From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id D86C229898B
	for <linux-kernel@vger.kernel.org>; Mon, 27 Apr 2026 05:53:48 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1777269228; cv=none; b=A2E00rNK6rXvJWqKEMtLkSktEMvnIwLE14c0a7RQIxcw4cjSRu5ZMbK8qjeHSmX2rfauNRoa6ytRoBh5OEgKP16wO+MxQ+ICM6Enakz7+EMCLj4/6UUIG54Qg6KmmZZwAArqqnbVBvENaV8UGYQfdIvvUnsXkM//7mOiCk5GSgM=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1777269228; c=relaxed/simple;
	bh=Uo0/I2ScI3i97jP0pB48LbPF/5TITvRJVUrClnaAOA8=;
	h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version:
	 Content-Type:Content-Disposition:In-Reply-To; b=BQ4iesKb0eAHS8xOQMTXiib+v6W3HGcUwUKJTrc8u2zYq8Hnai94dpXoTO71YvRZyc+Nn1Tsqkeh9ZddYSb6+0cQJMsOo4DJ0tTXybT9eNe0M7vSsCz0nHAwMVzK2O7K4nN+vmTuxEvopqmRomcBMWH3cTwtp0gg/Q4INUCW7W0=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=uagwAJjs; arc=none smtp.client-ip=10.30.226.201
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="uagwAJjs"
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 75A64C19425;
	Mon, 27 Apr 2026 05:53:47 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1777269228;
	bh=Uo0/I2ScI3i97jP0pB48LbPF/5TITvRJVUrClnaAOA8=;
	h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
	b=uagwAJjs6FewmJFpb8ZPXeXkzE6KhbNsUEW88kIfUfRlwLZVE+907ioJu0st0CyhA
	 0Fg9093xkuP0Z3Aq+QcBwy+IkRV7o+Zqt00IjO9FvXwOHoYI/t2C4KxFSsQ0XctsaE
	 +IzAkTu7TEsTMYkRLHmdp9PZegtIC6BEzAYYuYEMPW0GGSg4UC9MmkHspsuGXLb4Wf
	 YN2x5oWsGC+H70NtiplmoxvWVCghUIANl7UoAzSa+/ufprOUV7N2Oq0wxEoJdkDA6r
	 ubaOykut8cam3amMV+nVEKXx/EEK0pd88yupXfFGjvNj6M+X8TOBGqPdneWOPSiTWy
	 FvKqnvvDUA/IA==
Date: Mon, 27 Apr 2026 14:53:45 +0900
From: "Harry Yoo (Oracle)" <harry@kernel.org>
To: Andrew Morton <akpm@linux-foundation.org>,
	Vlastimil Babka <vbabka@kernel.org>,
	Alexei Starovoitov <ast@kernel.org>,
	Shakeel Butt <shakeel.butt@linux.dev>
Cc: Suren Baghdasaryan <surenb@google.com>, Michal Hocko <mhocko@suse.com>,
	Brendan Jackman <jackmanb@google.com>,
	Johannes Weiner <hannes@cmpxchg.org>, Zi Yan <ziy@nvidia.com>,
	linux-mm@kvack.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH mm-hotfixes 1/2] mm/page_alloc: return NULL early from
 alloc_frozen_pages_nolock() in NMI on UP
Message-ID: <ae756RnFbxIf-4Tk@desktop.tail10959e.ts.net>
References: <20260427054736.566559-1-harry@kernel.org>
 <20260427054736.566559-2-harry@kernel.org>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20260427054736.566559-2-harry@kernel.org>

Apologies, I meant to run git sendmail --dry-run but messed it up
and sent V1 twice :/ (w/o cover letter). To avoid confusion, I will
send V2 with the cover letter. (Also I realize that I didn't add Cc:
stable on each patch, so will address that as well.)

On Mon, Apr 27, 2026 at 02:47:34PM +0900, Harry Yoo (Oracle) wrote:
> On UP kernels (!CONFIG_SMP), spin_trylock() is a no-op that
> unconditionally succeeds even when the lock is already held. As a
> result, alloc_frozen_pages_nolock() called from NMI context can
> re-enter rmqueue() and acquire the zone lock that the interrupted
> context is already holding, corrupting the freelists.
> 
> With CONFIG_DEBUG_SPINLOCK on UP, the following BUG is triggered with
> the slub_kunit test module:
> 
>   BUG: spinlock trylock failure on UP on CPU#0, kunit_try_catch/243
>   [...]
>   Call Trace:
>    <NMI>
>    dump_stack_lvl+0x3f/0x60
>    do_raw_spin_trylock+0x41/0x50
>    _raw_spin_trylock+0x24/0x50
>    rmqueue.isra.0+0x2a9/0xa70
>    get_page_from_freelist+0xeb/0x450
>    alloc_frozen_pages_nolock_noprof+0x111/0x1e0
>    allocate_slab+0x42a/0x500
>    ___slab_alloc+0xa7/0x4c0
>    kmalloc_nolock_noprof+0x164/0x310
>    [...]
>    </NMI>
> 
> Fix this by returning NULL early when invoked from NMI on a UP kernel.
> 
> Link: https://lore.kernel.org/linux-mm/ad_cqe51pvr1WaDg@hyeyoo
> Fixes: d7242af86434 ("mm: Introduce alloc_frozen_pages_nolock()")
> Signed-off-by: Harry Yoo (Oracle) <harry@kernel.org>
> ---
>  mm/page_alloc.c | 5 +++++
>  1 file changed, 5 insertions(+)
> 
> diff --git a/mm/page_alloc.c b/mm/page_alloc.c
> index 71859993dd54..23c7298d3be2 100644
> --- a/mm/page_alloc.c
> +++ b/mm/page_alloc.c
> @@ -7737,6 +7737,11 @@ struct page *alloc_frozen_pages_nolock_noprof(gfp_t gfp_flags, int nid, unsigned
>  	 */
>  	if (IS_ENABLED(CONFIG_PREEMPT_RT) && (in_nmi() || in_hardirq()))
>  		return NULL;
> +
> +	/* On UP, spin_trylock() always succeeds even when it is locked */
> +	if (!IS_ENABLED(CONFIG_SMP) && in_nmi())
> +		return NULL;
> +
>  	if (!pcp_allowed_order(order))
>  		return NULL;
>  
> -- 
> 2.43.0
> 

-- 
Cheers,
Harry / Hyeonggon