Re: [PATCH] mm/page_alloc: do bulk array bounds check after checking populated elements
From: Mel Gorman <hidden>
Date: 2021-06-28 11:53:53
Also in:
lkml
Subsystem:
memory management, memory management - page allocator, the rest · Maintainers:
Andrew Morton, Vlastimil Babka, Linus Torvalds
On Mon, Jun 28, 2021 at 12:27:59AM -0400, Dave Jones wrote:
On Fri, Jun 18, 2021 at 01:51:02PM +0100, Mel Gorman wrote:
> Dan Carpenter reported the following
>
> The patch 0f87d9d30f21: "mm/page_alloc: add an array-based interface
> to the bulk page allocator" from Apr 29, 2021, leads to the following
> static checker warning:
>
> mm/page_alloc.c:5338 __alloc_pages_bulk()
> warn: potentially one past the end of array 'page_array[nr_populated]'
>
> The problem can occur if an array is passed in that is fully populated. That
> potentially ends up allocating a single page and storing it past the end of
> the array. This patch returns 0 if the array is fully populated.
>
> Fixes: 0f87d9d30f21 ("mm/page_alloc: add an array-based interface to the bulk page allocator")
> Reported-by: Dan Carpenter [off-list ref]
> Signed-off-by: Mel Gorman [off-list ref]
> ---
> mm/page_alloc.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/mm/page_alloc.c b/mm/page_alloc.c
> index 7124bb00219d..ef2265f86b91 100644
> --- a/mm/page_alloc.c
> +++ b/mm/page_alloc.c
> @@ -5056,6 +5056,10 @@ unsigned long __alloc_pages_bulk(gfp_t gfp, int preferred_nid,
> while (page_array && nr_populated < nr_pages && page_array[nr_populated])
> nr_populated++;
>
> + /* Already populated array? */
> + if (unlikely(page_array && nr_pages - nr_populated == 0))
> + return 0;
> +
> /* Use the single page allocator for one page. */
> if (nr_pages - nr_populated == 1)
> goto failed;
This made it into 5.13 final, and completely breaks NFSD for me (Serving tcp v3 mounts).
Existing mounts on clients hang, as do new mounts from new clients.
Rebooting the server back to rc7 everything recovers. Bisect lands on
this commit.Thanks Dave, can you try this?
diff --git a/mm/page_alloc.c b/mm/page_alloc.c
index ef2265f86b91..04220581579c 100644
--- a/mm/page_alloc.c
+++ b/mm/page_alloc.c@@ -5058,7 +5058,7 @@ unsigned long __alloc_pages_bulk(gfp_t gfp, int preferred_nid, /* Already populated array? */ if (unlikely(page_array && nr_pages - nr_populated == 0)) - return 0; + return nr_populated; /* Use the single page allocator for one page. */ if (nr_pages - nr_populated == 1)