Received: by 2002:a05:6a10:f3d0:0:0:0:0 with SMTP id a16csp3184193pxv; Sun, 27 Jun 2021 21:48:19 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxCziNAydAUWQZCtJ5Whq58IaFgV58Cq1nrJ8rBTVXqJg3PVJtZLApb6f2uvD5YEH2cz1/F X-Received: by 2002:a50:fd0d:: with SMTP id i13mr30301844eds.123.1624855699725; Sun, 27 Jun 2021 21:48:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1624855699; cv=none; d=google.com; s=arc-20160816; b=Wzw+HIr1CstNsyDuiVB2hTHQZ4f6fSC3pg+9iuI7yaNZn2aeldUF3uM9NIFg4DIRiV OMbpZz5EId4gYQ85hE9IxFlHwWZoS8J7xGjllz1ZStVUsI99B5yp3XFKsk+0gJtyArTX nQ0jSbERsRfPJkj7OkTFQ1ogDV+a7EWc1hm9iMDIWA57/oZ5aInhlAIEZ3CBOMsXmmhk GUUqfzsVSQSp8mpRMa9scueRq7HpwQl+S1nF0fItHRVyli6vCkVBw/bbanVrnY0tDrRH daKUdxNqx+cAgUjIA8Wv/UyvOumC+uBZIqibPfeCxxbW0uDWKRgQPTa3C5k2zTIsMCXV M28w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-disposition :mime-version:references:mail-followup-to:message-id:subject:cc:to :from:date; bh=FWgrvsV7noio8Sksy2oh9MRpv+R2fKk2u0ZZmhjTRno=; b=iO/3UtX/hU2+AmFCRxToZ5jTuc4atMTll7Wy++cFhVyM9cEMDguqSkMlhYpmFFS2qq syjE5U5LHG8a1/SeDaCnaa7kvG5GKKIqI3YWH8SaTuUQG3A+0+WlkTS16l9rYrxGJlTA GbSQghczFnDg3+NS9T76W2ypK7KT1nFFmOIyEp2gy+L9r1DkaMdTbe4vExZE5oXKsFpk QUL8QuaNbPrhQXI63jE7nkjgpZDDr3mgFPwRc1QPx1ft4Ed7VS1ackNPrMfD10NdtgVi gKQqC9UODY3SLd2sxNrsW2Djzc61wzmIchMm4Kf7PIb1kaukZCK5XzIyYEcIQhnsU5ei FQZw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id jg13si4338345ejc.716.2021.06.27.21.47.56; Sun, 27 Jun 2021 21:48:19 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232108AbhF1ErX (ORCPT + 99 others); Mon, 28 Jun 2021 00:47:23 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47158 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229778AbhF1ErX (ORCPT ); Mon, 28 Jun 2021 00:47:23 -0400 X-Greylist: delayed 1012 seconds by postgrey-1.37 at lindbergh.monkeyblade.net; Sun, 27 Jun 2021 21:44:58 PDT Received: from scorn.kernelslacker.org (scorn.kernelslacker.org [IPv6:2600:3c03:e000:2fb::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 32D9AC061574 for ; Sun, 27 Jun 2021 21:44:58 -0700 (PDT) Received: from [2601:196:4600:6634:ae9e:17ff:feb7:72ca] (helo=wopr.kernelslacker.org) by scorn.kernelslacker.org with esmtp (Exim 4.92) (envelope-from ) id 1lxisJ-0003gK-S0; Mon, 28 Jun 2021 00:27:59 -0400 Received: by wopr.kernelslacker.org (Postfix, from userid 1026) id 72A26560148; Mon, 28 Jun 2021 00:27:59 -0400 (EDT) Date: Mon, 28 Jun 2021 00:27:59 -0400 From: Dave Jones To: Mel Gorman Cc: Andrew Morton , Dan Carpenter , Jesper Dangaard Brouer , Vlastimil Babka , Linux-MM , LKML , Linus Torvalds Subject: Re: [PATCH] mm/page_alloc: do bulk array bounds check after checking populated elements Message-ID: <20210628042759.GA19686@codemonkey.org.uk> Mail-Followup-To: Dave Jones , Mel Gorman , Andrew Morton , Dan Carpenter , Jesper Dangaard Brouer , Vlastimil Babka , Linux-MM , LKML , Linus Torvalds References: <20210618125102.GU30378@techsingularity.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20210618125102.GU30378@techsingularity.net> User-Agent: Mutt/1.10.1 (2018-07-13) X-Spam-Note: SpamAssassin invocation failed Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Jun 18, 2021 at 01:51:02PM +0100, Mel Gorman wrote: > Dan Carpenter reported the following > > The patch 0f87d9d30f21: "mm/page_alloc: add an array-based interface > to the bulk page allocator" from Apr 29, 2021, leads to the following > static checker warning: > > mm/page_alloc.c:5338 __alloc_pages_bulk() > warn: potentially one past the end of array 'page_array[nr_populated]' > > The problem can occur if an array is passed in that is fully populated. That > potentially ends up allocating a single page and storing it past the end of > the array. This patch returns 0 if the array is fully populated. > > Fixes: 0f87d9d30f21 ("mm/page_alloc: add an array-based interface to the bulk page allocator") > Reported-by: Dan Carpenter > Signed-off-by: Mel Gorman > --- > mm/page_alloc.c | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/mm/page_alloc.c b/mm/page_alloc.c > index 7124bb00219d..ef2265f86b91 100644 > --- a/mm/page_alloc.c > +++ b/mm/page_alloc.c > @@ -5056,6 +5056,10 @@ unsigned long __alloc_pages_bulk(gfp_t gfp, int preferred_nid, > while (page_array && nr_populated < nr_pages && page_array[nr_populated]) > nr_populated++; > > + /* Already populated array? */ > + if (unlikely(page_array && nr_pages - nr_populated == 0)) > + return 0; > + > /* Use the single page allocator for one page. */ > if (nr_pages - nr_populated == 1) > goto failed; This made it into 5.13 final, and completely breaks NFSD for me (Serving tcp v3 mounts). Existing mounts on clients hang, as do new mounts from new clients. Rebooting the server back to rc7 everything recovers. Bisect lands on this commit. $ git bisect start # good: [13311e74253fe64329390df80bed3f07314ddd61] Linux 5.13-rc7 git bisect good 13311e74253fe64329390df80bed3f07314ddd61 # bad: [b665c68f11192e7b31e9b793f31c78d80558da07] restart watchdog if oopsing git bisect bad b665c68f11192e7b31e9b793f31c78d80558da07 # good: [b960e0147451915b5d4cd208b7abd3b07ceaf1a2] Merge tag 'for-linus-5.13b-rc8-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip git bisect good b960e0147451915b5d4cd208b7abd3b07ceaf1a2 # bad: [7ce32ac6fb2fc73584b567c73ae0c47528954ec6] Merge branch 'akpm' (patches from Andrew) git bisect bad 7ce32ac6fb2fc73584b567c73ae0c47528954ec6 # good: [5fa54346caf67b4b1b10b1f390316ae466da4d53] kthread: prevent deadlock when kthread_mod_delayed_work() races with kthread_cancel_delayed_work_sync() git bisect good 5fa54346caf67b4b1b10b1f390316ae466da4d53 # bad: [72a461adbe88acf6a8cc5dba7720cf94d7056154] mailmap: add Marek's other e-mail address and identity without diacritics git bisect bad 72a461adbe88acf6a8cc5dba7720cf94d7056154 # good: [ea6d0630100b285f059d0a8d8e86f38a46407536] mm/hwpoison: do not lock page again when me_huge_page() successfully recovers git bisect good ea6d0630100b285f059d0a8d8e86f38a46407536 # bad: [b3b64ebd38225d8032b5db42938d969b602040c2] mm/page_alloc: do bulk array bounds check after checking populated elements git bisect bad b3b64ebd38225d8032b5db42938d969b602040c2 # good: [b08e50dd64489e3997029d204f761cb57a3762d2] mm/page_alloc: __alloc_pages_bulk(): do bounds check before accessing array git bisect good b08e50dd64489e3997029d204f761cb57a3762d2 Dave