On Fri, 31 Jul 2015, Naoya Horiguchi wrote:
> In "just unpoisoned" path, we do put_page and then unlock_page, which is a
> wrong order and causes "freeing locked page" bug. So let's fix it.
>
> Signed-off-by: Naoya Horiguchi <n-horiguchi@xxxxxxxxxxxxx>
> ---
> mm/memory-failure.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git v4.2-rc4.orig/mm/memory-failure.c v4.2-rc4/mm/memory-failure.c
> index c53543d89282..04d677048af7 100644
> --- v4.2-rc4.orig/mm/memory-failure.c
> +++ v4.2-rc4/mm/memory-failure.c
> @@ -1209,9 +1209,9 @@ int memory_failure(unsigned long pfn, int trapno, int flags)
> if (!PageHWPoison(p)) {
> printk(KERN_ERR "MCE %#lx: just unpoisoned\n", pfn);
> atomic_long_sub(nr_pages, &num_poisoned_pages);
> + unlock_page(hpage);
> put_page(hpage);
> - res = 0;
> - goto out;
> + return 0;
> }
> if (hwpoison_filter(p)) {
> if (TestClearPageHWPoison(p))
Looks like you could do the unlock_page() before either the printk or
atomic_long_sub(), but probably not important.
Acked-by: David Rientjes <rientjes@xxxxxxxxxx>
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@xxxxxxxxx. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>