From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
patches@lists.linux.dev, Rik van Riel <riel@surriel.com>,
Mike Kravetz <mike.kravetz@oracle.com>,
Naoya Horiguchi <n-horiguchi@ah.jp.nec.com>,
Glen McCready <gkmccready@meta.com>,
Muchun Song <songmuchun@bytedance.com>,
Andrew Morton <akpm@linux-foundation.org>
Subject: [PATCH 4.9 24/44] mm,hugetlb: take hugetlb_lock before decrementing h->resv_huge_pages
Date: Wed, 2 Nov 2022 03:35:10 +0100 [thread overview]
Message-ID: <20221102022049.910274368@linuxfoundation.org> (raw)
In-Reply-To: <20221102022049.017479464@linuxfoundation.org>
From: Rik van Riel <riel@surriel.com>
commit 12df140f0bdfae5dcfc81800970dd7f6f632e00c upstream.
The h->*_huge_pages counters are protected by the hugetlb_lock, but
alloc_huge_page has a corner case where it can decrement the counter
outside of the lock.
This could lead to a corrupted value of h->resv_huge_pages, which we have
observed on our systems.
Take the hugetlb_lock before decrementing h->resv_huge_pages to avoid a
potential race.
Link: https://lkml.kernel.org/r/20221017202505.0e6a4fcd@imladris.surriel.com
Fixes: a88c76954804 ("mm: hugetlb: fix hugepage memory leak caused by wrong reserve count")
Signed-off-by: Rik van Riel <riel@surriel.com>
Reviewed-by: Mike Kravetz <mike.kravetz@oracle.com>
Cc: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com>
Cc: Glen McCready <gkmccready@meta.com>
Cc: Mike Kravetz <mike.kravetz@oracle.com>
Cc: Muchun Song <songmuchun@bytedance.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Mike Kravetz <mike.kravetz@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/hugetlb.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/mm/hugetlb.c
+++ b/mm/hugetlb.c
@@ -2104,11 +2104,11 @@ struct page *alloc_huge_page(struct vm_a
page = __alloc_buddy_huge_page_with_mpol(h, vma, addr);
if (!page)
goto out_uncharge_cgroup;
+ spin_lock(&hugetlb_lock);
if (!avoid_reserve && vma_has_reserves(vma, gbl_chg)) {
SetPagePrivate(page);
h->resv_huge_pages--;
}
- spin_lock(&hugetlb_lock);
list_move(&page->lru, &h->hugepage_activelist);
/* Fall through */
}
next prev parent reply other threads:[~2022-11-02 3:45 UTC|newest]
Thread overview: 50+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-02 2:34 [PATCH 4.9 00/44] 4.9.332-rc1 review Greg Kroah-Hartman
2022-11-02 2:34 ` [PATCH 4.9 01/44] ocfs2: clear dinode links count in case of error Greg Kroah-Hartman
2022-11-02 2:34 ` [PATCH 4.9 02/44] ocfs2: fix BUG when iput after ocfs2_mknod fails Greg Kroah-Hartman
2022-11-02 2:34 ` [PATCH 4.9 03/44] ata: ahci-imx: Fix MODULE_ALIAS Greg Kroah-Hartman
2022-11-02 2:34 ` [PATCH 4.9 04/44] ata: ahci: Match EM_MAX_SLOTS with SATA_PMP_MAX_PORTS Greg Kroah-Hartman
2022-11-02 2:34 ` [PATCH 4.9 05/44] arm64: errata: Remove AES hwcap for COMPAT tasks Greg Kroah-Hartman
2022-11-02 2:34 ` [PATCH 4.9 06/44] HID: magicmouse: Do not set BTN_MOUSE on double report Greg Kroah-Hartman
2022-11-02 2:34 ` [PATCH 4.9 07/44] net/atm: fix proc_mpc_write incorrect return value Greg Kroah-Hartman
2022-11-02 2:34 ` [PATCH 4.9 08/44] net: hns: fix possible memory leak in hnae_ae_register() Greg Kroah-Hartman
2022-11-02 2:34 ` [PATCH 4.9 09/44] [PATCH v3] ACPI: video: Force backlight native for more TongFang devices Greg Kroah-Hartman
2022-11-02 2:34 ` [PATCH 4.9 10/44] ALSA: Use del_timer_sync() before freeing timer Greg Kroah-Hartman
2022-11-02 2:34 ` [PATCH 4.9 11/44] ALSA: au88x0: use explicitly signed char Greg Kroah-Hartman
2022-11-02 2:34 ` [PATCH 4.9 12/44] USB: add RESET_RESUME quirk for NVIDIA Jetson devices in RCM Greg Kroah-Hartman
2022-11-02 2:34 ` [PATCH 4.9 13/44] usb: bdc: change state when port disconnected Greg Kroah-Hartman
2022-11-02 2:35 ` [PATCH 4.9 14/44] xhci: Remove device endpoints from bandwidth list when freeing the device Greg Kroah-Hartman
2022-11-02 2:35 ` [PATCH 4.9 15/44] tools: iio: iio_utils: fix digit calculation Greg Kroah-Hartman
2022-11-02 2:35 ` [PATCH 4.9 16/44] fbdev: smscufx: Fix several use-after-free bugs Greg Kroah-Hartman
2022-11-02 2:35 ` [PATCH 4.9 17/44] mac802154: Fix LQI recording Greg Kroah-Hartman
2022-11-02 2:35 ` [PATCH 4.9 18/44] drm/msm/hdmi: fix memory corruption with too many bridges Greg Kroah-Hartman
2022-11-02 2:35 ` [PATCH 4.9 19/44] mmc: core: Fix kernel panic when remove non-standard SDIO card Greg Kroah-Hartman
2022-11-02 2:35 ` [PATCH 4.9 20/44] kernfs: fix use-after-free in __kernfs_remove Greg Kroah-Hartman
2022-11-02 2:35 ` [PATCH 4.9 21/44] s390/futex: add missing EX_TABLE entry to __futex_atomic_op() Greg Kroah-Hartman
2022-11-02 2:35 ` [PATCH 4.9 22/44] Xen/gntdev: dont ignore kernel unmapping error Greg Kroah-Hartman
2022-11-02 2:35 ` [PATCH 4.9 23/44] xen/gntdev: Prevent leaking grants Greg Kroah-Hartman
2022-11-02 2:35 ` Greg Kroah-Hartman [this message]
2022-11-02 2:35 ` [PATCH 4.9 25/44] net: ieee802154: fix error return code in dgram_bind() Greg Kroah-Hartman
2022-11-02 2:35 ` [PATCH 4.9 26/44] drm/msm: Fix return type of mdp4_lvds_connector_mode_valid Greg Kroah-Hartman
2022-11-02 2:35 ` [PATCH 4.9 27/44] arc: iounmap() arg is volatile Greg Kroah-Hartman
2022-11-02 2:35 ` [PATCH 4.9 28/44] ALSA: ac97: fix possible memory leak in snd_ac97_dev_register() Greg Kroah-Hartman
2022-11-02 2:35 ` [PATCH 4.9 29/44] kcm: annotate data-races around kcm->rx_psock Greg Kroah-Hartman
2022-11-02 2:35 ` [PATCH 4.9 30/44] kcm: annotate data-races around kcm->rx_wait Greg Kroah-Hartman
2022-11-02 2:35 ` [PATCH 4.9 31/44] net: lantiq_etop: dont free skb when returning NETDEV_TX_BUSY Greg Kroah-Hartman
2022-11-02 2:35 ` [PATCH 4.9 32/44] tcp: fix indefinite deferral of RTO with SACK reneging Greg Kroah-Hartman
2022-11-02 2:35 ` [PATCH 4.9 33/44] can: mscan: mpc5xxx: mpc5xxx_can_probe(): add missing put_clock() in error path Greg Kroah-Hartman
2022-11-02 2:35 ` [PATCH 4.9 34/44] media: vivid: s_fbuf: add more sanity checks Greg Kroah-Hartman
2022-11-02 2:35 ` [PATCH 4.9 35/44] media: vivid: dev->bitmap_cap wasnt freed in all cases Greg Kroah-Hartman
2022-11-02 2:35 ` [PATCH 4.9 36/44] media: v4l2-dv-timings: add sanity checks for blanking values Greg Kroah-Hartman
2022-11-02 2:35 ` [PATCH 4.9 37/44] media: videodev2.h: V4L2_DV_BT_BLANKING_HEIGHT should check interlaced Greg Kroah-Hartman
2022-11-02 2:35 ` [PATCH 4.9 38/44] i40e: Fix ethtool rx-flow-hash setting for X722 Greg Kroah-Hartman
2022-11-02 2:35 ` [PATCH 4.9 39/44] net: ksz884x: fix missing pci_disable_device() on error in pcidev_init() Greg Kroah-Hartman
2022-11-02 2:35 ` [PATCH 4.9 40/44] ALSA: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev() Greg Kroah-Hartman
2022-11-02 2:35 ` [PATCH 4.9 41/44] ALSA: aoa: Fix I2S device accounting Greg Kroah-Hartman
2022-11-02 2:35 ` [PATCH 4.9 42/44] openvswitch: switch from WARN to pr_warn Greg Kroah-Hartman
2022-11-02 2:35 ` [PATCH 4.9 43/44] net: ehea: fix possible memory leak in ehea_register_port() Greg Kroah-Hartman
2022-11-02 2:35 ` [PATCH 4.9 44/44] can: rcar_canfd: rcar_canfd_handle_global_receive(): fix IRQ storm on global FIFO receive Greg Kroah-Hartman
2022-11-02 10:07 ` [PATCH 4.9 00/44] 4.9.332-rc1 review Jon Hunter
2022-11-02 17:21 ` Pavel Machek
2022-11-02 17:32 ` Florian Fainelli
2022-11-02 20:44 ` Guenter Roeck
2022-11-03 11:59 ` Naresh Kamboju
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221102022049.910274368@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=akpm@linux-foundation.org \
--cc=gkmccready@meta.com \
--cc=mike.kravetz@oracle.com \
--cc=n-horiguchi@ah.jp.nec.com \
--cc=patches@lists.linux.dev \
--cc=riel@surriel.com \
--cc=songmuchun@bytedance.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox