On Wed, 18 Jan 2017, Vlastimil Babka wrote: > Since commit be97a41b291e ("mm/mempolicy.c: merge alloc_hugepage_vma to > alloc_pages_vma") alloc_pages_vma() can potentially free a mempolicy by > mpol_cond_put() before accessing the embedded nodemask by > __alloc_pages_nodemask(). The commit log says it's so "we can use a single > exit path within the function" but that's clearly wrong. We can still do that > when doing mpol_cond_put() after the allocation attempt. > > Make sure the mempolicy is not freed prematurely, otherwise > __alloc_pages_nodemask() can end up using a bogus nodemask, which could lead > e.g. to premature OOM. > > Fixes: be97a41b291e ("mm/mempolicy.c: merge alloc_hugepage_vma to alloc_pages_vma") > Signed-off-by: Vlastimil Babka <vbabka@xxxxxxx> > Cc: stable@xxxxxxxxxxxxxxx > Cc: Aneesh Kumar K.V <aneesh.kumar@xxxxxxxxxxxxxxxxxx> > Cc: Kirill A. Shutemov <kirill.shutemov@xxxxxxxxxxxxxxx> > Cc: David Rientjes <rientjes@xxxxxxxxxx> > Cc: Andrea Arcangeli <aarcange@xxxxxxxxxx> Acked-by: David Rientjes <rientjes@xxxxxxxxxx> I think this deserves Cc: stable@xxxxxxxxxxxxxxx [4.0+] -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html