linux

iv/linux

History

Miaohe Lin fdcd8b63ea mm/zsmalloc.c: close race window between zs_pool_dec_isolated() and zs_unregister_migration()

[ Upstream commit afe8605ca45424629fdddfd85984b442c763dc47 ]

There is one possible race window between zs_pool_dec_isolated() and
zs_unregister_migration() because wait_for_isolated_drain() checks the
isolated count without holding class->lock and there is no order inside
zs_pool_dec_isolated().  Thus the below race window could be possible:

  zs_pool_dec_isolated		zs_unregister_migration
    check pool->destroying != 0
				  pool->destroying = true;
				  smp_mb();
				  wait_for_isolated_drain()
				    wait for pool->isolated_pages == 0
    atomic_long_dec(&pool->isolated_pages);
    atomic_long_read(&pool->isolated_pages) == 0

Since we observe the pool->destroying (false) before atomic_long_dec()
for pool->isolated_pages, waking pool->migration_wait up is missed.

Fix this by ensure checking pool->destroying happens after the
atomic_long_dec(&pool->isolated_pages).

Link: https://lkml.kernel.org/r/20210708115027.7557-1-linmiaohe@huawei.com
Fixes: 701d678599d0 ("mm/zsmalloc.c: fix race condition in zs_destroy_pool")
Signed-off-by: Miaohe Lin <linmiaohe@huawei.com>
Cc: Minchan Kim <minchan@kernel.org>
Cc: Sergey Senozhatsky <senozhatsky@chromium.org>
Cc: Henry Burns <henryburns@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>

2021-11-26 11:48:39 +01:00

kasan

kasan: avoid -Wmaybe-uninitialized warning

2019-05-08 07:19:07 +02:00

backing-dev.c

memcg: fix a crash in wb_workfn when a device disappears

2021-02-23 13:59:15 +01:00

balloon_compaction.c

mm: balloon: use general non-lru movable page feature

2016-07-26 16:19:19 -07:00

bootmem.c

mm: kmemleak: avoid using __va() on addresses that don't have a lowmem mapping

2016-10-11 15:06:33 -07:00

cleancache.c

cleancache: constify cleancache_ops structure

2016-01-27 09:09:57 -05:00

cma_debug.c

mm/cma_debug.c: fix the break condition in cma_maxchunk_get()

2019-06-22 08:17:12 +02:00

cma.c

mm/cma.c: fail if fixed declaration can't be honored

2019-08-06 18:29:37 +02:00

cma.h

…

compaction.c

mm, compaction: fix NR_ISOLATED_* stats for pfn based migration

2017-01-12 11:39:32 +01:00

debug_page_ref.c

mm/page_ref: add tracepoint to track down page reference manipulation

2016-03-17 15:09:34 -07:00

debug.c

mm: get rid of vmacache_flush_all() entirely

2018-09-19 22:47:17 +02:00

dmapool.c

mm: convert printk(KERN_<LEVEL> to pr_<level>

2016-03-17 15:09:34 -07:00

early_ioremap.c

mm/early_ioremap: Fix boot hang with earlyprintk=efi,keep

2018-02-25 11:05:49 +01:00

fadvise.c

mm/fadvise.c: fix signed overflow UBSAN complaint

2018-09-15 09:42:57 +02:00

failslab.c

mm: fault-inject take over bootstrap kmem_cache check

2016-03-15 16:55:16 -07:00

filemap.c

mm/filemap.c: clear page error before actual read

2020-10-01 20:40:11 +02:00

frame_vector.c

mm/frame_vector.c: release a semaphore in 'get_vaddr_frames()'

2018-11-10 07:42:52 -08:00

frontswap.c

mm, frontswap: convert frontswap_enabled to static key

2016-07-26 16:19:19 -07:00

gup.c

gup: document and work around "COW can break either way" issue

2021-10-17 10:05:40 +02:00

highmem.c

mm/highmem: make nr_free_highpages() handles all highmem zones by itself

2016-05-19 19:12:14 -07:00

huge_memory.c

gup: document and work around "COW can break either way" issue

2021-10-17 10:05:40 +02:00

hugetlb_cgroup.c

mm: hugetlb: switch to css_tryget() in hugetlb_cgroup_charge_cgroup()

2019-11-25 09:51:58 +01:00

hugetlb.c

mm, futex: fix shared futex pgoff on shmem huge page

2021-07-11 12:46:40 +02:00

hwpoison-inject.c

…

init-mm.c

mm: Add a user_ns owner to mm_struct and fix ptrace permission checks

2017-01-06 10:40:13 +01:00

internal.h

vmscan: return NODE_RECLAIM_NOSCAN in node_reclaim() when CONFIG_NUMA is n

2019-12-05 15:35:02 +01:00

interval_tree.c

…

Kconfig

mm: don't allow deferred pages with NEED_PER_CPU_KM

2018-05-22 16:57:57 +02:00

Kconfig.debug

PM / Hibernate: allow hibernation with PAGE_POISONING_ZERO

2016-09-13 02:35:27 +02:00

khugepaged.c

khugepaged: fix wrong result value for trace_mm_collapse_huge_page_isolate()

2021-05-22 10:40:31 +02:00

kmemcheck.c

mm: convert printk(KERN_<LEVEL> to pr_<level>

2016-03-17 15:09:34 -07:00

kmemleak-test.c

mm: convert printk(KERN_<LEVEL> to pr_<level>

2016-03-17 15:09:34 -07:00

kmemleak.c

mm/kmemleak.c: make cond_resched() rate-limiting more efficient

2021-09-22 11:42:57 +02:00

ksm.c

ksm: fix potential missing rmap_item for stable_node

2021-05-22 10:40:31 +02:00

list_lru.c

mm/list_lru.c: fix memory leak in __memcg_init_list_lru_node

2019-06-22 08:17:18 +02:00

maccess.c

uaccess: Add non-pagefault user-space write function

2020-09-12 11:47:35 +02:00

madvise.c

mm: madvise(MADV_DODUMP): allow hugetlbfs pages

2018-10-10 08:53:20 +02:00

Makefile

Disable the __builtin_return_address() warning globally after all

2016-10-12 10:23:41 -07:00

memblock.c

memblock: do not start bottom-up allocations with kernel_end

2021-02-23 13:59:16 +01:00

memcontrol.c

mm: memcontrol: fix NULL pointer crash in test_clear_page_writeback()

2021-02-23 13:59:14 +01:00

memory_hotplug.c

mm: Avoid calling build_all_zonelists_init under hotplug context

2020-08-21 11:02:11 +02:00

memory-failure.c

mm: hwpoison: change PageHWPoison behavior on hugetlb pages

2021-06-30 08:49:13 -04:00

memory.c

mm: fix race by making init_zero_pfn() early_initcall

2021-04-07 12:05:40 +02:00

mempolicy.c

mm: mempolicy: fix potential pte_unmap_unlock pte error

2020-11-18 18:26:23 +01:00

mempool.c

Revert "mm, mempool: only set __GFP_NOMEMALLOC if there are free elements"

2016-07-28 16:07:41 -07:00

memtest.c

…

migrate.c

hugetlbfs: fix races and page leaks during migration

2019-03-13 14:04:54 -07:00

mincore.c

mm/mincore.c: make mincore() more conservative

2019-05-21 18:48:58 +02:00

mlock.c

mm/mlock.c: change count_mm_mlocked_page_nr return type

2019-07-10 09:55:43 +02:00

mm_init.c

mm: convert printk(KERN_<LEVEL> to pr_<level>

2016-03-17 15:09:34 -07:00

mmap.c

mm/mmap.c: initialize align_offset explicitly for vm_unmapped_area

2020-10-01 20:40:11 +02:00

mmu_context.c

mm/mmu_context, sched/core: Fix mmu_context.h assumption

2016-04-28 11:44:19 +02:00

mmu_notifier.c

mm/mmu_notifier: use hlist_add_head_rcu()

2019-08-04 09:33:42 +02:00

mmzone.c

mm, page_alloc: inline the fast path of the zonelist iterator

2016-05-19 19:12:14 -07:00

mprotect.c

x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings

2018-08-15 18:14:45 +02:00

mremap.c

mm: Fix mremap not considering huge pmd devmap

2020-06-11 09:22:20 +02:00

msync.c

mm/msync: use offset_in_page macro

2015-11-05 19:34:48 -08:00

nobootmem.c

mm: discard memblock data later

2017-08-24 17:12:19 -07:00

nommu.c

x86/mm: split vmalloc_sync_all()

2020-04-02 17:20:26 +02:00

oom_kill.c

oom, oom_reaper: do not enqueue same task twice

2019-02-12 19:45:02 +01:00

page_alloc.c

mm/page_alloc: speed up the iteration of max_order

2021-09-22 11:42:57 +02:00

page_counter.c

mm: page_counter: let page_counter_try_charge() return bool

2015-11-05 19:34:48 -08:00

page_ext.c

mm/page_ext.c: fix an imbalance with kmemleak

2019-04-05 22:29:06 +02:00

page_idle.c

mm/page_idle.c: fix oops because end_pfn is larger than max_pfn

2019-07-10 09:55:38 +02:00

page_io.c

swap: fix swapfile read/write offset

2021-03-07 11:25:59 +01:00

page_isolation.c

mm/page_isolation: fix typo: "paes" -> "pages"

2016-10-07 18:46:29 -07:00

page_owner.c

mm/page_owner: don't define fields on struct page_ext by hard-coding

2016-10-07 18:46:27 -07:00

page_poison.c

mm: check the return value of lookup_page_ext for all call sites

2016-06-03 15:06:22 -07:00

page-writeback.c

mm: memcontrol: fix NULL pointer crash in test_clear_page_writeback()

2021-02-23 13:59:14 +01:00

pagewalk.c

mm: pagewalk: fix termination condition in walk_pte_range()

2020-10-01 20:40:06 +02:00

percpu-km.c

mm: percpu: use pr_fmt to prefix output

2016-03-17 15:09:34 -07:00

percpu-vm.c

…

percpu.c

percpu: stop printing kernel addresses

2019-04-27 09:34:47 +02:00

pgtable-generic.c

mm/thp/migration: switch from flush_tlb_range to flush_pmd_tlb_range

2016-03-17 15:09:34 -07:00

process_vm_access.c

mm: remove write/force parameters from __get_user_pages_unlocked()

2016-10-18 14:13:37 -07:00

quicklist.c

fix Christoph's email addresses

2016-03-17 15:09:34 -07:00

readahead.c

mm: silently skip readahead for DAX inodes

2016-08-26 17:39:35 -07:00

rmap.c

mm: migration: fix migration of huge PMD shared pages

2018-11-21 09:26:03 +01:00

shmem.c

shmem: fix possible deadlocks on shmlock_user_lock

2020-05-20 08:15:33 +02:00

slab_common.c

mm/slab: use memzero_explicit() in kzfree()

2020-06-30 15:38:44 -04:00

slab.c

mm/slab.c: fix an infinite loop in leaks_show()

2019-06-22 08:17:13 +02:00

slab.h

slub: move synchronize_sched out of slab_mutex on shrink

2017-03-22 12:43:38 +01:00

slob.c

slub: move synchronize_sched out of slab_mutex on shrink

2017-03-22 12:43:38 +01:00

slub.c

Revert "mm, slub: consider rest of partial list if acquire_slab() fails"

2021-03-17 16:10:14 +01:00

sparse-vmemmap.c

treewide: replace obsolete _refok by __ref

2016-08-02 17:31:41 -04:00

sparse.c

mm/memory_hotplug: set magic number to page->freelist instead of page->lru.next

2017-10-21 17:21:36 +02:00

swap_cgroup.c

mm, swap_cgroup: reschedule when neeed in swap_cgroup_swapoff()

2017-07-05 14:40:17 +02:00

swap_state.c

mm: fix swap cache node allocation mask

2020-07-09 09:35:54 +02:00

swap.c

thp: reduce usage of huge zero page's atomic counter

2016-10-07 18:46:28 -07:00

swapfile.c

swap: fix swapfile read/write offset

2021-03-07 11:25:59 +01:00

truncate.c

mm: cleancache: fix corruption on missed inode invalidation

2018-12-08 13:05:09 +01:00

usercopy.c

usercopy: Avoid HIGHMEM pfn warning

2019-10-17 13:42:06 -07:00

userfaultfd.c

mm, fs: get rid of PAGE_CACHE_* and page_cache_{get,release} macros

2016-04-04 10:41:08 -07:00

util.c

mm: page_mapped: don't assume compound page is huge or THP

2019-01-16 22:12:32 +01:00

vmacache.c

mm: get rid of vmacache_flush_all() entirely

2018-09-19 22:47:17 +02:00

vmalloc.c

mm/vmalloc.c: don't dereference possible NULL pointer in __vunmap()

2020-06-03 08:16:47 +02:00

vmpressure.c

mm: vmpressure: fix sending wrong events on underflow

2017-03-12 06:41:43 +01:00

vmscan.c

mm: remove seemingly spurious reclaimability check from laptop_mode gating

2018-09-19 22:47:12 +02:00

vmstat.c

mm, vmstat: drop zone->lock in /proc/pagetypeinfo

2021-06-03 08:23:27 +02:00

workingset.c

mm: workingset: fix premature shadow node shrinking with cgroups

2017-04-08 09:30:36 +02:00

z3fold.c

mm/z3fold.c: avoid modifying HEADLESS page and minor cleanup

2016-06-03 16:02:55 -07:00

zbud.c

mm/zbud.c: use list_last_entry() instead of list_tail_entry()

2016-01-15 11:40:52 -08:00

zpool.c

mm: zsmalloc: constify struct zs_pool name

2015-11-06 17:50:42 -08:00

zsmalloc.c

mm/zsmalloc.c: close race window between zs_pool_dec_isolated() and zs_unregister_migration()

2021-11-26 11:48:39 +01:00

zswap.c

zswap: re-check zswap_is_full() after do zswap_shrink()

2018-09-05 09:20:02 +02:00