| Message ID | 20210902115447.57050-1-linmiaohe@huawei.com (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | [v2] mm/page_alloc.c: avoid accessing uninitialized pcp page migratetype | expand |
On 9/2/21 13:54, Miaohe Lin wrote: > If it's not prepared to free unref page, the pcp page migratetype is > unset. Thus We will get rubbish from get_pcppage_migratetype() and > might list_del &page->lru again after it's already deleted from the > list leading to grumble about data corruption. > > Fixes: df1acc856923 ("mm/page_alloc: avoid conflating IRQs disabled with zone->lock") > Signed-off-by: Miaohe Lin <linmiaohe@huawei.com> > Acked-by: Mel Gorman <mgorman@techsingularity.net> > Cc: <stable@vger.kernel.org> Acked-by: Vlastimil Babka <vbabka@suse.cz> > --- > mm/page_alloc.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/mm/page_alloc.c b/mm/page_alloc.c > index 9c09dcb24149..a3c6acafa478 100644 > --- a/mm/page_alloc.c > +++ b/mm/page_alloc.c > @@ -3420,8 +3420,10 @@ void free_unref_page_list(struct list_head *list) > /* Prepare pages for freeing */ > list_for_each_entry_safe(page, next, list, lru) { > pfn = page_to_pfn(page); > - if (!free_unref_page_prepare(page, pfn, 0)) > + if (!free_unref_page_prepare(page, pfn, 0)) { > list_del(&page->lru); > + continue; > + } > > /* > * Free isolated pages directly to the allocator, see >
On 02.09.21 13:54, Miaohe Lin wrote: > If it's not prepared to free unref page, the pcp page migratetype is > unset. Thus We will get rubbish from get_pcppage_migratetype() and > might list_del &page->lru again after it's already deleted from the > list leading to grumble about data corruption. > > Fixes: df1acc856923 ("mm/page_alloc: avoid conflating IRQs disabled with zone->lock") > Signed-off-by: Miaohe Lin <linmiaohe@huawei.com> > Acked-by: Mel Gorman <mgorman@techsingularity.net> > Cc: <stable@vger.kernel.org> > --- > mm/page_alloc.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/mm/page_alloc.c b/mm/page_alloc.c > index 9c09dcb24149..a3c6acafa478 100644 > --- a/mm/page_alloc.c > +++ b/mm/page_alloc.c > @@ -3420,8 +3420,10 @@ void free_unref_page_list(struct list_head *list) > /* Prepare pages for freeing */ > list_for_each_entry_safe(page, next, list, lru) { > pfn = page_to_pfn(page); > - if (!free_unref_page_prepare(page, pfn, 0)) > + if (!free_unref_page_prepare(page, pfn, 0)) { > list_del(&page->lru); > + continue; > + } > > /* > * Free isolated pages directly to the allocator, see > Reviewed-by: David Hildenbrand <david@redhat.com>
diff --git a/mm/page_alloc.c b/mm/page_alloc.c index 9c09dcb24149..a3c6acafa478 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c @@ -3420,8 +3420,10 @@ void free_unref_page_list(struct list_head *list) /* Prepare pages for freeing */ list_for_each_entry_safe(page, next, list, lru) { pfn = page_to_pfn(page); - if (!free_unref_page_prepare(page, pfn, 0)) + if (!free_unref_page_prepare(page, pfn, 0)) { list_del(&page->lru); + continue; + } /* * Free isolated pages directly to the allocator, see
If it's not prepared to free unref page, the pcp page migratetype is unset. Thus We will get rubbish from get_pcppage_migratetype() and might list_del &page->lru again after it's already deleted from the list leading to grumble about data corruption. Fixes: df1acc856923 ("mm/page_alloc: avoid conflating IRQs disabled with zone->lock") Signed-off-by: Miaohe Lin <linmiaohe@huawei.com> Acked-by: Mel Gorman <mgorman@techsingularity.net> Cc: <stable@vger.kernel.org> --- mm/page_alloc.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)