Re: [Resend with ACK][PATCH] memory hotplug: fix invalid memory access caused by stale kswapd pointer

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wed, Jun 20, 2012 at 5:07 PM, Andrew Morton
<akpm@xxxxxxxxxxxxxxxxxxxx> wrote:
> On Wed, 20 Jun 2012 17:21:53 +0800
> Jiang Liu <jiang.liu@xxxxxxxxxx> wrote:
>
>> Function kswapd_stop() will be called to destroy the kswapd work thread
>> when all memory of a NUMA node has been offlined. But kswapd_stop() only
>> terminates the work thread without resetting NODE_DATA(nid)->kswapd to NULL.
>> The stale pointer will prevent kswapd_run() from creating a new work thread
>> when adding memory to the memory-less NUMA node again. Eventually the stale
>> pointer may cause invalid memory access.
>
> whoops.
>
>>
>> ...
>>
>> --- a/mm/vmscan.c
>> +++ b/mm/vmscan.c
>> @@ -2961,8 +2961,10 @@ void kswapd_stop(int nid)
>>  {
>>       struct task_struct *kswapd = NODE_DATA(nid)->kswapd;
>>
>> -     if (kswapd)
>> +     if (kswapd) {
>>               kthread_stop(kswapd);
>> +             NODE_DATA(nid)->kswapd = NULL;
>> +     }
>>  }
>>
>>  static int __init kswapd_init(void)
>
> OK.
>
> This function is full of races (ones which we'll never hit ;)) unless
> the caller provides locking.  It appears that lock_memory_hotplug() is
> the locking, so I propose this addition:
>
> --- a/mm/vmscan.c~memory-hotplug-fix-invalid-memory-access-caused-by-stale-kswapd-pointer-fix
> +++ a/mm/vmscan.c
> @@ -2955,7 +2955,8 @@ int kswapd_run(int nid)
>  }
>
>  /*
> - * Called by memory hotplug when all memory in a node is offlined.
> + * Called by memory hotplug when all memory in a node is offlined.  Caller must
> + * hold lock_memory_hotplug().
>  */
>  void kswapd_stop(int nid)
>  {
> --- a/include/linux/mmzone.h~memory-hotplug-fix-invalid-memory-access-caused-by-stale-kswapd-pointer-fix
> +++ a/include/linux/mmzone.h
> @@ -693,7 +693,7 @@ typedef struct pglist_data {
>                                             range, including holes */
>        int node_id;
>        wait_queue_head_t kswapd_wait;
> -       struct task_struct *kswapd;
> +       struct task_struct *kswapd;     /* Protected by lock_memory_hotplug() */

                                                        except
"system_state == SYSTEM_BOOTING"?

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@xxxxxxxxx.  For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href
[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]