From: Hui Zhu <zhuhui@xiaomi.com>
To: akpm@linux-foundation.org, vbabka@suse.cz,
iamjoonsoo.kim@lge.com, lauraa@codeaurora.org,
linux-kernel@vger.kernel.org, linux-mm@kvack.org
Cc: teawater@gmail.com, Hui Zhu <zhuhui@xiaomi.com>
Subject: [PATCH v3] CMA: page_isolation: check buddy before access it
Date: Wed, 6 May 2015 15:08:19 +0800 [thread overview]
Message-ID: <1430896099-18017-1-git-send-email-zhuhui@xiaomi.com> (raw)
In-Reply-To: <1430732477-16977-1-git-send-email-zhuhui@xiaomi.com>
Changelog:
v3, Change the behavior according to the review of Joonsoo.
v2, Change pfn_present to pfn_valid_within according to the review of Laura.
I got a issue:
[ 214.294917] Unable to handle kernel NULL pointer dereference at virtual address 0000082a
[ 214.303013] pgd = cc970000
[ 214.305721] [0000082a] *pgd=00000000
[ 214.309316] Internal error: Oops: 5 [#1] PREEMPT SMP ARM
[ 214.335704] PC is at get_pageblock_flags_group+0x5c/0xb0
[ 214.341030] LR is at unset_migratetype_isolate+0x148/0x1b0
[ 214.346523] pc : [<c00cc9a0>] lr : [<c0109874>] psr: 80000093
[ 214.346523] sp : c7029d00 ip : 00000105 fp : c7029d1c
[ 214.358005] r10: 00000001 r9 : 0000000a r8 : 00000004
[ 214.363231] r7 : 60000013 r6 : 000000a4 r5 : c0a357e4 r4 : 00000000
[ 214.369761] r3 : 00000826 r2 : 00000002 r1 : 00000000 r0 : 0000003f
[ 214.376291] Flags: Nzcv IRQs off FIQs on Mode SVC_32 ISA ARM Segment user
[ 214.383516] Control: 10c5387d Table: 2cb7006a DAC: 00000015
[ 214.949720] Backtrace:
[ 214.952192] [<c00cc944>] (get_pageblock_flags_group+0x0/0xb0) from [<c0109874>] (unset_migratetype_isolate+0x148/0x1b0)
[ 214.962978] r7:60000013 r6:c0a357c0 r5:c0a357e4 r4:c1555000
[ 214.968693] [<c010972c>] (unset_migratetype_isolate+0x0/0x1b0) from [<c0109adc>] (undo_isolate_page_range+0xd0/0xdc)
[ 214.979222] [<c0109a0c>] (undo_isolate_page_range+0x0/0xdc) from [<c00d097c>] (__alloc_contig_range+0x254/0x34c)
[ 214.989398] r9:000abc00 r8:c7028000 r7:000b1f53 r6:000b3e00 r5:00000005
r4:c7029db4
[ 214.997308] [<c00d0728>] (__alloc_contig_range+0x0/0x34c) from [<c00d0a88>] (alloc_contig_range+0x14/0x18)
[ 215.006973] [<c00d0a74>] (alloc_contig_range+0x0/0x18) from [<c0398148>] (dma_alloc_from_contiguous_addr+0x1ac/0x304)
This issue is because when call unset_migratetype_isolate to unset a part
of CMA memory, it try to access the buddy page to get its status:
if (order >= pageblock_order) {
page_idx = page_to_pfn(page) & ((1 << MAX_ORDER) - 1);
buddy_idx = __find_buddy_index(page_idx, order);
buddy = page + (buddy_idx - page_idx);
if (!is_migrate_isolate_page(buddy)) {
But the begin addr of this part of CMA memory is very close to a part of
memory that is reserved in the boot time (not in buddy system).
So add a check before access it.
Suggested-by: Laura Abbott <labbott@redhat.com>
Suggested-by: Joonsoo Kim <iamjoonsoo.kim@lge.com>
Signed-off-by: Hui Zhu <zhuhui@xiaomi.com>
---
mm/page_isolation.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/mm/page_isolation.c b/mm/page_isolation.c
index 755a42c..4a5624c 100644
--- a/mm/page_isolation.c
+++ b/mm/page_isolation.c
@@ -101,7 +101,8 @@ void unset_migratetype_isolate(struct page *page, unsigned migratetype)
buddy_idx = __find_buddy_index(page_idx, order);
buddy = page + (buddy_idx - page_idx);
- if (!is_migrate_isolate_page(buddy)) {
+ if (pfn_valid_within(page_to_pfn(buddy))
+ && !is_migrate_isolate_page(buddy)) {
__isolate_free_page(page, order);
kernel_map_pages(page, (1 << order), 1);
set_page_refcounted(page);
--
1.9.1
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
prev parent reply other threads:[~2015-05-06 7:08 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-05-04 9:41 [PATCH] " Hui Zhu
2015-05-04 18:34 ` Laura Abbott
2015-05-05 3:17 ` Hui Zhu
2015-05-05 3:22 ` [PATCH v2] " Hui Zhu
2015-05-05 8:43 ` Vlastimil Babka
2015-05-05 21:29 ` Andrew Morton
2015-05-06 1:39 ` Hui Zhu
2015-05-06 6:28 ` Joonsoo Kim
2015-05-06 7:09 ` Hui Zhu
2015-05-06 7:55 ` Vlastimil Babka
2015-05-06 7:08 ` Hui Zhu [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1430896099-18017-1-git-send-email-zhuhui@xiaomi.com \
--to=zhuhui@xiaomi.com \
--cc=akpm@linux-foundation.org \
--cc=iamjoonsoo.kim@lge.com \
--cc=lauraa@codeaurora.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=teawater@gmail.com \
--cc=vbabka@suse.cz \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox