From patchwork Wed Feb 24 20:09:11 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Morton X-Patchwork-Id: 12102715 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 550FBC433E0 for ; Wed, 24 Feb 2021 20:09:15 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id CDD8464F26 for ; Wed, 24 Feb 2021 20:09:14 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org CDD8464F26 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=linux-foundation.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id 60D238D004E; Wed, 24 Feb 2021 15:09:14 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 5BCA28D001E; Wed, 24 Feb 2021 15:09:14 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 4F9738D004E; Wed, 24 Feb 2021 15:09:14 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0198.hostedemail.com [216.40.44.198]) by kanga.kvack.org (Postfix) with ESMTP id 34BC98D001E for ; Wed, 24 Feb 2021 15:09:14 -0500 (EST) Received: from smtpin28.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay03.hostedemail.com (Postfix) with ESMTP id 0116282E86D0 for ; Wed, 24 Feb 2021 20:09:14 +0000 (UTC) X-FDA: 77854250628.28.B5B0C1E Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by imf29.hostedemail.com (Postfix) with ESMTP id 84B47ED for ; Wed, 24 Feb 2021 20:09:13 +0000 (UTC) Received: by mail.kernel.org (Postfix) with ESMTPSA id 19B6F64F1F; Wed, 24 Feb 2021 20:09:12 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linux-foundation.org; s=korg; t=1614197352; bh=gB3hb8WuHHV/SNs+QFMV+iCPOAETqI6CRyNbgfNVZZA=; h=Date:From:To:Subject:In-Reply-To:From; b=ioQmKqMGtd7p7x2I/paqYKYpsLdZJnsm0pyysVvaYWNv0b3oCnvKmgVDwxDiAp6eH JwFf8eOn5nJ+pGEik/M0Ts9pdH0RuywNkmZebNGtkW0c/ZVmn4uJv1vtikChJRYZuZ 0kj9yIYHUUbOcJFEDNnqGUmh4ta5fN5hMhMPkCMA= Date: Wed, 24 Feb 2021 12:09:11 -0800 From: Andrew Morton To: akpm@linux-foundation.org, gerald.schaefer@linux.ibm.com, hca@linux.ibm.com, linux-mm@kvack.org, mhocko@suse.com, mike.kravetz@oracle.com, mm-commits@vger.kernel.org, osalvador@suse.de, songmuchun@bytedance.com, svens@linux.ibm.com, torvalds@linux-foundation.org Subject: [patch 151/173] hugetlb: fix uninitialized subpool pointer Message-ID: <20210224200911.aP4lDAAYo%akpm@linux-foundation.org> In-Reply-To: <20210224115824.1e289a6895087f10c41dd8d6@linux-foundation.org> User-Agent: s-nail v14.8.16 X-Rspamd-Server: rspam04 X-Rspamd-Queue-Id: 84B47ED X-Stat-Signature: q4ooo7fzptsp17nmmqxhhasfu7ydsagq Received-SPF: none (linux-foundation.org>: No applicable sender policy available) receiver=imf29; identity=mailfrom; envelope-from=""; helo=mail.kernel.org; client-ip=198.145.29.99 X-HE-DKIM-Result: pass/pass X-HE-Tag: 1614197353-31470 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: From: Mike Kravetz Subject: hugetlb: fix uninitialized subpool pointer Gerald Schaefer reported a panic on s390 in hugepage_subpool_put_pages() with linux-next 5.12.0-20210222. Call trace: hugepage_subpool_put_pages.part.0+0x2c/0x138 __free_huge_page+0xce/0x310 alloc_pool_huge_page+0x102/0x120 set_max_huge_pages+0x13e/0x350 hugetlb_sysctl_handler_common+0xd8/0x110 hugetlb_sysctl_handler+0x48/0x58 proc_sys_call_handler+0x138/0x238 new_sync_write+0x10e/0x198 vfs_write.part.0+0x12c/0x238 ksys_write+0x68/0xf8 do_syscall+0x82/0xd0 __do_syscall+0xb4/0xc8 system_call+0x72/0x98 This is a result of the change which moved the hugetlb page subpool pointer from page->private to page[1]->private. When new pages are allocated from the buddy allocator, the private field of the head page will be cleared, but the private field of subpages is not modified. Therefore, old values may remain. Fix by initializing hugetlb page subpool pointer in prep_new_huge_page(). Link: https://lkml.kernel.org/r/20210223215544.313871-1-mike.kravetz@oracle.com Fixes: f1280272ae4d ("hugetlb: use page.private for hugetlb specific page flags") Signed-off-by: Mike Kravetz Reported-by: Gerald Schaefer Reviewed-by: Oscar Salvador Acked-by: Michal Hocko Cc: Gerald Schaefer Cc: Muchun Song Cc: Heiko Carstens Cc: Sven Schnelle Signed-off-by: Andrew Morton --- mm/hugetlb.c | 1 + 1 file changed, 1 insertion(+) --- a/mm/hugetlb.c~hugetlb-fix-uninitialized-subpool-pointer +++ a/mm/hugetlb.c @@ -1465,6 +1465,7 @@ static void prep_new_huge_page(struct hs { INIT_LIST_HEAD(&page->lru); set_compound_page_dtor(page, HUGETLB_PAGE_DTOR); + hugetlb_set_page_subpool(page, NULL); set_hugetlb_cgroup(page, NULL); set_hugetlb_cgroup_rsvd(page, NULL); spin_lock(&hugetlb_lock);