[PATCH v2 1/4] mm, page_alloc: fix check for NULL preferred_zone

From: Vlastimil Babka
Date: Fri Jan 20 2017 - 05:39:58 EST

Next message: Miklos Szeredi: "[GIT PULL] fuse fixes for 4.10-rc5"
Previous message: Olaf Hering: "Re: 4.9.3, NULL pointer in __wake_up_common / drm / i915"
In reply to: Vlastimil Babka: "[PATCH v2 3/4] mm, page_alloc: move cpuset seqcount checking to slowpath"
Next in thread: Hillf Danton: "Re: [PATCH v2 0/4] fix premature OOM regression in 4.7+ due to cpuset races"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Since commit c33d6c06f60f ("mm, page_alloc: avoid looking up the first zone in
a zonelist twice") we have a wrong check for NULL preferred_zone, which can
theoretically happen due to concurrent cpuset modification. We check the
zoneref pointer which is never NULL and we should check the zone pointer.
Also document this in first_zones_zonelist() comment per Michal Hocko.

Fixes: c33d6c06f60f ("mm, page_alloc: avoid looking up the first zone in a zonelist twice")
Signed-off-by: Vlastimil Babka <vbabka@xxxxxxx>
Cc: <stable@xxxxxxxxxxxxxxx>
Acked-by: Mel Gorman <mgorman@xxxxxxxxxxxxxxxxxxx>
---
include/linux/mmzone.h | 6 +++++-
mm/page_alloc.c | 2 +-
2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/include/linux/mmzone.h b/include/linux/mmzone.h
index 36d9896fbc1e..f4aac87adcc3 100644
--- a/include/linux/mmzone.h
+++ b/include/linux/mmzone.h
@@ -972,12 +972,16 @@ static __always_inline struct zoneref *next_zones_zonelist(struct zoneref *z,
* @zonelist - The zonelist to search for a suitable zone
* @highest_zoneidx - The zone index of the highest zone to return
* @nodes - An optional nodemask to filter the zonelist with
- * @zone - The first suitable zone found is returned via this parameter
+ * @return - Zoneref pointer for the first suitable zone found (see below)
*
* This function returns the first zone at or below a given zone index that is
* within the allowed nodemask. The zoneref returned is a cursor that can be
* used to iterate the zonelist with next_zones_zonelist by advancing it by
* one before calling.
+ *
+ * When no eligible zone is found, zoneref->zone is NULL (zoneref itself is
+ * never NULL). This may happen either genuinely, or due to concurrent nodemask
+ * update due to cpuset modification.
*/
static inline struct zoneref *first_zones_zonelist(struct zonelist *zonelist,
enum zone_type highest_zoneidx,
diff --git a/mm/page_alloc.c b/mm/page_alloc.c
index d604d2596b7b..0d771f3fb835 100644
--- a/mm/page_alloc.c
+++ b/mm/page_alloc.c
@@ -3784,7 +3784,7 @@ __alloc_pages_nodemask(gfp_t gfp_mask, unsigned int order,
*/
ac.preferred_zoneref = first_zones_zonelist(ac.zonelist,
ac.high_zoneidx, ac.nodemask);
- if (!ac.preferred_zoneref) {
+ if (!ac.preferred_zoneref->zone) {
page = NULL;
goto no_zone;
}
--
2.11.0

Next message: Miklos Szeredi: "[GIT PULL] fuse fixes for 4.10-rc5"
Previous message: Olaf Hering: "Re: 4.9.3, NULL pointer in __wake_up_common / drm / i915"
In reply to: Vlastimil Babka: "[PATCH v2 3/4] mm, page_alloc: move cpuset seqcount checking to slowpath"
Next in thread: Hillf Danton: "Re: [PATCH v2 0/4] fix premature OOM regression in 4.7+ due to cpuset races"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]