From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Naoya Horiguchi <naoya.horiguchi@nec.com>,
David Hildenbrand <david@redhat.com>,
Yang Shi <shy828301@gmail.com>, Michal Hocko <mhocko@suse.com>,
Miaohe Lin <linmiaohe@huawei.com>,
Oscar Salvador <osalvador@suse.de>,
"Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
Matthew Wilcox <willy@infradead.org>,
Muchun Song <songmuchun@bytedance.com>,
Andrew Morton <akpm@linux-foundation.org>,
Sasha Levin <sashal@kernel.org>
Subject: [PATCH 5.15 32/37] mm/huge_memory: use pfn_to_online_page() in split_huge_pages_all()
Date: Mon, 10 Oct 2022 09:05:51 +0200 [thread overview]
Message-ID: <20221010070332.125282026@linuxfoundation.org> (raw)
In-Reply-To: <20221010070331.211113813@linuxfoundation.org>
From: Naoya Horiguchi <naoya.horiguchi@nec.com>
[ Upstream commit 2b7aa91ba0e86b8643f5d3c83874c80599c731d7 ]
NULL pointer dereference is triggered when calling thp split via debugfs
on the system with offlined memory blocks. With debug option enabled, the
following kernel messages are printed out:
page:00000000467f4890 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x121c000
flags: 0x17fffc00000000(node=0|zone=2|lastcpupid=0x1ffff)
raw: 0017fffc00000000 0000000000000000 dead000000000122 0000000000000000
raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
page dumped because: unmovable page
page:000000007d7ab72e is uninitialized and poisoned
page dumped because: VM_BUG_ON_PAGE(PagePoisoned(p))
------------[ cut here ]------------
kernel BUG at include/linux/mm.h:1248!
invalid opcode: 0000 [#1] PREEMPT SMP PTI
CPU: 16 PID: 20964 Comm: bash Tainted: G I 6.0.0-rc3-foll-numa+ #41
...
RIP: 0010:split_huge_pages_write+0xcf4/0xe30
This shows that page_to_nid() in page_zone() is unexpectedly called for an
offlined memmap.
Use pfn_to_online_page() to get struct page in PFN walker.
Link: https://lkml.kernel.org/r/20220908041150.3430269-1-naoya.horiguchi@linux.dev
Fixes: f1dd2cd13c4b ("mm, memory_hotplug: do not associate hotadded memory to zones until online") [visible after d0dc12e86b319]
Signed-off-by: Naoya Horiguchi <naoya.horiguchi@nec.com>
Co-developed-by: David Hildenbrand <david@redhat.com>
Signed-off-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Yang Shi <shy828301@gmail.com>
Acked-by: Michal Hocko <mhocko@suse.com>
Reviewed-by: Miaohe Lin <linmiaohe@huawei.com>
Reviewed-by: Oscar Salvador <osalvador@suse.de>
Acked-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Cc: Matthew Wilcox <willy@infradead.org>
Cc: Muchun Song <songmuchun@bytedance.com>
Cc: <stable@vger.kernel.org> [5.10+]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
mm/huge_memory.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/mm/huge_memory.c b/mm/huge_memory.c
index 34d2979489fd..07941a1540cb 100644
--- a/mm/huge_memory.c
+++ b/mm/huge_memory.c
@@ -2885,11 +2885,9 @@ static void split_huge_pages_all(void)
max_zone_pfn = zone_end_pfn(zone);
for (pfn = zone->zone_start_pfn; pfn < max_zone_pfn; pfn++) {
int nr_pages;
- if (!pfn_valid(pfn))
- continue;
- page = pfn_to_page(pfn);
- if (!get_page_unless_zero(page))
+ page = pfn_to_online_page(pfn);
+ if (!page || !get_page_unless_zero(page))
continue;
if (zone != page_zone(page))
--
2.35.1
next prev parent reply other threads:[~2022-10-10 7:15 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-10 7:05 [PATCH 5.15 00/37] 5.15.73-rc1 review Greg Kroah-Hartman
2022-10-10 7:05 ` [PATCH 5.15 01/37] Makefile.extrawarn: Move -Wcast-function-type-strict to W=1 Greg Kroah-Hartman
2022-10-10 7:05 ` [PATCH 5.15 02/37] docs: update mediator information in CoC docs Greg Kroah-Hartman
2022-10-10 7:05 ` [PATCH 5.15 03/37] xsk: Inherit need_wakeup flag for shared sockets Greg Kroah-Hartman
2022-10-10 7:05 ` [PATCH 5.15 04/37] mm: gup: fix the fast GUP race against THP collapse Greg Kroah-Hartman
2022-10-10 7:05 ` [PATCH 5.15 05/37] powerpc/64s/radix: dont need to broadcast IPI for radix pmd collapse flush Greg Kroah-Hartman
2022-10-10 7:05 ` [PATCH 5.15 06/37] wait_on_bit: add an acquire memory barrier Greg Kroah-Hartman
2022-10-10 7:05 ` [PATCH 5.15 07/37] provide arch_test_bit_acquire for architectures that define test_bit Greg Kroah-Hartman
2022-10-10 7:05 ` [PATCH 5.15 08/37] fs: fix UAF/GPF bug in nilfs_mdt_destroy Greg Kroah-Hartman
2022-10-10 7:05 ` [PATCH 5.15 09/37] firmware: arm_scmi: Improve checks in the info_get operations Greg Kroah-Hartman
2022-10-10 7:05 ` [PATCH 5.15 10/37] firmware: arm_scmi: Harden accesses to the sensor domains Greg Kroah-Hartman
2022-10-10 7:05 ` [PATCH 5.15 11/37] firmware: arm_scmi: Add SCMI PM driver remove routine Greg Kroah-Hartman
2022-10-10 7:05 ` [PATCH 5.15 12/37] dmaengine: xilinx_dma: Fix devm_platform_ioremap_resource error handling Greg Kroah-Hartman
2022-10-10 7:05 ` [PATCH 5.15 13/37] dmaengine: xilinx_dma: cleanup for fetching xlnx,num-fstores property Greg Kroah-Hartman
2022-10-10 7:05 ` [PATCH 5.15 14/37] dmaengine: xilinx_dma: Report error in case of dma_set_mask_and_coherent API failure Greg Kroah-Hartman
2022-10-10 7:05 ` [PATCH 5.15 15/37] ARM: dts: fix Moxa SDIO compatible, remove sdhci misnomer Greg Kroah-Hartman
2022-10-10 7:05 ` [PATCH 5.15 16/37] scsi: qedf: Fix a UAF bug in __qedf_probe() Greg Kroah-Hartman
2022-10-10 7:05 ` [PATCH 5.15 17/37] net/ieee802154: fix uninit value bug in dgram_sendmsg Greg Kroah-Hartman
2022-10-10 7:05 ` [PATCH 5.15 18/37] net: marvell: prestera: add support for for Aldrin2 Greg Kroah-Hartman
2022-10-10 7:05 ` [PATCH 5.15 19/37] ALSA: hda/hdmi: Fix the converter reuse for the silent stream Greg Kroah-Hartman
2022-10-10 7:05 ` [PATCH 5.15 20/37] um: Cleanup syscall_handler_t cast in syscalls_32.h Greg Kroah-Hartman
2022-10-10 7:05 ` [PATCH 5.15 21/37] um: Cleanup compiler warning in arch/x86/um/tls_32.c Greg Kroah-Hartman
2022-10-10 7:05 ` [PATCH 5.15 22/37] arch: um: Mark the stack non-executable to fix a binutils warning Greg Kroah-Hartman
2022-10-10 7:05 ` [PATCH 5.15 23/37] net: atlantic: fix potential memory leak in aq_ndev_close() Greg Kroah-Hartman
2022-10-10 7:05 ` [PATCH 5.15 24/37] drm/amd/display: Fix double cursor on non-video RGB MPO Greg Kroah-Hartman
2022-10-10 7:05 ` [PATCH 5.15 25/37] drm/amd/display: Assume an LTTPR is always present on fixed_vs links Greg Kroah-Hartman
2022-10-10 7:05 ` [PATCH 5.15 26/37] drm/amd/display: update gamut remap if plane has changed Greg Kroah-Hartman
2022-10-10 7:05 ` [PATCH 5.15 27/37] drm/amd/display: skip audio setup when audio stream is enabled Greg Kroah-Hartman
2022-10-10 7:05 ` [PATCH 5.15 28/37] mmc: core: Replace with already defined values for readability Greg Kroah-Hartman
2022-10-10 7:05 ` [PATCH 5.15 29/37] mmc: core: Terminate infinite loop in SD-UHS voltage switch Greg Kroah-Hartman
2022-10-10 7:05 ` [PATCH 5.15 30/37] perf parse-events: Identify broken modifiers Greg Kroah-Hartman
2022-10-10 7:05 ` [PATCH 5.15 31/37] mm/huge_memory: minor cleanup for split_huge_pages_all Greg Kroah-Hartman
2022-10-10 7:05 ` Greg Kroah-Hartman [this message]
2022-10-10 7:05 ` [PATCH 5.15 33/37] wifi: cfg80211: fix MCS divisor value Greg Kroah-Hartman
2022-10-10 7:05 ` [PATCH 5.15 34/37] net/mlx5: Disable irq when locking lag_lock Greg Kroah-Hartman
2022-10-10 7:05 ` [PATCH 5.15 35/37] usb: mon: make mmapped memory read only Greg Kroah-Hartman
2022-10-10 7:05 ` [PATCH 5.15 36/37] USB: serial: ftdi_sio: fix 300 bps rate for SIO Greg Kroah-Hartman
2022-10-10 7:05 ` [PATCH 5.15 37/37] rpmsg: qcom: glink: replace strncpy() with strscpy_pad() Greg Kroah-Hartman
2022-10-10 16:05 ` [PATCH 5.15 00/37] 5.15.73-rc1 review Naresh Kamboju
2022-10-10 17:49 ` Guenter Roeck
2022-10-10 19:07 ` Greg Kroah-Hartman
2022-10-10 18:26 ` Florian Fainelli
2022-10-10 18:59 ` Ron Economos
2022-10-10 21:28 ` Shuah Khan
2022-10-11 4:23 ` Bagas Sanjaya
2022-10-12 2:24 ` Bagas Sanjaya
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221010070332.125282026@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=akpm@linux-foundation.org \
--cc=david@redhat.com \
--cc=kirill.shutemov@linux.intel.com \
--cc=linmiaohe@huawei.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mhocko@suse.com \
--cc=naoya.horiguchi@nec.com \
--cc=osalvador@suse.de \
--cc=sashal@kernel.org \
--cc=shy828301@gmail.com \
--cc=songmuchun@bytedance.com \
--cc=stable@vger.kernel.org \
--cc=willy@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox