On Thu, 2013-01-24 at 15:14 +0000, Christoph Lameter wrote: > On Wed, 23 Jan 2013, Simon Jeons wrote: > > > On Wed, 2013-01-23 at 21:45 +0000, Christoph Lameter wrote: > > > The variables accessed in slab_alloc are volatile and therefore > > > the page pointer passed to node_match can be NULL. The processing > > > of data in slab_alloc is tentative until either the cmpxhchg > > > succeeds or the __slab_alloc slowpath is invoked. Both are > > > able to perform the same allocation from the freelist. > > > > > > Check for the NULL pointer in node_match. > > > > > > A false positive will lead to a retry of the loop in __slab_alloc. > > > > Hi Christoph, > > > > Since page_to_nid(NULL) will trigger bug, then how can run into > > __slab_alloc? > > page = NULL > > -> > > node_match(NULL, xx) = 0 > > -> > > call into __slab_alloc. > > __slab_alloc() will check for !c->page which requires the assignment of a > new per cpu slab page. > But there are dereference in page_to_nid path, function page_to_section: return (page->flags >> SECTIONS_PGSHIFT) & SECTIONS_MASK; -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxx. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>