When hwpoison_filter() refuses to hwpoison a hugetlb page, the refcnt of
the page would have been incremented if res == 1. Using put_page() to fix
the refcnt leaking in this case.
Fixes: 405ce051236c ("mm/hwpoison: fix race between hugetlb free/demotion and memory_failure_hugetlb()")
Signed-off-by: Miaohe Lin <[email protected]>
---
mm/memory-failure.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/mm/memory-failure.c b/mm/memory-failure.c
index e48f6f6a259d..22840cd5fe59 100644
--- a/mm/memory-failure.c
+++ b/mm/memory-failure.c
@@ -1860,8 +1860,10 @@ static int try_memory_failure_hugetlb(unsigned long pfn, int flags, int *hugetlb
if (hwpoison_filter(p)) {
hugetlb_clear_page_hwpoison(head);
- res = -EOPNOTSUPP;
- goto out;
+ unlock_page(head);
+ if (res == 1)
+ put_page(head);
+ return -EOPNOTSUPP;
}
/*
--
2.23.0
On Thu, Aug 18, 2022 at 09:00:11PM +0800, Miaohe Lin wrote:
> When hwpoison_filter() refuses to hwpoison a hugetlb page, the refcnt of
> the page would have been incremented if res == 1. Using put_page() to fix
> the refcnt leaking in this case.
>
> Fixes: 405ce051236c ("mm/hwpoison: fix race between hugetlb free/demotion and memory_failure_hugetlb()")
> Signed-off-by: Miaohe Lin <[email protected]>
Looks good to me, thank you.
Acked-by: Naoya Horiguchi <[email protected]>
> ---
> mm/memory-failure.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/mm/memory-failure.c b/mm/memory-failure.c
> index e48f6f6a259d..22840cd5fe59 100644
> --- a/mm/memory-failure.c
> +++ b/mm/memory-failure.c
> @@ -1860,8 +1860,10 @@ static int try_memory_failure_hugetlb(unsigned long pfn, int flags, int *hugetlb
>
> if (hwpoison_filter(p)) {
> hugetlb_clear_page_hwpoison(head);
> - res = -EOPNOTSUPP;
> - goto out;
> + unlock_page(head);
> + if (res == 1)
> + put_page(head);
> + return -EOPNOTSUPP;
> }
>
> /*
> --
> 2.23.0