau Rezki
  0 siblings, 0 replies; 5+ messages in thread
From: Uladzislau Rezki @ 2026-05-19 16:19 UTC (permalink / raw)
  To: Andrew Morton
  Cc: Uladzislau Rezki (Sony), linux-mm, Baoquan He, LKML, Ido Schimmel,
	syzbot+8b12fc6e0fb139765b58

On Mon, May 18, 2026 at 04:10:12PM -0700, Andrew Morton wrote:
> On Fri, 15 May 2026 17:30:09 +0200 "Uladzislau Rezki (Sony)" <urezki@gmail.com> wrote:
> 
> > __get_vm_area_node() currently triggers a BUG() if in_interrupt()
> > returns true. However, in_interrupt() also reports true when BH
> > are disabled.
> > 
> > The bridge code can call rhashtable_lookup_insert_fast() with
> > bottom halves disabled:
> > 
> > __vlan_add()
> >  -> br_fdb_add_local()
> >   spin_lock_bh(&br->hash_lock); <-- Disable BH
> >    -> fdb_add_local()
> >     -> fdb_create()
> >      -> rhashtable_lookup_insert_fast()
> >       -> kvmalloc()
> >        -> vmalloc()
> >         -> __get_vm_area_node()
> >          -> BUG_ON(in_interrupt())
> >   spin_unlock_bh(&br->hash_lock)
> > 
> > this triggers the BUG() despite the caller not being in NMI or
> > hard IRQ context.
> > 
> > Replace the in_interrupt() check with in_nmi() || in_hardirq().
> > 
> > Cc: Ido Schimmel <idosch@nvidia.com>
> > Fixes: c6307674ed82 ("mm: kvmalloc: add non-blocking support for vmalloc")
> 
> Was added in 6.19 so I assumed we want cc:stable on this.
> 
Thank you. Yep, we want cc:stable!

--
Uladzislau Rezki


^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [PATCH] mm/vmalloc: Do not trigger BUG() on BH disabled context
  2026-05-19  1:40 ` Baoquan He
@ 2026-05-19 16:20   ` Uladzislau Rezki
  0 siblings, 0 replies; 5+ messages in thread
From: Uladzislau Rezki @ 2026-05-19 16:20 UTC (permalink / raw)
  To: Baoquan He
  Cc: Uladzislau Rezki (Sony), linux-mm, Andrew Morton, Baoquan He,
	LKML, Ido Schimmel, syzbot+8b12fc6e0fb139765b58

On Tue, May 19, 2026 at 09:40:19AM +0800, Baoquan He wrote:
> On 05/15/26 at 05:30pm, Uladzislau Rezki (Sony) wrote:
> > __get_vm_area_node() currently triggers a BUG() if in_interrupt()
> > returns true. However, in_interrupt() also reports true when BH
> > are disabled.
> > 
> > The bridge code can call rhashtable_lookup_insert_fast() with
> > bottom halves disabled:
> > 
> > __vlan_add()
> >  -> br_fdb_add_local()
> >   spin_lock_bh(&br->hash_lock); <-- Disable BH
> >    -> fdb_add_local()
> >     -> fdb_create()
> >      -> rhashtable_lookup_insert_fast()
> >       -> kvmalloc()
> >        -> vmalloc()
> >         -> __get_vm_area_node()
> >          -> BUG_ON(in_interrupt())
> >   spin_unlock_bh(&br->hash_lock)
> > 
> > this triggers the BUG() despite the caller not being in NMI or
> > hard IRQ context.
> 
> Because the current vmalloc supports non-blocking allocation, so we
> need to skip disabled BH or in_serving_softirq() cases to avoid unwanted
> BUG(). This change looks great to me, not sure if I undersand it
> correctly.
> 
> Reviewed-by: Baoquan He <baoquan.he@linux.dev>
> 
Thank you!

--
Uladzislau Rezki


^ permalink raw reply	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2026-05-19 16:20 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-05-15 15:30 [PATCH] mm/vmalloc: Do not trigger BUG() on BH disabled context Uladzislau Rezki (Sony)
2026-05-18 23:10 ` Andrew Morton
2026-05-19 16:19   ` Uladzislau Rezki
2026-05-19  1:40 ` Baoquan He
2026-05-19 16:20   ` Uladzislau Rezki

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox