| From cfd885df984a883334123fa2f95c5759d788780e Mon Sep 17 00:00:00 2001 |
| From: Mikhail Zaslonko <zaslonko@linux.ibm.com> |
| Date: Fri, 1 Feb 2019 14:20:38 -0800 |
| Subject: mm, memory_hotplug: test_pages_in_a_zone do not pass the end of zone |
| |
| [ Upstream commit 24feb47c5fa5b825efb0151f28906dfdad027e61 ] |
| |
| If memory end is not aligned with the sparse memory section boundary, |
| the mapping of such a section is only partly initialized. This may lead |
| to VM_BUG_ON due to uninitialized struct pages access from |
| test_pages_in_a_zone() function triggered by memory_hotplug sysfs |
| handlers. |
| |
| Here are the the panic examples: |
| CONFIG_DEBUG_VM_PGFLAGS=y |
| kernel parameter mem=2050M |
| -------------------------- |
| page:000003d082008000 is uninitialized and poisoned |
| page dumped because: VM_BUG_ON_PAGE(PagePoisoned(p)) |
| Call Trace: |
| test_pages_in_a_zone+0xde/0x160 |
| show_valid_zones+0x5c/0x190 |
| dev_attr_show+0x34/0x70 |
| sysfs_kf_seq_show+0xc8/0x148 |
| seq_read+0x204/0x480 |
| __vfs_read+0x32/0x178 |
| vfs_read+0x82/0x138 |
| ksys_read+0x5a/0xb0 |
| system_call+0xdc/0x2d8 |
| Last Breaking-Event-Address: |
| test_pages_in_a_zone+0xde/0x160 |
| Kernel panic - not syncing: Fatal exception: panic_on_oops |
| |
| Fix this by checking whether the pfn to check is within the zone. |
| |
| [mhocko@suse.com: separated this change from http://lkml.kernel.org/r/20181105150401.97287-2-zaslonko@linux.ibm.com] |
| Link: http://lkml.kernel.org/r/20190128144506.15603-3-mhocko@kernel.org |
| |
| [mhocko@suse.com: separated this change from |
| http://lkml.kernel.org/r/20181105150401.97287-2-zaslonko@linux.ibm.com] |
| Signed-off-by: Michal Hocko <mhocko@suse.com> |
| Signed-off-by: Mikhail Zaslonko <zaslonko@linux.ibm.com> |
| Tested-by: Mikhail Gavrilov <mikhail.v.gavrilov@gmail.com> |
| Reviewed-by: Oscar Salvador <osalvador@suse.de> |
| Tested-by: Gerald Schaefer <gerald.schaefer@de.ibm.com> |
| Cc: Heiko Carstens <heiko.carstens@de.ibm.com> |
| Cc: Martin Schwidefsky <schwidefsky@de.ibm.com> |
| Cc: Mikhail Gavrilov <mikhail.v.gavrilov@gmail.com> |
| Cc: Pavel Tatashin <pasha.tatashin@soleen.com> |
| Signed-off-by: Andrew Morton <akpm@linux-foundation.org> |
| Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
| Signed-off-by: Sasha Levin <sashal@kernel.org> |
| --- |
| mm/memory_hotplug.c | 3 +++ |
| 1 file changed, 3 insertions(+) |
| |
| diff --git a/mm/memory_hotplug.c b/mm/memory_hotplug.c |
| index 34cde04f346d..ff93a57e1694 100644 |
| --- a/mm/memory_hotplug.c |
| +++ b/mm/memory_hotplug.c |
| @@ -1299,6 +1299,9 @@ int test_pages_in_a_zone(unsigned long start_pfn, unsigned long end_pfn, |
| i++; |
| if (i == MAX_ORDER_NR_PAGES || pfn + i >= end_pfn) |
| continue; |
| + /* Check if we got outside of the zone */ |
| + if (zone && !zone_spans_pfn(zone, pfn + i)) |
| + return 0; |
| page = pfn_to_page(pfn + i); |
| if (zone && page_zone(page) != zone) |
| return 0; |
| -- |
| 2.19.1 |
| |