* [PATCH v2] mm/mm_init: handle alloc_percpu failure in free_area_init_core_hotplug
@ 2026-07-01 22:16 Gregory Price
2026-07-02 8:02 ` David Hildenbrand (Arm)
2026-07-02 8:59 ` Mike Rapoport
0 siblings, 2 replies; 3+ messages in thread
From: Gregory Price @ 2026-07-01 22:16 UTC (permalink / raw)
To: linux-mm
Cc: linux-kernel, linux-cxl, kernel-team, david, osalvador, akpm,
rppt, mgorman, hannes, vbabka, Sashiko
We miss a failed allocation check for pgdat->per_cpu_nodestats, which
results in a NULL deref when we offset into the per-cpu area.
Propagate -ENOMEM up the stack and leave per_cpu_nodestats pointing
at boot_nodestats so a later online can retry the allocation.
hotadd_init_pgdat() returns NULL on failure, which __try_online_node()
already maps to -ENOMEM.
On failure nothing needs to be unwound:
- the node is never marked online
- per_cpu_nodestats is left pointing at boot_nodestats
- __add_memory_resource() cleans up pending memblock resources
- later online attempts retry the per_cpu_nodestats allocation
Reported-by: Sashiko <sashiko-bot@kernel.org>
Link: https://sashiko.dev/#/patchset/20260627202243.758289-1-gourry%40gourry.net
Fixes: 75ef71840539 ("mm, vmstat: add infrastructure for per-node vmstats")
Signed-off-by: Gregory Price <gourry@gourry.net>
---
include/linux/memory_hotplug.h | 2 +-
mm/memory_hotplug.c | 3 ++-
mm/mm_init.c | 14 +++++++++++---
3 files changed, 14 insertions(+), 5 deletions(-)
diff --git a/include/linux/memory_hotplug.h b/include/linux/memory_hotplug.h
index 7c9d66729c60..06c58cb05779 100644
--- a/include/linux/memory_hotplug.h
+++ b/include/linux/memory_hotplug.h
@@ -289,7 +289,7 @@ static inline void __remove_memory(u64 start, u64 size) {}
/* Default online_type (MMOP_*) when new memory blocks are added. */
extern enum mmop mhp_get_default_online_type(void);
extern void mhp_set_default_online_type(enum mmop online_type);
-extern void __ref free_area_init_core_hotplug(struct pglist_data *pgdat);
+int __ref free_area_init_core_hotplug(struct pglist_data *pgdat);
extern int __add_memory(int nid, u64 start, u64 size, mhp_t mhp_flags);
extern int add_memory(int nid, u64 start, u64 size, mhp_t mhp_flags);
extern int add_memory_resource(int nid, struct resource *resource,
diff --git a/mm/memory_hotplug.c b/mm/memory_hotplug.c
index 7ac19fab2263..8b137328dcf0 100644
--- a/mm/memory_hotplug.c
+++ b/mm/memory_hotplug.c
@@ -1263,7 +1263,8 @@ static pg_data_t *hotadd_init_pgdat(int nid)
pgdat = NODE_DATA(nid);
/* init node's zones as empty zones, we don't have any present pages.*/
- free_area_init_core_hotplug(pgdat);
+ if (free_area_init_core_hotplug(pgdat))
+ return NULL;
/*
* The node we allocated has no zone fallback lists. For avoiding
diff --git a/mm/mm_init.c b/mm/mm_init.c
index cfd0b2722d83..07a8c74cf7ad 100644
--- a/mm/mm_init.c
+++ b/mm/mm_init.c
@@ -1526,7 +1526,7 @@ static inline void __init set_pageblock_order(void)
* NOTE: this function is only called during memory hotplug
*/
#ifdef CONFIG_MEMORY_HOTPLUG
-void __ref free_area_init_core_hotplug(struct pglist_data *pgdat)
+int __ref free_area_init_core_hotplug(struct pglist_data *pgdat)
{
int nid = pgdat->node_id;
enum zone_type z;
@@ -1534,8 +1534,14 @@ void __ref free_area_init_core_hotplug(struct pglist_data *pgdat)
pgdat_init_internals(pgdat);
- if (pgdat->per_cpu_nodestats == &boot_nodestats)
- pgdat->per_cpu_nodestats = alloc_percpu(struct per_cpu_nodestat);
+ if (pgdat->per_cpu_nodestats == &boot_nodestats) {
+ struct per_cpu_nodestat __percpu *p;
+
+ p = alloc_percpu(struct per_cpu_nodestat);
+ if (!p)
+ return -ENOMEM;
+ pgdat->per_cpu_nodestats = p;
+ }
/*
* Reset the nr_zones, order and highest_zoneidx before reuse.
@@ -1573,6 +1579,8 @@ void __ref free_area_init_core_hotplug(struct pglist_data *pgdat)
zone->present_pages = 0;
zone_init_internals(zone, z, nid, 0);
}
+
+ return 0;
}
#endif
--
2.54.0
^ permalink raw reply related [flat|nested] 3+ messages in thread* Re: [PATCH v2] mm/mm_init: handle alloc_percpu failure in free_area_init_core_hotplug
2026-07-01 22:16 [PATCH v2] mm/mm_init: handle alloc_percpu failure in free_area_init_core_hotplug Gregory Price
@ 2026-07-02 8:02 ` David Hildenbrand (Arm)
2026-07-02 8:59 ` Mike Rapoport
1 sibling, 0 replies; 3+ messages in thread
From: David Hildenbrand (Arm) @ 2026-07-02 8:02 UTC (permalink / raw)
To: Gregory Price, linux-mm
Cc: linux-kernel, linux-cxl, kernel-team, osalvador, akpm, rppt,
mgorman, hannes, vbabka, Sashiko
On 7/2/26 00:16, Gregory Price wrote:
> We miss a failed allocation check for pgdat->per_cpu_nodestats, which
> results in a NULL deref when we offset into the per-cpu area.
>
> Propagate -ENOMEM up the stack and leave per_cpu_nodestats pointing
> at boot_nodestats so a later online can retry the allocation.
>
> hotadd_init_pgdat() returns NULL on failure, which __try_online_node()
> already maps to -ENOMEM.
>
> On failure nothing needs to be unwound:
> - the node is never marked online
> - per_cpu_nodestats is left pointing at boot_nodestats
> - __add_memory_resource() cleans up pending memblock resources
> - later online attempts retry the per_cpu_nodestats allocation
>
> Reported-by: Sashiko <sashiko-bot@kernel.org>
> Link: https://sashiko.dev/#/patchset/20260627202243.758289-1-gourry%40gourry.net
> Fixes: 75ef71840539 ("mm, vmstat: add infrastructure for per-node vmstats")
> Signed-off-by: Gregory Price <gourry@gourry.net>
> ---
Acked-by: David Hildenbrand (Arm) <david@kernel.org>
--
Cheers,
David
^ permalink raw reply [flat|nested] 3+ messages in thread* Re: [PATCH v2] mm/mm_init: handle alloc_percpu failure in free_area_init_core_hotplug
2026-07-01 22:16 [PATCH v2] mm/mm_init: handle alloc_percpu failure in free_area_init_core_hotplug Gregory Price
2026-07-02 8:02 ` David Hildenbrand (Arm)
@ 2026-07-02 8:59 ` Mike Rapoport
1 sibling, 0 replies; 3+ messages in thread
From: Mike Rapoport @ 2026-07-02 8:59 UTC (permalink / raw)
To: linux-mm, Gregory Price
Cc: Mike Rapoport, linux-kernel, linux-cxl, kernel-team, david,
osalvador, akpm, mgorman, hannes, vbabka, Sashiko
On Wed, 01 Jul 2026 18:16:13 -0400, Gregory Price wrote:
> We miss a failed allocation check for pgdat->per_cpu_nodestats, which
> results in a NULL deref when we offset into the per-cpu area.
>
> Propagate -ENOMEM up the stack and leave per_cpu_nodestats pointing
> at boot_nodestats so a later online can retry the allocation.
>
> hotadd_init_pgdat() returns NULL on failure, which __try_online_node()
> already maps to -ENOMEM.
>
> [...]
Applied to fixes branch of memblock.git tree, thanks!
[1/1] mm/mm_init: handle alloc_percpu failure in free_area_init_core_hotplug
commit: 2ebce860bdd7ae5e13002811bc9bbbf33fcfc221
tree: https://git.kernel.org/pub/scm/linux/kernel/git/rppt/memblock
branch: fixes
--
Sincerely yours,
Mike.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2026-07-02 8:59 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-07-01 22:16 [PATCH v2] mm/mm_init: handle alloc_percpu failure in free_area_init_core_hotplug Gregory Price
2026-07-02 8:02 ` David Hildenbrand (Arm)
2026-07-02 8:59 ` Mike Rapoport
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox