shinys000114/linux
1
0
Fork 0
mirror of https://github.com/hardkernel/linux.git synced 2026-06-06 10:58:48 +09:00
Code Issues Packages Projects Releases Wiki Activity
Files
5fd617128b57eaf879936bbd1bcbcd7cd436c614
linux/mm
History
Vlastimil Babka 19de79aaea mm/mempool: fix poisoning order>0 pages with HIGHMEM 
[ Upstream commit ec33b59542d96830e3c89845ff833cf7b25ef172 ]

The kernel test has reported:

  BUG: unable to handle page fault for address: fffba000
  #PF: supervisor write access in kernel mode
  #PF: error_code(0x0002) - not-present page
  *pde = 03171067 *pte = 00000000
  Oops: Oops: 0002 [#1]
  CPU: 0 UID: 0 PID: 1 Comm: swapper/0 Tainted: G                T   6.18.0-rc2-00031-gec7f31b2a2d3 #1 NONE  a1d066dfe789f54bc7645c7989957d2bdee593ca
  Tainted: [T]=RANDSTRUCT
  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
  EIP: memset (arch/x86/include/asm/string_32.h:168 arch/x86/lib/memcpy_32.c:17)
  Code: a5 8b 4d f4 83 e1 03 74 02 f3 a4 83 c4 04 5e 5f 5d 2e e9 73 41 01 00 90 90 90 3e 8d 74 26 00 55 89 e5 57 56 89 c6 89 d0 89 f7 <f3> aa 89 f0 5e 5f 5d 2e e9 53 41 01 00 cc cc cc 55 89 e5 53 57 56
  EAX: 0000006b EBX: 00000015 ECX: 001fefff EDX: 0000006b
  ESI: fffb9000 EDI: fffba000 EBP: c611fbf0 ESP: c611fbe8
  DS: 007b ES: 007b FS: 0000 GS: 0000 SS: 0068 EFLAGS: 00010287
  CR0: 80050033 CR2: fffba000 CR3: 0316e000 CR4: 00040690
  Call Trace:
   poison_element (mm/mempool.c:83 mm/mempool.c:102)
   mempool_init_node (mm/mempool.c:142 mm/mempool.c:226)
   mempool_init_noprof (mm/mempool.c:250 (discriminator 1))
   ? mempool_alloc_pages (mm/mempool.c:640)
   bio_integrity_initfn (block/bio-integrity.c:483 (discriminator 8))
   ? mempool_alloc_pages (mm/mempool.c:640)
   do_one_initcall (init/main.c:1283)

Christoph found out this is due to the poisoning code not dealing
properly with CONFIG_HIGHMEM because only the first page is mapped but
then the whole potentially high-order page is accessed.

We could give up on HIGHMEM here, but it's straightforward to fix this
with a loop that's mapping, poisoning or checking and unmapping
individual pages.

Reported-by: kernel test robot <oliver.sang@intel.com>
Closes: https://lore.kernel.org/oe-lkp/202511111411.9ebfa1ba-lkp@intel.com
Analyzed-by: Christoph Hellwig <hch@lst.de>
Fixes: bdfedb76f4 ("mm, mempool: poison elements backed by slab allocator")
Cc: stable@vger.kernel.org
Tested-by: kernel test robot <oliver.sang@intel.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Link: https://patch.msgid.link/20251113-mempool-poison-v1-1-233b3ef984c3@suse.cz
Signed-off-by: Vlastimil Babka <vbabka@suse.cz>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2025-12-01 11:41:54 +01:00
..
damon
mm/damon/vaddr: do not repeat pte_offset_map_lock() until success
2025-10-19 16:30:55 +02:00
kasan
mm: introduce and use {pgd,p4d}_populate_kernel()
2025-09-19 16:32:01 +02:00
kfence
kfence: skip __GFP_THISNODE allocations on NUMA systems
2025-02-17 09:40:32 +01:00
kmsan
kmsan: fix out-of-bounds access to shadow memory
2025-10-02 13:42:53 +02:00
backing-dev.c
blk-wbt: Fix detection of dirty-throttled tasks
2024-02-23 09:25:16 +01:00
balloon_compaction.c
bootmem_info.c
cma_debug.c
cma_sysfs.c
mm: cma: make kobj_type structure constant
2023-03-28 16:20:06 -07:00
cma.c
mm/cma: drop incorrect alignment check in cma_init_reserved_mem
2024-06-16 13:47:42 +02:00
cma.h
compaction.c
NFS: fix nfs_release_folio() to not deadlock via kcompactd writeback
2025-03-13 12:58:27 +01:00
debug_page_alloc.c
mm: page_alloc: split out DEBUG_PAGEALLOC
2023-06-09 16:25:23 -07:00
debug_page_ref.c
debug_vm_pgtable.c
mm/debug_vm_pgtable: clear page table entries at destroy_args()
2025-08-28 16:28:43 +02:00
debug.c
mm: update validate_mm() to use vma iterator
2023-06-09 16:25:31 -07:00
dmapool_test.c
dmapool: add alloc/free performance test
2023-04-05 19:42:38 -07:00
dmapool.c
dmapool: create/destroy cleanup
2023-06-09 16:25:17 -07:00
early_ioremap.c
mm/early_ioremap.c: improve the execution efficiency of early_ioremap_setup()
2023-06-09 16:25:56 -07:00
fadvise.c
mm: remove unnecessary pagevec includes
2023-06-23 16:59:31 -07:00
fail_page_alloc.c
mm: page_alloc: split out FAIL_PAGE_ALLOC
2023-06-09 16:25:23 -07:00
failslab.c
mm: fix unexpected changes to {failslab|fail_page_alloc}.attr
2022-11-22 18:50:44 -08:00
filemap.c
cachestat: do not flush stats in recency check
2025-11-24 10:30:14 +01:00
folio-compat.c
filemap: Add fgf_t typedef
2023-07-24 18:04:30 -04:00
gup_test.c
Merge mm-hotfixes-stable into mm-stable to pick up depended-upon changes.
2023-06-23 16:58:19 -07:00
gup_test.h
mm/gup_test: start/stop/read functionality for PIN LONGTERM test
2022-11-08 17:37:15 -08:00
gup.c
mm: folio_may_be_lru_cached() unless folio_test_large()
2025-10-02 13:42:49 +02:00
highmem.c
mm: ptep_get() conversion
2023-06-19 16:19:25 -07:00
hmm.c
mm/hmm: move pmd_to_hmm_pfn_flags() to the respective #ifdeffery
2025-08-15 12:09:08 +02:00
huge_memory.c
mm/huge_memory: fix dereferencing invalid pmd migration entry
2025-06-27 11:09:00 +01:00
hugetlb_cgroup.c
mm/hugetlb: increase use of folios in alloc_huge_page()
2023-02-13 15:54:27 -08:00
hugetlb_vmemmap.c
mm: hugetlb_vmemmap: fix a race between vmemmap pmd split
2023-08-18 10:12:14 -07:00
hugetlb_vmemmap.h
hugetlb.c
mm/hugetlb: early exit from hugetlb_pages_alloc_boot() when max_huge_pages=0
2025-10-19 16:30:55 +02:00
hwpoison-inject.c
mm/hwpoison: add __init/__exit annotations to module init/exit funcs
2022-10-03 14:03:05 -07:00
init-mm.c
mm: move dummy_vm_ops out of a header
2023-08-21 13:37:46 -07:00
internal.h
Rename .data.once to .data..once to fix resetting WARN*_ONCE
2024-12-09 10:32:59 +01:00
interval_tree.c
io-mapping.c
ioremap.c
mm: ioremap: remove unneeded ioremap_allowed and iounmap_allowed
2023-08-18 10:12:36 -07:00
Kconfig
Disable SLUB_TINY for build testing
2025-09-19 16:32:05 +02:00
Kconfig.debug
mm: page_table_check: Make it dependent on EXCLUSIVE_SYSTEM_RAM
2023-05-29 16:14:28 +01:00
khugepaged.c
mm/khugepaged: fix the address passed to notifier on testing young
2025-09-19 16:32:05 +02:00
kmemleak.c
mm/kmemleak: avoid deadlock by moving pr_warn() outside kmemleak_lock
2025-08-28 16:28:32 +02:00
ksm.c
mm/ksm: fix ksm_zero_pages accounting
2024-06-16 13:47:41 +02:00
list_lru.c
maccess.c
mm: Fix copy_from_user_nofault().
2023-04-12 17:36:23 -07:00
madvise.c
mm: drop the assumption that VM_SHARED always implies writable
2025-08-28 16:28:39 +02:00
Makefile
Merge tag 'mm-stable-2023-08-28-18-26' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
2023-08-29 14:25:26 -07:00
mapping_dirty_helpers.c
mm: fix clean_record_shared_mapping_range kernel-doc
2023-08-24 16:20:30 -07:00
memblock.c
memblock: Accept allocated memory before use in memblock_double_array()
2025-05-22 14:12:25 +02:00
memcontrol.c
memcg: fix data-race KCSAN bug in rstats
2025-11-24 10:30:14 +01:00
memfd.c
mm: reinstate ability to map write-sealed memfd mappings read-only
2025-08-28 16:28:39 +02:00
memory_hotplug.c
hwpoison, memory_hotplug: lock folio before unmap hwpoisoned folio
2025-05-22 14:12:25 +02:00
memory-failure.c
mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison memory
2025-09-19 16:32:04 +02:00
memory-tiers.c
memory tiers: use default_dram_perf_ref_source in log message
2025-11-24 10:30:14 +01:00
memory.c
mm/memory: do not populate page table entries beyond i_size
2025-11-24 10:30:13 +01:00
mempolicy.c
mm/mempolicy: fix migrate_to_node() assuming there is at least one VMA in a MM
2024-12-14 20:00:18 +01:00
mempool.c
mm/mempool: fix poisoning order>0 pages with HIGHMEM
2025-12-01 11:41:54 +01:00
memremap.c
mm/memremap.c: fix outdated comment in devm_memremap_pages
2023-02-09 16:51:46 -08:00
memtest.c
memtest: use {READ,WRITE}_ONCE in memory scanning
2024-04-03 15:28:33 +02:00
migrate_device.c
mm/migrate_device: don't add folio to be freed to LRU in migrate_device_finalize()
2025-10-02 13:42:54 +02:00
migrate.c
mm/migrate: correct nr_failed in migrate_pages_sync()
2025-05-22 14:12:25 +02:00
mincore.c
mm: enable page walking API to lock vmas during the walk
2023-08-21 13:07:20 -07:00
mlock.c
mm: folio_may_be_lru_cached() unless folio_test_large()
2025-10-02 13:42:49 +02:00
mm_init.c
mm/mm_init: fix hash table order logging in alloc_large_system_hash()
2025-11-24 10:30:07 +01:00
mm_slot.h
mmap_lock.c
mm: mmap_lock: replace get_memcg_path_buf() with on-stack buffer
2024-08-03 08:54:12 +02:00
mmap.c
mm: reinstate ability to map write-sealed memfd mappings read-only
2025-08-28 16:28:39 +02:00
mmu_gather.c
mm: fix kernel-doc warning from tlb_flush_rmaps()
2023-08-24 16:20:30 -07:00
mmu_notifier.c
mmu_notifiers: rename invalidate_range notifier
2023-08-18 10:12:41 -07:00
mmzone.c
mprotect.c
mm: refactor map_deny_write_exec()
2024-11-22 15:38:37 +01:00
mremap.c
mm/mremap: correctly handle partial mremap() of VMA starting at 0
2025-04-25 10:45:31 +02:00
msync.c
nommu.c
mm: add nommu variant of vm_insert_pages()
2025-03-22 12:50:44 -07:00
oom_kill.c
memcg: fix soft lockup in the OOM process
2025-02-27 04:10:45 -08:00
page_alloc.c
mm/page_alloc: only set ALLOC_HIGHATOMIC for __GPF_HIGH allocations
2025-10-19 16:30:55 +02:00
page_counter.c
page_ext.c
mm/page_ext: move functions around for minor cleanups to page_ext
2023-08-18 10:12:31 -07:00
page_idle.c
mm: page_idle: convert page idle to use a folio
2023-01-18 17:12:52 -08:00
page_io.c
mm: memcg: add THP swap out info for anonymous reclaim
2025-11-24 10:30:12 +01:00
page_isolation.c
mm/hugetlb: get rid of page_hstate()
2023-08-18 10:12:39 -07:00
page_owner.c
mm/page_ext: use page_ext_data helper in page_owner
2023-08-21 13:37:27 -07:00
page_poison.c
mm/page_poison: remove unused page_ext.h from page_poison
2023-08-21 13:37:30 -07:00
page_reporting.c
mm, treewide: introduce NR_PAGE_ORDERS
2024-05-02 16:32:41 +02:00
page_reporting.h
page_table_check.c
mm/page_table_check: support userfault wr-protect entries
2024-08-19 06:04:29 +02:00
page_vma_mapped.c
mm: make page_mapped_in_vma() hugetlb walk aware
2025-04-25 10:45:31 +02:00
page-writeback.c
mm: fix ratelimit_pages update error in dirty_ratio_handler()
2025-06-27 11:08:49 +01:00
pagewalk.c
mm/pagewalk: fix bootstopping regression from extra pte_unmap()
2023-09-02 08:39:21 -07:00
percpu-internal.h
percpu-internal/pcpu_chunk: re-layout pcpu_chunk structure to reduce false sharing
2023-06-19 16:19:29 -07:00
percpu-km.c
percpu-stats.c
percpu-vm.c
percpu.c
mm, percpu: do not consider sleepable allocations atomic
2025-11-24 10:30:10 +01:00
pgalloc-track.h
pgtable-generic.c
mm: fix race between __split_huge_pmd_locked() and GUP-fast
2024-06-16 13:47:40 +02:00
process_vm_access.c
mm/gup: remove unused vmas parameter from pin_user_pages_remote()
2023-06-09 16:25:25 -07:00
ptdump.c
mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd()
2025-08-28 16:28:42 +02:00
readahead.c
mm/readahead: fix large folio support in async readahead
2025-01-09 13:32:08 +01:00
rmap.c
mm/rmap: reject hugetlb folios in folio_make_device_exclusive()
2025-04-25 10:45:31 +02:00
rodata_test.c
mm/rodata_test: use PAGE_ALIGNED() helper
2022-10-03 14:03:05 -07:00
secretmem.c
mm/secretmem: fix use-after-free race in fault handler
2025-11-24 10:30:13 +01:00
shmem_quota.c
tmpfs: fix race on handling dquot rbtree
2024-04-03 15:28:54 +02:00
shmem.c
shmem: fix tmpfs reconfiguration (remount) when noswap is set
2025-12-01 11:41:39 +01:00
show_mem.c
mm, treewide: introduce NR_PAGE_ORDERS
2024-05-02 16:32:41 +02:00
shrinker_debug.c
Revert "mm: shrinkers: make count and scan in shrinker debugfs lockless"
2023-06-19 13:19:34 -07:00
shuffle.c
mm/shuffle: convert module_param_call to module_param_cb
2022-10-03 14:03:07 -07:00
shuffle.h
mm, treewide: redefine MAX_ORDER sanely
2023-04-05 19:42:46 -07:00
slab_common.c
mm: krealloc: Fix MTE false alarm in __do_krealloc
2024-11-17 15:08:58 +01:00
slab.c
Randomized slab caches for kmalloc()
2023-07-18 10:07:47 +02:00
slab.h
mm/slub: Avoid list corruption when removing a slab from the full list
2024-12-09 10:33:06 +01:00
slub.c
mm: slub: avoid wake up kswapd in set_track_prepare
2025-09-09 18:56:34 +02:00
sparse-vmemmap.c
mm: introduce and use {pgd,p4d}_populate_kernel()
2025-09-19 16:32:01 +02:00
sparse.c
x86/kaslr: Expose and use the end of the physical memory address space
2024-09-12 11:11:25 +02:00
swap_cgroup.c
mm: memcontrol: don't allocate cgroup swap arrays when memcg is disabled
2022-10-03 14:03:36 -07:00
swap_slots.c
mm/swap: convert put_swap_page() to put_swap_folio()
2022-10-03 14:02:46 -07:00
swap_state.c
mm/swap: inline folio_set_swap_entry() and folio_swap_entry()
2023-08-24 16:20:28 -07:00
swap.c
mm: folio_may_be_lru_cached() unless folio_test_large()
2025-10-02 13:42:49 +02:00
swap.h
mm/swap: fix race when skipping swapcache
2024-03-01 13:35:00 +01:00
swapfile.c
mm/swapfile: skip HugeTLB pages for unuse_vma
2024-10-22 15:46:21 +02:00
truncate.c
mm/truncate: unmap large folio on split failure
2025-11-24 10:30:13 +01:00
usercopy.c
mm: Fix copy_from_user_nofault().
2023-04-12 17:36:23 -07:00
userfaultfd.c
userfaultfd: fix checks for huge PMDs
2024-09-12 11:11:27 +02:00
util.c
mm: only enforce minimum stack gap size if it's sensible
2024-10-04 16:30:02 +02:00
vmalloc.c
mm/vmalloc: leave lazy MMU mode on PTE mapping error
2025-07-17 18:35:15 +02:00
vmpressure.c
net-memcg: Fix scope of sockmem pressure indicators
2023-08-16 12:21:32 +01:00
vmscan.c
mm: memcg: restore subtree stats flushing
2025-11-24 10:30:13 +01:00
vmstat.c
mm: memcg: add per-memcg zswap writeback stat
2025-11-24 10:30:12 +01:00
workingset.c
cachestat: do not flush stats in recency check
2025-11-24 10:30:14 +01:00
z3fold.c
mm/z3fold: remove obsolete comment for struct z3fold_pool
2023-08-21 13:37:51 -07:00
zbud.c
mm: zswap: remove shrink from zpool interface
2023-06-19 16:19:27 -07:00
zpool.c
mm: zswap: remove shrink from zpool interface
2023-06-19 16:19:27 -07:00
zsmalloc.c
minmax: make generic MIN() and MAX() macros available everywhere
2025-10-02 13:42:55 +02:00
zswap.c
mm: memcg: add per-memcg zswap writeback stat
2025-11-24 10:30:12 +01:00