From: Willy Tarreau <w@1wt.eu>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Andrew Banman <abanman@sgi.com>,
Alex Thorlton <athorlton@sgi.com>, Russ Anderson <rja@sgi.com>,
Yinghai Lu <yinghai@kernel.org>, Greg KH <greg@kroah.com>,
Seth Jennings <sjennings@variantweb.net>,
Andrew Morton <akpm@linux-foundation.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
Ben Hutchings <ben@decadent.org.uk>, Willy Tarreau <w@1wt.eu>
Subject: [PATCH 2.6.32 40/42] mm/memory_hotplug.c: check for missing sections in test_pages_in_a_zone()
Date: Sat, 23 Jan 2016 15:13:01 +0100 [thread overview]
Message-ID: <20160123141223.715609509@1wt.eu> (raw)
In-Reply-To: <aa387f55227cb730b41e3d621bf460ff@local>
2.6.32-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Andrew Banman <abanman@sgi.com>
commit 5f0f2887f4de9508dcf438deab28f1de8070c271 upstream.
test_pages_in_a_zone() does not account for the possibility of missing
sections in the given pfn range. pfn_valid_within always returns 1 when
CONFIG_HOLES_IN_ZONE is not set, allowing invalid pfns from missing
sections to pass the test, leading to a kernel oops.
Wrap an additional pfn loop with PAGES_PER_SECTION granularity to check
for missing sections before proceeding into the zone-check code.
This also prevents a crash from offlining memory devices with missing
sections. Despite this, it may be a good idea to keep the related patch
'[PATCH 3/3] drivers: memory: prohibit offlining of memory blocks with
missing sections' because missing sections in a memory block may lead to
other problems not covered by the scope of this fix.
Signed-off-by: Andrew Banman <abanman@sgi.com>
Acked-by: Alex Thorlton <athorlton@sgi.com>
Cc: Russ Anderson <rja@sgi.com>
Cc: Alex Thorlton <athorlton@sgi.com>
Cc: Yinghai Lu <yinghai@kernel.org>
Cc: Greg KH <greg@kroah.com>
Cc: Seth Jennings <sjennings@variantweb.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
(cherry picked from commit 17f6a291c98199d7ce15a850ce5f548ceef628bc)
Signed-off-by: Willy Tarreau <w@1wt.eu>
---
mm/memory_hotplug.c | 31 +++++++++++++++++++------------
1 file changed, 19 insertions(+), 12 deletions(-)
diff --git a/mm/memory_hotplug.c b/mm/memory_hotplug.c
index f4be464..de19654 100644
--- a/mm/memory_hotplug.c
+++ b/mm/memory_hotplug.c
@@ -601,23 +601,30 @@ int is_mem_section_removable(unsigned long start_pfn, unsigned long nr_pages)
*/
static int test_pages_in_a_zone(unsigned long start_pfn, unsigned long end_pfn)
{
- unsigned long pfn;
+ unsigned long pfn, sec_end_pfn;
struct zone *zone = NULL;
struct page *page;
int i;
- for (pfn = start_pfn;
+ for (pfn = start_pfn, sec_end_pfn = SECTION_ALIGN_UP(start_pfn);
pfn < end_pfn;
- pfn += MAX_ORDER_NR_PAGES) {
- i = 0;
- /* This is just a CONFIG_HOLES_IN_ZONE check.*/
- while ((i < MAX_ORDER_NR_PAGES) && !pfn_valid_within(pfn + i))
- i++;
- if (i == MAX_ORDER_NR_PAGES)
+ pfn = sec_end_pfn + 1, sec_end_pfn += PAGES_PER_SECTION) {
+ /* Make sure the memory section is present first */
+ if (!present_section_nr(pfn_to_section_nr(pfn)))
continue;
- page = pfn_to_page(pfn + i);
- if (zone && page_zone(page) != zone)
- return 0;
- zone = page_zone(page);
+ for (; pfn < sec_end_pfn && pfn < end_pfn;
+ pfn += MAX_ORDER_NR_PAGES) {
+ i = 0;
+ /* This is just a CONFIG_HOLES_IN_ZONE check.*/
+ while ((i < MAX_ORDER_NR_PAGES) &&
+ !pfn_valid_within(pfn + i))
+ i++;
+ if (i == MAX_ORDER_NR_PAGES)
+ continue;
+ page = pfn_to_page(pfn + i);
+ if (zone && page_zone(page) != zone)
+ return 0;
+ zone = page_zone(page);
+ }
}
return 1;
}
--
1.7.12.2.21.g234cd45.dirty
next prev parent reply other threads:[~2016-01-23 14:47 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <aa387f55227cb730b41e3d621bf460ff@local>
2016-01-23 14:12 ` [PATCH 2.6.32 01/42] ip6mr: call del_timer_sync() in ip6mr_free_table() Willy Tarreau
2016-01-23 14:12 ` [PATCH 2.6.32 02/42] isdn_ppp: Add checks for allocation failure in isdn_ppp_open() Willy Tarreau
2016-01-23 14:12 ` [PATCH 2.6.32 04/42] RDS: fix race condition when sending a message on unbound socket Willy Tarreau
2016-01-23 14:12 ` [PATCH 2.6.32 05/42] unix: avoid use-after-free in ep_remove_wait_queue Willy Tarreau
2016-01-23 14:12 ` [PATCH 2.6.32 06/42] ext4: Fix null dereference in ext4_fill_super() Willy Tarreau
2016-01-23 14:12 ` [PATCH 2.6.32 07/42] Revert "net: add length argument to skb_copy_and_csum_datagram_iovec" Willy Tarreau
2016-01-23 14:12 ` [PATCH 2.6.32 08/42] udp: properly support MSG_PEEK with truncated buffers Willy Tarreau
2016-01-23 14:12 ` [PATCH 2.6.32 09/42] KEYS: Fix race between read and revoke Willy Tarreau
2016-01-23 14:12 ` [PATCH 2.6.32 11/42] net: fix warnings in make htmldocs by moving macro definition out of field declaration Willy Tarreau
2016-01-23 14:12 ` [PATCH 2.6.32 12/42] bluetooth: Validate socket address length in sco_sock_bind() Willy Tarreau
2016-01-23 14:12 ` [PATCH 2.6.32 13/42] sctp: translate host order to network order when setting a hmacid Willy Tarreau
2016-01-23 14:12 ` [PATCH 2.6.32 14/42] fuse: break infinite loop in fuse_fill_write_pages() Willy Tarreau
2016-01-23 14:12 ` [PATCH 2.6.32 15/42] fix sysvfs symlinks Willy Tarreau
2016-01-23 14:12 ` [PATCH 2.6.32 16/42] vfs: Avoid softlockups with sendfile(2) Willy Tarreau
2016-01-23 14:12 ` [PATCH 2.6.32 17/42] ext4: Fix handling of extended tv_sec Willy Tarreau
2016-01-23 14:12 ` [PATCH 2.6.32 18/42] nfs: if we have no valid attrs, then dont declare the attribute cache valid Willy Tarreau
2016-01-23 14:12 ` [PATCH 2.6.32 19/42] wan/x25: Fix use-after-free in x25_asy_open_tty() Willy Tarreau
2016-01-23 14:12 ` [PATCH 2.6.32 20/42] ipv4: igmp: Allow removing groups from a removed interface Willy Tarreau
2016-01-23 14:12 ` [PATCH 2.6.32 21/42] sched/core: Remove false-positive warning from wake_up_process() Willy Tarreau
2016-01-23 14:12 ` [PATCH 2.6.32 22/42] ipmi: move timer init to before irq is setup Willy Tarreau
2016-01-23 14:12 ` [PATCH 2.6.32 23/42] tcp: initialize tp->copied_seq in case of cross SYN connection Willy Tarreau
2016-01-23 14:12 ` [PATCH 2.6.32 24/42] net, scm: fix PaX detected msg_controllen overflow in scm_detach_fds Willy Tarreau
2016-01-23 14:12 ` [PATCH 2.6.32 25/42] sctp: update the netstamp_needed counter when copying sockets Willy Tarreau
2016-01-23 14:12 ` [PATCH 2.6.32 26/42] af_unix: fix a fatal race with bit fields Willy Tarreau
2016-01-23 14:12 ` [PATCH 2.6.32 27/42] rfkill: copy the name into the rfkill struct Willy Tarreau
2016-01-23 14:12 ` [PATCH 2.6.32 28/42] ses: Fix problems with simple enclosures Willy Tarreau
2016-01-23 14:12 ` [PATCH 2.6.32 29/42] ses: fix additional element traversal bug Willy Tarreau
2016-01-23 14:12 ` [PATCH 2.6.32 30/42] tty: Fix GPF in flush_to_ldisc() Willy Tarreau
2016-01-23 14:12 ` [PATCH 2.6.32 31/42] mISDN: fix a loop count Willy Tarreau
2016-01-23 14:12 ` [PATCH 2.6.32 32/42] ser_gigaset: fix deallocation of platform device structure Willy Tarreau
2016-01-23 14:12 ` [PATCH 2.6.32 33/42] spi: fix parent-device reference leak Willy Tarreau
2016-01-23 14:12 ` [PATCH 2.6.32 34/42] s390/dis: Fix handling of format specifiers Willy Tarreau
2016-01-23 14:12 ` [PATCH 2.6.32 35/42] USB: ipaq.c: fix a timeout loop Willy Tarreau
2016-01-23 14:12 ` [PATCH 2.6.32 36/42] USB: fix invalid memory access in hub_activate() Willy Tarreau
2016-01-23 14:12 ` [PATCH 2.6.32 37/42] MIPS: Fix restart of indirect syscalls Willy Tarreau
2016-01-23 14:12 ` [PATCH 2.6.32 38/42] parisc: Fix syscall restarts Willy Tarreau
2016-01-23 14:13 ` [PATCH 2.6.32 39/42] ipv6/addrlabel: fix ip6addrlbl_get() Willy Tarreau
2016-01-23 14:13 ` Willy Tarreau [this message]
2016-01-23 18:13 ` [PATCH 2.6.32 40/42] mm/memory_hotplug.c: check for missing sections in test_pages_in_a_zone() Ben Hutchings
2016-01-23 18:29 ` Willy Tarreau
2016-01-23 19:05 ` Willy Tarreau
2016-01-23 14:13 ` [PATCH 2.6.32 41/42] KVM: x86: Reload pit counters for all channels when restoring state Willy Tarreau
2016-01-23 14:13 ` [PATCH 2.6.32 42/42] kvm: x86: only channel 0 of the i8254 is linked to the HPET Willy Tarreau
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160123141223.715609509@1wt.eu \
--to=w@1wt.eu \
--cc=abanman@sgi.com \
--cc=akpm@linux-foundation.org \
--cc=athorlton@sgi.com \
--cc=ben@decadent.org.uk \
--cc=greg@kroah.com \
--cc=linux-kernel@vger.kernel.org \
--cc=rja@sgi.com \
--cc=sjennings@variantweb.net \
--cc=stable@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=yinghai@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).