From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5B87D41A245; Sat, 28 Feb 2026 17:45:35 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772300735; cv=none; b=OQpktw/ADBMi7jCoztcasir+l9avQOUcxFe5HlHqX6GeD39tLvBP5Kh5w6OJyaBF5zxsoEpMVbHOk2EvhZXS+U0sgRXFilq+C6vRcDVh7q4cbP4k6nk+znZ/vi8HQ6dHC0j82G6udpQjSPkAbcdTYllEN7cZ7F39wR/yIpDwkCg= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772300735; c=relaxed/simple; bh=RpB3DW51fZCyj15eTUSIKRiq+wX54JMMajurU4ynt5o=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=m0ZjgOHYOU9vJrxqhj4RnxDea191aY75jqEQaYqZ9LfRk8W2NZcDRJ4rj94/effGMMjz1ntzTEPBIuSA15d7R6LH7XjATS0bGh2ANehRsZadwbIq0K3NW7AWnatNomeBswyzeD5X27V/wJki3wORmCZJveME40asv05ig5Rjis0= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=PWreLr7h; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="PWreLr7h" Received: by smtp.kernel.org (Postfix) with ESMTPSA id A23EBC19424; Sat, 28 Feb 2026 17:45:34 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1772300735; bh=RpB3DW51fZCyj15eTUSIKRiq+wX54JMMajurU4ynt5o=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=PWreLr7hwXg2Ufh688fFUAGB5Hai+zqwZ/9hywri+71ORz0vpmo/B8ifBqblpCRR/ 8ALN4EQpUMPYOWbzW3O8wtRrP93Xh/BWiLHlwwyIq+2Rx5RnPn5/VeaVOaztFice0X pfrS/ArexJLXsn8RxI1EYVrCvZK8+PxHZ7hkk0ae2J2gjpJw7LwrUfg9OoiCLA2oyo +1njBxreZF9ihb6zOFh5nHEgBn9rQXmVN86vnfXoi8Ze7lYgILPA/fdxfa5uSXoWUq DyIFNWwuK9KxAbo45AKTuLgO3BKD9AncvIoHE3A5S4tN14lSFcYgEcsmm0AcVGv44H oN5xCchrI4BSg== From: Sasha Levin To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Harry Yoo , Vlastimil Babka , Sasha Levin Subject: [PATCH 6.19 769/844] mm/slab: do not access current->mems_allowed_seq if !allow_spin Date: Sat, 28 Feb 2026 12:31:22 -0500 Message-ID: <20260228173244.1509663-770-sashal@kernel.org> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20260228173244.1509663-1-sashal@kernel.org> References: <20260228173244.1509663-1-sashal@kernel.org> Precedence: bulk X-Mailing-List: stable@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-stable: review X-Patchwork-Hint: Ignore Content-Transfer-Encoding: 8bit From: Harry Yoo [ Upstream commit 144080a5823b2dbd635acb6decf7ab23182664f3 ] Lockdep complains when get_from_any_partial() is called in an NMI context, because current->mems_allowed_seq is seqcount_spinlock_t and not NMI-safe: ================================ WARNING: inconsistent lock state 6.19.0-rc5-kfree-rcu+ #315 Tainted: G N -------------------------------- inconsistent {INITIAL USE} -> {IN-NMI} usage. kunit_try_catch/9989 [HC1[1]:SC0[0]:HE0:SE1] takes: ffff889085799820 (&____s->seqcount#3){.-.-}-{0:0}, at: ___slab_alloc+0x58f/0xc00 {INITIAL USE} state was registered at: lock_acquire+0x185/0x320 kernel_init_freeable+0x391/0x1150 kernel_init+0x1f/0x220 ret_from_fork+0x736/0x8f0 ret_from_fork_asm+0x1a/0x30 irq event stamp: 56 hardirqs last enabled at (55): [] _raw_spin_unlock_irq+0x27/0x70 hardirqs last disabled at (56): [] __schedule+0x2a8a/0x6630 softirqs last enabled at (0): [] copy_process+0x1dc1/0x6a10 softirqs last disabled at (0): [<0000000000000000>] 0x0 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(&____s->seqcount#3); lock(&____s->seqcount#3); *** DEADLOCK *** According to Documentation/locking/seqlock.rst, seqcount_t is not NMI-safe and seqcount_latch_t should be used when read path can interrupt the write-side critical section. In this case, do not access current->mems_allowed_seq and avoid retry. Fixes: af92793e52c3 ("slab: Introduce kmalloc_nolock() and kfree_nolock().") Cc: stable@vger.kernel.org Signed-off-by: Harry Yoo Link: https://patch.msgid.link/20260210081900.329447-2-harry.yoo@oracle.com Signed-off-by: Vlastimil Babka Signed-off-by: Sasha Levin --- mm/slub.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/mm/slub.c b/mm/slub.c index 78946116ecd2f..6304a2b7b8318 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -3610,6 +3610,7 @@ static struct slab *get_any_partial(struct kmem_cache *s, enum zone_type highest_zoneidx = gfp_zone(pc->flags); struct slab *slab; unsigned int cpuset_mems_cookie; + bool allow_spin = gfpflags_allow_spinning(pc->flags); /* * The defrag ratio allows a configuration of the tradeoffs between @@ -3634,7 +3635,15 @@ static struct slab *get_any_partial(struct kmem_cache *s, return NULL; do { - cpuset_mems_cookie = read_mems_allowed_begin(); + /* + * read_mems_allowed_begin() accesses current->mems_allowed_seq, + * a seqcount_spinlock_t that is not NMI-safe. Do not access + * current->mems_allowed_seq and avoid retry when GFP flags + * indicate spinning is not allowed. + */ + if (allow_spin) + cpuset_mems_cookie = read_mems_allowed_begin(); + zonelist = node_zonelist(mempolicy_slab_node(), pc->flags); for_each_zone_zonelist(zone, z, zonelist, highest_zoneidx) { struct kmem_cache_node *n; @@ -3656,7 +3665,7 @@ static struct slab *get_any_partial(struct kmem_cache *s, } } } - } while (read_mems_allowed_retry(cpuset_mems_cookie)); + } while (allow_spin && read_mems_allowed_retry(cpuset_mems_cookie)); #endif /* CONFIG_NUMA */ return NULL; } -- 2.51.0