[06/16] mm/page_alloc: fix freeing static percpu memory

Message ID	20220909092451.24883-7-linmiaohe@huawei.com (mailing list archive)
State	New
Headers	show Return-Path: <owner-linux-mm@kvack.org> From: Miaohe Lin <linmiaohe@huawei.com> To: <akpm@linux-foundation.org> CC: <david@redhat.com>, <osalvador@suse.de>, <linux-mm@kvack.org>, <linux-kernel@vger.kernel.org>, <linmiaohe@huawei.com> Subject: [PATCH 06/16] mm/page_alloc: fix freeing static percpu memory Date: Fri, 9 Sep 2022 17:24:41 +0800 Message-ID: <20220909092451.24883-7-linmiaohe@huawei.com> In-Reply-To: <20220909092451.24883-1-linmiaohe@huawei.com> References: <20220909092451.24883-1-linmiaohe@huawei.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain Sender: owner-linux-mm@kvack.org Precedence: bulk
Series	A few cleanup patches for mm \| expand [00/16] A few cleanup patches for mm [01/16] mm/page_alloc: ensure kswapd doesn't accidentally go to sleep [02/16] mm/page_alloc: make zone_pcp_update() static [03/16] mm: remove obsolete macro NR_PCP_ORDER_MASK [04/16] mm/page_alloc: remove obsolete comment in zone_statistics() [05/16] mm/page_alloc: add __init annotations to init_mem_debugging_and_hardening() [06/16] mm/page_alloc: fix freeing static percpu memory [07/16] mm: remove obsolete pgdat_is_empty() [08/16] mm/page_alloc: add missing is_migrate_isolate() check in set_page_guard() [09/16] mm/page_alloc: use local variable zone_idx directly [10/16] mm, memory_hotplug: remove obsolete generic_free_nodedata() [11/16] mm/page_alloc: make boot_nodestats static [12/16] mm/page_alloc: use helper macro SZ_1{K,M} [13/16] mm/page_alloc: init local variable buddy_pfn [14/16] mm/page_alloc: use costly_order in WARN_ON_ONCE_GFP() [15/16] mm/page_alloc: remove obsolete gfpflags_normal_context() [16/16] mm/page_alloc: fix obsolete comment in deferred_pfn_valid()

Message ID

20220909092451.24883-7-linmiaohe@huawei.com (mailing list archive)

State

New

Headers

From: Miaohe Lin <linmiaohe@huawei.com>
To: <akpm@linux-foundation.org>
CC: <david@redhat.com>, <osalvador@suse.de>, <linux-mm@kvack.org>,
	<linux-kernel@vger.kernel.org>, <linmiaohe@huawei.com>
Subject: [PATCH 06/16] mm/page_alloc: fix freeing static percpu memory
Date: Fri, 9 Sep 2022 17:24:41 +0800
Message-ID: <20220909092451.24883-7-linmiaohe@huawei.com>
In-Reply-To: <20220909092451.24883-1-linmiaohe@huawei.com>
References: <20220909092451.24883-1-linmiaohe@huawei.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain
Sender: owner-linux-mm@kvack.org
Precedence: bulk

Series

A few cleanup patches for mm | expand

Commit Message

Miaohe Lin Sept. 9, 2022, 9:24 a.m. UTC

The size of struct per_cpu_zonestat can be 0 on !SMP && !NUMA. In that
case, zone->per_cpu_zonestats will always equal to boot_zonestats. But
in zone_pcp_reset(), zone->per_cpu_zonestats is freed via free_percpu()
directly without checking against boot_zonestats first. boot_zonestats
will be released by free_percpu() unexpectedly.

Fixes: 28f836b6777b ("mm/page_alloc: split per cpu page lists and zone stats")
Signed-off-by: Miaohe Lin <linmiaohe@huawei.com>
---
 mm/page_alloc.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

Comments

David Hildenbrand Sept. 9, 2022, 11:28 a.m. UTC | #1

On 09.09.22 11:24, Miaohe Lin wrote:
> The size of struct per_cpu_zonestat can be 0 on !SMP && !NUMA. In that
> case, zone->per_cpu_zonestats will always equal to boot_zonestats. But
> in zone_pcp_reset(), zone->per_cpu_zonestats is freed via free_percpu()
> directly without checking against boot_zonestats first. boot_zonestats
> will be released by free_percpu() unexpectedly.
> 
> Fixes: 28f836b6777b ("mm/page_alloc: split per cpu page lists and zone stats")
> Signed-off-by: Miaohe Lin <linmiaohe@huawei.com>
> ---
>   mm/page_alloc.c | 6 ++++--
>   1 file changed, 4 insertions(+), 2 deletions(-)
> 
> diff --git a/mm/page_alloc.c b/mm/page_alloc.c
> index 3497919f4ef5..a35ef385d906 100644
> --- a/mm/page_alloc.c
> +++ b/mm/page_alloc.c
> @@ -9510,9 +9510,11 @@ void zone_pcp_reset(struct zone *zone)
>   			drain_zonestat(zone, pzstats);
>   		}
>   		free_percpu(zone->per_cpu_pageset);
> -		free_percpu(zone->per_cpu_zonestats);
>   		zone->per_cpu_pageset = &boot_pageset;
> -		zone->per_cpu_zonestats = &boot_zonestats;
> +		if (zone->per_cpu_zonestats != &boot_zonestats) {
> +			free_percpu(zone->per_cpu_zonestats);
> +			zone->per_cpu_zonestats = &boot_zonestats;
> +		}
>   	}
>   }
>   

Reviewed-by: David Hildenbrand <david@redhat.com>

Oscar Salvador Sept. 15, 2022, 4:53 a.m. UTC | #2

On Fri, Sep 09, 2022 at 05:24:41PM +0800, Miaohe Lin wrote:
> The size of struct per_cpu_zonestat can be 0 on !SMP && !NUMA. In that
> case, zone->per_cpu_zonestats will always equal to boot_zonestats. But
> in zone_pcp_reset(), zone->per_cpu_zonestats is freed via free_percpu()
> directly without checking against boot_zonestats first. boot_zonestats
> will be released by free_percpu() unexpectedly.
> 
> Fixes: 28f836b6777b ("mm/page_alloc: split per cpu page lists and zone stats")
> Signed-off-by: Miaohe Lin <linmiaohe@huawei.com>

Reviewed-by: Oscar Salvador <osalvador@suse.de>

diff --git a/mm/page_alloc.c b/mm/page_alloc.c
index 3497919f4ef5..a35ef385d906 100644
--- a/mm/page_alloc.c
+++ b/mm/page_alloc.c
@@ -9510,9 +9510,11 @@  void zone_pcp_reset(struct zone *zone)
 			drain_zonestat(zone, pzstats);
 		}
 		free_percpu(zone->per_cpu_pageset);
-		free_percpu(zone->per_cpu_zonestats);
 		zone->per_cpu_pageset = &boot_pageset;
-		zone->per_cpu_zonestats = &boot_zonestats;
+		if (zone->per_cpu_zonestats != &boot_zonestats) {
+			free_percpu(zone->per_cpu_zonestats);
+			zone->per_cpu_zonestats = &boot_zonestats;
+		}
 	}
 }

[06/16] mm/page_alloc: fix freeing static percpu memory

Commit Message

Comments

Patch