Skip to content

GitLab

An error occurred while fetching folder content.
Switch branch/tag
History Find file
Clone
mm/mempolicy: fix a race between offset_il_node and mpol_rebind_task
yanghui authored 
commit 276aeee1 upstream.

Servers happened below panic:

  Kernel version:5.4.56
  BUG: unable to handle page fault for address: 0000000000002c48
  RIP: 0010:__next_zones_zonelist+0x1d/0x40
  Call Trace:
    __alloc_pages_nodemask+0x277/0x310
    alloc_page_interleave+0x13/0x70
    handle_mm_fault+0xf99/0x1390
    __do_page_fault+0x288/0x500
    do_page_fault+0x30/0x110
    page_fault+0x3e/0x50

The reason for the panic is that MAX_NUMNODES is passed in the third
parameter in __alloc_pages_nodemask(preferred_nid).  So access to
zonelist->zoneref->zone_idx in __next_zones_zonelist will cause a panic.

In offset_il_node(), first_node() returns nid from pol->v.nodes, after
this other threads may chang pol->v.nodes before next_node().  This race
condition will let next_node return MAX_NUMNODES.  So put pol->nodes in
a local variable.

The race condition is between offset_il_node and cpuset_change_task_nodemas...
02cd61fa
Name Last commit Last update
..
kasan kasan: add memzero init for unaligned size at DEBUG
kfence kfence: skip all GFP_ZONEMASK allocations
Kconfig mm: introduce memfd_secret system call to create "secret" memory areas
Kconfig.debug mm, page_poison: remove CONFIG_PAGE_POISONING_ZERO
Makefile mm: introduce memfd_secret system call to create "secret" memory areas
backing-dev.c writeback, cgroup: remove wb from offline list before releasing refcnt
balloon_compaction.c mm: fix typos in comments
bootmem_info.c mm: memory_hotplug: factor out bootmem core functions to bootmem_info.c
cleancache.c Merge tag 'driver-core-5.3-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core
cma.c mm: use proper type for cma_[alloc|release]
cma.h mm: cma: support sysfs
cma_debug.c mm/cma: change cma mutex to irq safe spinlock
cma_sysfs.c mm: cma: support sysfs
compaction.c Merge branch 'akpm' (patches from Andrew)
debug.c mm/debug: factor PagePoisoned out of __dump_page
debug_page_ref.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license
debug_vm_pgtable.c mm/swapops: rework swap entry manipulation code
dmapool.c mm/dmapool: use DEVICE_ATTR_RO macro
early_ioremap.c mm/early_ioremap.c: use __func__ instead of function name
fadvise.c mm, fadvise: improve the expensive remote LRU cache draining after FADV_DONTNEED
failslab.c mm/failslab.c: by default, do not fail allocations with direct reclaim only
filemap.c Merge branch 'work.iov_iter' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
frontswap.c mm/mempool: minor coding style tweaks
gup.c mm/madvise: report SIGBUS as -EFAULT for MADV_POPULATE_(READ|WRITE)
gup_test.c selftests/vm: gup_test: test faulting in kernel, and verify pinnable pages
gup_test.h
highmem.c
hmm.c
huge_memory.c
hugetlb.c
hugetlb_cgroup.c
hugetlb_vmemmap.c
hugetlb_vmemmap.h
hwpoison-inject.c
init-mm.c
internal.h
interval_tree.c
io-mapping.c
ioremap.c
khugepaged.c
kmemleak.c
ksm.c
list_lru.c
maccess.c
madvise.c
mapping_dirty_helpers.c
memblock.c
memcontrol.c
memfd.c
memory-failure.c
memory.c
memory_hotplug.c
mempolicy.c
mempool.c
memremap.c
memtest.c
migrate.c
mincore.c
mlock.c
mm_init.c
mmap.c
mmap_lock.c
mmu_gather.c
mmu_notifier.c
mmzone.c
mprotect.c
mremap.c
msync.c
nommu.c
oom_kill.c
page-writeback.c
page_alloc.c
page_counter.c
page_ext.c
page_idle.c
page_io.c
page_isolation.c
page_owner.c
page_poison.c
page_reporting.c
page_reporting.h
page_vma_mapped.c
pagewalk.c
percpu-internal.h
percpu-km.c
percpu-stats.c
percpu-vm.c
percpu.c
pgalloc-track.h
pgtable-generic.c
process_vm_access.c
ptdump.c
readahead.c
rmap.c
rodata_test.c
secretmem.c
shmem.c
shuffle.c
shuffle.h
slab.c