From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Oscar Salvador <osalvador@suse.de>,
Michal Hocko <mhocko@suse.com>,
David Hildenbrand <david@redhat.com>,
Vlastimil Babka <vbabka@suse.cz>,
Pavel Tatashin <pavel.tatashin@microsoft.com>,
Mike Rapoport <rppt@linux.vnet.ibm.com>,
Andrew Morton <akpm@linux-foundation.org>,
Linus Torvalds <torvalds@linux-foundation.org>
Subject: [PATCH 4.19 42/46] mm, page_alloc: fix has_unmovable_pages for HugePages
Date: Fri, 28 Dec 2018 12:52:36 +0100 [thread overview]
Message-ID: <20181228113127.401931331@linuxfoundation.org> (raw)
In-Reply-To: <20181228113124.971620049@linuxfoundation.org>
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Oscar Salvador <osalvador@suse.de>
commit 17e2e7d7e1b83fa324b3f099bfe426659aa3c2a4 upstream.
While playing with gigantic hugepages and memory_hotplug, I triggered
the following #PF when "cat memoryX/removable":
BUG: unable to handle kernel NULL pointer dereference at 0000000000000008
#PF error: [normal kernel read fault]
PGD 0 P4D 0
Oops: 0000 [#1] SMP PTI
CPU: 1 PID: 1481 Comm: cat Tainted: G E 4.20.0-rc6-mm1-1-default+ #18
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.0.0-prebuilt.qemu-project.org 04/01/2014
RIP: 0010:has_unmovable_pages+0x154/0x210
Call Trace:
is_mem_section_removable+0x7d/0x100
removable_show+0x90/0xb0
dev_attr_show+0x1c/0x50
sysfs_kf_seq_show+0xca/0x1b0
seq_read+0x133/0x380
__vfs_read+0x26/0x180
vfs_read+0x89/0x140
ksys_read+0x42/0x90
do_syscall_64+0x5b/0x180
entry_SYSCALL_64_after_hwframe+0x44/0xa9
The reason is we do not pass the Head to page_hstate(), and so, the call
to compound_order() in page_hstate() returns 0, so we end up checking
all hstates's size to match PAGE_SIZE.
Obviously, we do not find any hstate matching that size, and we return
NULL. Then, we dereference that NULL pointer in
hugepage_migration_supported() and we got the #PF from above.
Fix that by getting the head page before calling page_hstate().
Also, since gigantic pages span several pageblocks, re-adjust the logic
for skipping pages. While are it, we can also get rid of the
round_up().
[osalvador@suse.de: remove round_up(), adjust skip pages logic per Michal]
Link: http://lkml.kernel.org/r/20181221062809.31771-1-osalvador@suse.de
Link: http://lkml.kernel.org/r/20181217225113.17864-1-osalvador@suse.de
Signed-off-by: Oscar Salvador <osalvador@suse.de>
Acked-by: Michal Hocko <mhocko@suse.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Cc: Vlastimil Babka <vbabka@suse.cz>
Cc: Pavel Tatashin <pavel.tatashin@microsoft.com>
Cc: Mike Rapoport <rppt@linux.vnet.ibm.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/page_alloc.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
--- a/mm/page_alloc.c
+++ b/mm/page_alloc.c
@@ -7716,11 +7716,14 @@ bool has_unmovable_pages(struct zone *zo
* handle each tail page individually in migration.
*/
if (PageHuge(page)) {
+ struct page *head = compound_head(page);
+ unsigned int skip_pages;
- if (!hugepage_migration_supported(page_hstate(page)))
+ if (!hugepage_migration_supported(page_hstate(head)))
goto unmovable;
- iter = round_up(iter + 1, 1<<compound_order(page)) - 1;
+ skip_pages = (1 << compound_order(head)) - (page - head);
+ iter += skip_pages - 1;
continue;
}
next prev parent reply other threads:[~2018-12-28 12:22 UTC|newest]
Thread overview: 55+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-12-28 11:51 [PATCH 4.19 00/46] 4.19.13-stable review Greg Kroah-Hartman
2018-12-28 11:51 ` [PATCH 4.19 01/46] iomap: Revert "fs/iomap.c: get/put the page in iomap_page_create/release()" Greg Kroah-Hartman
2018-12-28 11:51 ` [PATCH 4.19 02/46] Revert "vfs: Allow userns root to call mknod on owned filesystems." Greg Kroah-Hartman
2018-12-28 11:51 ` [PATCH 4.19 03/46] USB: hso: Fix OOB memory access in hso_probe/hso_get_config_data Greg Kroah-Hartman
2018-12-28 11:51 ` [PATCH 4.19 04/46] xhci: Dont prevent USB2 bus suspend in state check intended for USB3 only Greg Kroah-Hartman
2018-12-28 11:51 ` [PATCH 4.19 05/46] USB: xhci: fix broken_suspend placement in struct xchi_hcd Greg Kroah-Hartman
2018-12-28 11:52 ` [PATCH 4.19 06/46] USB: serial: option: add GosunCn ZTE WeLink ME3630 Greg Kroah-Hartman
2018-12-28 11:52 ` [PATCH 4.19 07/46] USB: serial: option: add HP lt4132 Greg Kroah-Hartman
2018-12-28 11:52 ` [PATCH 4.19 08/46] USB: serial: option: add Simcom SIM7500/SIM7600 (MBIM mode) Greg Kroah-Hartman
2018-12-28 11:52 ` [PATCH 4.19 09/46] USB: serial: option: add Fibocom NL668 series Greg Kroah-Hartman
2018-12-28 11:52 ` [PATCH 4.19 10/46] USB: serial: option: add Telit LN940 series Greg Kroah-Hartman
2018-12-28 11:52 ` [PATCH 4.19 11/46] ubifs: Handle re-linking of inodes correctly while recovery Greg Kroah-Hartman
2018-12-28 11:52 ` [PATCH 4.19 12/46] scsi: t10-pi: Return correct ref tag when queue has no integrity profile Greg Kroah-Hartman
2018-12-28 11:52 ` [PATCH 4.19 13/46] scsi: sd: use mempool for discard special page Greg Kroah-Hartman
2018-12-28 11:52 ` [PATCH 4.19 14/46] mmc: core: Reset HPI enabled state during re-init and in case of errors Greg Kroah-Hartman
2018-12-28 11:52 ` [PATCH 4.19 15/46] mmc: core: Allow BKOPS and CACHE ctrl even if no HPI support Greg Kroah-Hartman
2018-12-28 11:52 ` [PATCH 4.19 16/46] mmc: core: Use a minimum 1600ms timeout when enabling CACHE ctrl Greg Kroah-Hartman
2018-12-28 11:52 ` [PATCH 4.19 17/46] mmc: omap_hsmmc: fix DMA API warning Greg Kroah-Hartman
2018-12-28 11:52 ` [PATCH 4.19 18/46] gpio: max7301: fix driver for use with CONFIG_VMAP_STACK Greg Kroah-Hartman
2018-12-28 11:52 ` [PATCH 4.19 19/46] gpiolib-acpi: Only defer request_irq for GpioInt ACPI event handlers Greg Kroah-Hartman
2018-12-28 11:52 ` [PATCH 4.19 20/46] posix-timers: Fix division by zero bug Greg Kroah-Hartman
2018-12-28 11:52 ` [PATCH 4.19 21/46] KVM: X86: Fix NULL deref in vcpu_scan_ioapic Greg Kroah-Hartman
2018-12-28 11:52 ` [PATCH 4.19 22/46] kvm: x86: Add AMDs EX_CFG to the list of ignored MSRs Greg Kroah-Hartman
2018-12-28 11:52 ` [PATCH 4.19 23/46] KVM: Fix UAF in nested posted interrupt processing Greg Kroah-Hartman
2018-12-28 11:52 ` [PATCH 4.19 24/46] Drivers: hv: vmbus: Return -EINVAL for the sys files for unopened channels Greg Kroah-Hartman
2018-12-28 11:52 ` [PATCH 4.19 25/46] futex: Cure exit race Greg Kroah-Hartman
2018-12-28 11:52 ` [PATCH 4.19 26/46] x86/mtrr: Dont copy uninitialized gentry fields back to userspace Greg Kroah-Hartman
2018-12-28 11:52 ` [PATCH 4.19 27/46] x86/mm: Fix decoy address handling vs 32-bit builds Greg Kroah-Hartman
2018-12-28 11:52 ` [PATCH 4.19 28/46] x86/vdso: Pass --eh-frame-hdr to the linker Greg Kroah-Hartman
2018-12-28 11:52 ` [PATCH 4.19 29/46] x86/intel_rdt: Ensure a CPU remains online for the regions pseudo-locking sequence Greg Kroah-Hartman
2018-12-28 11:52 ` [PATCH 4.19 30/46] panic: avoid deadlocks in re-entrant console drivers Greg Kroah-Hartman
2018-12-28 11:52 ` [PATCH 4.19 31/46] mm: add mm_pxd_folded checks to pgtable_bytes accounting functions Greg Kroah-Hartman
2018-12-28 11:52 ` [PATCH 4.19 32/46] mm: make the __PAGETABLE_PxD_FOLDED defines non-empty Greg Kroah-Hartman
2018-12-28 11:52 ` [PATCH 4.19 33/46] mm: introduce mm_[p4d|pud|pmd]_folded Greg Kroah-Hartman
2018-12-28 11:52 ` [PATCH 4.19 34/46] xfrm_user: fix freeing of xfrm states on acquire Greg Kroah-Hartman
2018-12-28 11:52 ` [PATCH 4.19 35/46] rtlwifi: Fix leak of skb when processing C2H_BT_INFO Greg Kroah-Hartman
2018-12-28 11:52 ` [PATCH 4.19 36/46] iwlwifi: mvm: dont send GEO_TX_POWER_LIMIT to old firmwares Greg Kroah-Hartman
2018-12-28 11:52 ` [PATCH 4.19 37/46] Revert "mwifiex: restructure rx_reorder_tbl_lock usage" Greg Kroah-Hartman
2018-12-28 11:52 ` [PATCH 4.19 38/46] iwlwifi: add new cards for 9560, 9462, 9461 and killer series Greg Kroah-Hartman
2018-12-28 11:52 ` [PATCH 4.19 39/46] media: ov5640: Fix set format regression Greg Kroah-Hartman
2018-12-28 11:52 ` [PATCH 4.19 40/46] mm, memory_hotplug: initialize struct pages for the full memory section Greg Kroah-Hartman
2018-12-28 11:52 ` [PATCH 4.19 41/46] mm: thp: fix flags for pmd migration when split Greg Kroah-Hartman
2018-12-28 11:52 ` Greg Kroah-Hartman [this message]
2018-12-28 11:52 ` [PATCH 4.19 43/46] mm: dont miss the last page because of round-off error Greg Kroah-Hartman
2018-12-28 11:52 ` [PATCH 4.19 44/46] Input: elantech - disable elan-i2c for P52 and P72 Greg Kroah-Hartman
2018-12-28 11:52 ` [PATCH 4.19 45/46] proc/sysctl: dont return ENOMEM on lookup when a table is unregistering Greg Kroah-Hartman
2018-12-28 11:52 ` [PATCH 4.19 46/46] drm/ioctl: Fix Spectre v1 vulnerabilities Greg Kroah-Hartman
2018-12-28 17:54 ` [PATCH 4.19 00/46] 4.19.13-stable review Dan Rue
2018-12-29 12:20 ` Greg Kroah-Hartman
2018-12-28 20:08 ` shuah
2018-12-29 9:55 ` Greg Kroah-Hartman
2018-12-28 21:29 ` Guenter Roeck
2018-12-29 12:20 ` Greg Kroah-Hartman
2018-12-29 9:01 ` Harsh Shandilya
2018-12-29 12:20 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181228113127.401931331@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=akpm@linux-foundation.org \
--cc=david@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mhocko@suse.com \
--cc=osalvador@suse.de \
--cc=pavel.tatashin@microsoft.com \
--cc=rppt@linux.vnet.ibm.com \
--cc=stable@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=vbabka@suse.cz \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).