From patchwork Mon Nov 28 08:33:13 2011 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Michal Hocko X-Patchwork-Id: 127935 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id D7C31B6F81 for ; Mon, 28 Nov 2011 19:33:25 +1100 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752817Ab1K1IdU (ORCPT ); Mon, 28 Nov 2011 03:33:20 -0500 Received: from cantor2.suse.de ([195.135.220.15]:40359 "EHLO mx2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751070Ab1K1IdR (ORCPT ); Mon, 28 Nov 2011 03:33:17 -0500 Received: from relay2.suse.de (nat.nue.novell.com [195.135.221.2]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx2.suse.de (Postfix) with ESMTP id 55E378A908; Mon, 28 Nov 2011 09:33:16 +0100 (CET) Date: Mon, 28 Nov 2011 09:33:13 +0100 From: Michal Hocko To: stable@vger.kernel.org Cc: "Rafael J. Wysocki" , Andy Lutomirski , Linux Kernel Mailing List , Maciej Rutecki , Florian Mickler , Andrew Morton , Kernel Testers List , Network Development , Linux ACPI , Linux PM List , Linux SCSI List , Linux Wireless List , DRI , Linus Torvalds Subject: [PATCH] hugetlb: release pages in the error path of hugetlb_cow() (was: Re: 3.2-rc2+: Reported regressions from 3.0 and 3.1) Message-ID: <20111128083313.GA18337@tiehlicka.suse.cz> References: <201111212249.31196.rjw@sisk.pl> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org On Mon 21-11-11 14:18:29, Linus Torvalds wrote: > On Mon, Nov 21, 2011 at 1:49 PM, Rafael J. Wysocki wrote: > > > > Subject    : hugetlb oops on 3.1.0-rc8-devel > > Submitter  : Andy Lutomirski > > Date       : 2011-11-01 22:20 > > Message-ID : CALCETrW1mpVCz2tO5roaz1r6vnno+srHR-dHA6_pkRi2qiCfdw@mail.gmail.com > > References : http://marc.info/?l=linux-kernel&m=132018604426692&w=2 > > Despite the subject line, that's not an oops, it's a BUG_ON(). > > And it *should* be fixed by commit ea4039a34c4c ("hugetlb: release > pages in the error path of hugetlb_cow()") although I don't think Andy > ever confirmed that (since it was hard to trigger). AFAICS the issue has been introduced by 0fe6e20b (hugetlb, rmap: add reverse mapping for hugepage) in 2.6.36-rc1 so this is a stable material. I do not see the patch in any stable branch so here we go. The patch is on top of 3.0.y branch and it applies as is to 3.1.y as well. --- From fdaa4aaa008cce149a5fd60934112acd8988e0b6 Mon Sep 17 00:00:00 2001 From: Hillf Danton Date: Tue, 15 Nov 2011 14:36:12 -0800 Subject: [PATCH] hugetlb: release pages in the error path of hugetlb_cow() commit ea4039a34c4c206d015d34a49d0b00868e37db1d upstream. If we fail to prepare an anon_vma, the {new, old}_page should be released, or they will leak. Signed-off-by: Hillf Danton Reviewed-by: Andrea Arcangeli Cc: Hugh Dickins Cc: Johannes Weiner Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- mm/hugetlb.c | 2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) diff --git a/mm/hugetlb.c b/mm/hugetlb.c index bfcf153..2b57cd9 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -2415,6 +2415,8 @@ retry_avoidcopy: * anon_vma prepared. */ if (unlikely(anon_vma_prepare(vma))) { + page_cache_release(new_page); + page_cache_release(old_page); /* Caller expects lock to be held */ spin_lock(&mm->page_table_lock); return VM_FAULT_OOM;