From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org,
Rick Lindsley <ricklind@vnet.linux.ibm.com>,
Michael Ellerman <mpe@ellerman.id.au>
Subject: [PATCH 5.1 39/46] powerpc/book3s/64: check for NULL pointer in pgd_alloc()
Date: Wed, 15 May 2019 12:57:03 +0200 [thread overview]
Message-ID: <20190515090627.958241179@linuxfoundation.org> (raw)
In-Reply-To: <20190515090616.670410738@linuxfoundation.org>
From: Rick Lindsley <ricklind@linux.vnet.ibm.com>
commit f39356261c265a0689d7ee568132d516e8b6cecc upstream.
When the memset code was added to pgd_alloc(), it failed to consider
that kmem_cache_alloc() can return NULL. It's uncommon, but not
impossible under heavy memory contention. Example oops:
Unable to handle kernel paging request for data at address 0x00000000
Faulting instruction address: 0xc0000000000a4000
Oops: Kernel access of bad area, sig: 11 [#1]
LE SMP NR_CPUS=2048 NUMA pSeries
CPU: 70 PID: 48471 Comm: entrypoint.sh Kdump: loaded Not tainted 4.14.0-115.6.1.el7a.ppc64le #1
task: c000000334a00000 task.stack: c000000331c00000
NIP: c0000000000a4000 LR: c00000000012f43c CTR: 0000000000000020
REGS: c000000331c039c0 TRAP: 0300 Not tainted (4.14.0-115.6.1.el7a.ppc64le)
MSR: 800000010280b033 <SF,VEC,VSX,EE,FP,ME,IR,DR,RI,LE,TM[E]> CR: 44022840 XER: 20040000
CFAR: c000000000008874 DAR: 0000000000000000 DSISR: 42000000 SOFTE: 1
...
NIP [c0000000000a4000] memset+0x68/0x104
LR [c00000000012f43c] mm_init+0x27c/0x2f0
Call Trace:
mm_init+0x260/0x2f0 (unreliable)
copy_mm+0x11c/0x638
copy_process.isra.28.part.29+0x6fc/0x1080
_do_fork+0xdc/0x4c0
ppc_clone+0x8/0xc
Instruction dump:
409e000c b0860000 38c60002 409d000c 90860000 38c60004 78a0d183 78a506a0
7c0903a6 41820034 60000000 60420000 <f8860000> f8860008 f8860010 f8860018
Fixes: fc5c2f4a55a2 ("powerpc/mm/hash64: Zero PGD pages on allocation")
Cc: stable@vger.kernel.org # v4.16+
Signed-off-by: Rick Lindsley <ricklind@vnet.linux.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/powerpc/include/asm/book3s/64/pgalloc.h | 3 +++
1 file changed, 3 insertions(+)
--- a/arch/powerpc/include/asm/book3s/64/pgalloc.h
+++ b/arch/powerpc/include/asm/book3s/64/pgalloc.h
@@ -81,6 +81,9 @@ static inline pgd_t *pgd_alloc(struct mm
pgd = kmem_cache_alloc(PGT_CACHE(PGD_INDEX_SIZE),
pgtable_gfp_flags(mm, GFP_KERNEL));
+ if (unlikely(!pgd))
+ return pgd;
+
/*
* Don't scan the PGD for pointers, it contains references to PUDs but
* those references are not full pointers and so can't be recognised by
next prev parent reply other threads:[~2019-05-15 11:34 UTC|newest]
Thread overview: 60+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-05-15 10:56 [PATCH 5.1 00/46] 5.1.3-stable review Greg Kroah-Hartman
2019-05-15 10:56 ` [PATCH 5.1 01/46] platform/x86: sony-laptop: Fix unintentional fall-through Greg Kroah-Hartman
2019-05-15 10:56 ` [PATCH 5.1 02/46] platform/x86: thinkpad_acpi: Disable Bluetooth for some machines Greg Kroah-Hartman
2019-05-15 10:56 ` [PATCH 5.1 03/46] platform/x86: dell-laptop: fix rfkill functionality Greg Kroah-Hartman
2019-05-15 10:56 ` [PATCH 5.1 04/46] hwmon: (pwm-fan) Disable PWM if fetching cooling data fails Greg Kroah-Hartman
2019-05-15 10:56 ` [PATCH 5.1 05/46] hwmon: (occ) Fix extended status bits Greg Kroah-Hartman
2019-05-15 10:56 ` [PATCH 5.1 06/46] selftests/seccomp: Handle namespace failures gracefully Greg Kroah-Hartman
2019-05-15 10:56 ` [PATCH 5.1 07/46] i2c: core: ratelimit transfer when suspended errors Greg Kroah-Hartman
2019-05-15 10:56 ` [PATCH 5.1 08/46] kernfs: fix barrier usage in __kernfs_new_node() Greg Kroah-Hartman
2019-05-15 10:56 ` [PATCH 5.1 09/46] virt: vbox: Sanity-check parameter types for hgcm-calls coming from userspace Greg Kroah-Hartman
2019-05-15 10:56 ` [PATCH 5.1 10/46] USB: serial: fix unthrottle races Greg Kroah-Hartman
2019-05-15 10:56 ` [PATCH 5.1 11/46] mwl8k: Fix rate_idx underflow Greg Kroah-Hartman
2019-05-15 10:56 ` [PATCH 5.1 12/46] rtlwifi: rtl8723ae: Fix missing break in switch statement Greg Kroah-Hartman
2019-05-15 10:56 ` [PATCH 5.1 13/46] Dont jump to compute_result state from check_result state Greg Kroah-Hartman
2019-05-15 10:56 ` [PATCH 5.1 14/46] bonding: fix arp_validate toggling in active-backup mode Greg Kroah-Hartman
2019-05-15 10:56 ` [PATCH 5.1 15/46] bridge: Fix error path for kobject_init_and_add() Greg Kroah-Hartman
2019-05-15 10:56 ` [PATCH 5.1 16/46] dpaa_eth: fix SG frame cleanup Greg Kroah-Hartman
2019-05-15 10:56 ` [PATCH 5.1 17/46] fib_rules: return 0 directly if an exactly same rule exists when NLM_F_EXCL not supplied Greg Kroah-Hartman
2019-05-15 10:56 ` [PATCH 5.1 18/46] ipv4: Fix raw socket lookup for local traffic Greg Kroah-Hartman
2019-05-15 10:56 ` [PATCH 5.1 19/46] net: dsa: Fix error cleanup path in dsa_init_module Greg Kroah-Hartman
2019-05-15 10:56 ` [PATCH 5.1 20/46] net: ethernet: stmmac: dwmac-sun8i: enable support of unicast filtering Greg Kroah-Hartman
2019-05-15 10:56 ` [PATCH 5.1 21/46] net: macb: Change interrupt and napi enable order in open Greg Kroah-Hartman
2019-05-15 10:56 ` [PATCH 5.1 22/46] net: seeq: fix crash caused by not set dev.parent Greg Kroah-Hartman
2019-05-15 10:56 ` [PATCH 5.1 23/46] net: ucc_geth - fix Oops when changing number of buffers in the ring Greg Kroah-Hartman
2019-05-15 10:56 ` [PATCH 5.1 24/46] packet: Fix error path in packet_init Greg Kroah-Hartman
2019-05-15 10:56 ` [PATCH 5.1 25/46] selinux: do not report error on connect(AF_UNSPEC) Greg Kroah-Hartman
2019-05-15 10:56 ` [PATCH 5.1 26/46] tipc: fix hanging clients using poll with EPOLLOUT flag Greg Kroah-Hartman
2019-05-15 10:56 ` [PATCH 5.1 27/46] vlan: disable SIOCSHWTSTAMP in container Greg Kroah-Hartman
2019-05-15 10:56 ` [PATCH 5.1 28/46] vrf: sit mtu should not be updated when vrf netdev is the link Greg Kroah-Hartman
2019-05-15 10:56 ` [PATCH 5.1 29/46] aqc111: fix endianness issue in aqc111_change_mtu Greg Kroah-Hartman
2019-05-15 10:56 ` [PATCH 5.1 30/46] aqc111: fix writing to the phy on BE Greg Kroah-Hartman
2019-05-15 10:56 ` [PATCH 5.1 31/46] aqc111: fix double endianness swap " Greg Kroah-Hartman
2019-05-15 10:56 ` [PATCH 5.1 32/46] tuntap: fix dividing by zero in ebpf queue selection Greg Kroah-Hartman
2019-05-15 10:56 ` [PATCH 5.1 33/46] tuntap: synchronize through tfiles array instead of tun->numqueues Greg Kroah-Hartman
2019-05-15 10:56 ` [PATCH 5.1 34/46] net: phy: fix phy_validate_pause Greg Kroah-Hartman
2019-05-15 10:56 ` [PATCH 5.1 35/46] flow_dissector: disable preemption around BPF calls Greg Kroah-Hartman
2019-05-15 10:57 ` [PATCH 5.1 36/46] isdn: bas_gigaset: use usb_fill_int_urb() properly Greg Kroah-Hartman
2019-05-15 10:57 ` [PATCH 5.1 37/46] drivers/virt/fsl_hypervisor.c: dereferencing error pointers in ioctl Greg Kroah-Hartman
2019-05-15 10:57 ` [PATCH 5.1 38/46] drivers/virt/fsl_hypervisor.c: prevent integer overflow " Greg Kroah-Hartman
2019-05-15 10:57 ` Greg Kroah-Hartman [this message]
2019-05-15 10:57 ` [PATCH 5.1 40/46] powerpc/powernv/idle: Restore IAMR after idle Greg Kroah-Hartman
2019-05-15 10:57 ` [PATCH 5.1 41/46] powerpc/booke64: set RI in default MSR Greg Kroah-Hartman
2019-05-15 10:57 ` [PATCH 5.1 42/46] virtio_ring: Fix potential mem leak in virtqueue_add_indirect_packed Greg Kroah-Hartman
2019-05-15 10:57 ` [PATCH 5.1 43/46] PCI: hv: Fix a memory leak in hv_eject_device_work() Greg Kroah-Hartman
2019-05-15 10:57 ` [PATCH 5.1 44/46] PCI: hv: Add hv_pci_remove_slots() when we unload the driver Greg Kroah-Hartman
2019-05-15 10:57 ` [PATCH 5.1 45/46] PCI: hv: Add pci_destroy_slot() in pci_devices_present_work(), if necessary Greg Kroah-Hartman
2019-05-15 10:57 ` [PATCH 5.1 46/46] f2fs: Fix use of number of devices Greg Kroah-Hartman
2019-05-15 13:56 ` [PATCH 5.1 00/46] 5.1.3-stable review Igor Russkikh
2019-05-15 14:18 ` Greg Kroah-Hartman
2019-05-15 13:58 ` Igor Russkikh
2019-05-15 19:56 ` Naresh Kamboju
2019-05-16 6:21 ` Greg Kroah-Hartman
2019-05-16 3:38 ` Guenter Roeck
2019-05-16 6:20 ` Greg Kroah-Hartman
2019-05-16 11:04 ` Jon Hunter
2019-05-16 16:50 ` Greg Kroah-Hartman
2019-05-16 13:55 ` shuah
2019-05-16 16:49 ` Greg Kroah-Hartman
2019-05-17 6:34 ` Kelsey Skunberg
2019-05-17 7:25 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190515090627.958241179@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mpe@ellerman.id.au \
--cc=ricklind@vnet.linux.ibm.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).