This is a note to let you know that I've just added the patch titled
percpu: fix pcpu_alloc_pages() failure path
to the 3.16-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
percpu-fix-pcpu_alloc_pages-failure-path.patch
and it can be found in the queue-3.16 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From f0d279654dea22b7a6ad34b9334aee80cda62cde Mon Sep 17 00:00:00 2001
From: Tejun Heo <tj@xxxxxxxxxx>
Date: Fri, 15 Aug 2014 16:06:06 -0400
Subject: percpu: fix pcpu_alloc_pages() failure path
From: Tejun Heo <tj@xxxxxxxxxx>
commit f0d279654dea22b7a6ad34b9334aee80cda62cde upstream.
When pcpu_alloc_pages() fails midway, pcpu_free_pages() is invoked to
free what has already been allocated. The invocation is across the
whole requested range and pcpu_free_pages() will try to free all
non-NULL pages; unfortunately, this is incorrect as
pcpu_get_pages_and_bitmap(), unlike what its comment suggests, doesn't
clear the pages array and thus the array may have entries from the
previous invocations making the partial failure path free incorrect
pages.
Fix it by open-coding the partial freeing of the already allocated
pages.
Signed-off-by: Tejun Heo <tj@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
mm/percpu-vm.c | 21 +++++++++++++++------
1 file changed, 15 insertions(+), 6 deletions(-)
--- a/mm/percpu-vm.c
+++ b/mm/percpu-vm.c
@@ -108,7 +108,7 @@ static int pcpu_alloc_pages(struct pcpu_
int page_start, int page_end)
{
const gfp_t gfp = GFP_KERNEL | __GFP_HIGHMEM | __GFP_COLD;
- unsigned int cpu;
+ unsigned int cpu, tcpu;
int i;
for_each_possible_cpu(cpu) {
@@ -116,14 +116,23 @@ static int pcpu_alloc_pages(struct pcpu_
struct page **pagep = &pages[pcpu_page_idx(cpu, i)];
*pagep = alloc_pages_node(cpu_to_node(cpu), gfp, 0);
- if (!*pagep) {
- pcpu_free_pages(chunk, pages, populated,
- page_start, page_end);
- return -ENOMEM;
- }
+ if (!*pagep)
+ goto err;
}
}
return 0;
+
+err:
+ while (--i >= page_start)
+ __free_page(pages[pcpu_page_idx(cpu, i)]);
+
+ for_each_possible_cpu(tcpu) {
+ if (tcpu == cpu)
+ break;
+ for (i = page_start; i < page_end; i++)
+ __free_page(pages[pcpu_page_idx(tcpu, i)]);
+ }
+ return -ENOMEM;
}
/**
Patches currently in stable-queue which might be from tj@xxxxxxxxxx are
queue-3.16/cgroup-check-cgroup-liveliness-before-unbreaking-kernfs.patch
queue-3.16/ahci-add-device-ids-for-intel-9-series-pch.patch
queue-3.16/libata-widen-crucial-m550-blacklist-matching.patch
queue-3.16/cgroup-fix-unbalanced-locking.patch
queue-3.16/percpu-perform-tlb-flush-after-pcpu_map_pages-failure.patch
queue-3.16/percpu-free-percpu-allocation-info-for-uniprocessor-system.patch
queue-3.16/cgroup-reject-cgroup-names-with-n.patch
queue-3.16/cgroup-delay-the-clearing-of-cgrp-kn-priv.patch
queue-3.16/ahci-add-pcid-for-marvel-0x9182-controller.patch
queue-3.16/pata_scc-propagate-return-value-of-scc_wait_after_reset.patch
queue-3.16/percpu-fix-pcpu_alloc_pages-failure-path.patch
queue-3.16/workqueue-apply-__wq_ordered-to-create_singlethread_workqueue.patch
queue-3.16/ata_piix-add-device-ids-for-intel-9-series-pch.patch
queue-3.16/cfq-iosched-fix-wrong-children_weight-calculation.patch
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html