Received: by 2002:a05:6a10:f3d0:0:0:0:0 with SMTP id a16csp3447869pxv; Mon, 28 Jun 2021 04:54:38 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyOdK8t5G/FLNc4Ejwt6JISrU6H+T5eQaj3hNdAuc5MZcVnpQerTu0dD8HczQ/f61SkKtmz X-Received: by 2002:a5d:914f:: with SMTP id y15mr20955508ioq.196.1624881277883; Mon, 28 Jun 2021 04:54:37 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1624881277; cv=none; d=google.com; s=arc-20160816; b=wMDiVGbkoSWOhMpWBVBlXhYPJiwxiboSgaHhPA63EgmRas8c3ldy4wd8FuaZsUlApV Iy4o0G8gbyek54eGR8MrzkBh132xUhUNLcHnnQEgc2z/HFWiViddfop0WgTJMB4fQ0pa Gj/9JfLIdfUlWnLV8ubliptslsdBkbKN79gMrtPabxJ8yMN3TK3cpOF17SwafKhW0ZIq TAcY8fXoLunV3hk8QPm5XiII/98fJTjgETmHBwT560j0z1zs+pRpT/MhBOye5UoxwDgr tbm9z/BHeprX29fnSAB0t2F9rJmD43dMpvehPvrtyuL2RJ0AmqzNVbfdWyXoBA+vNF4t 7Utw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-disposition :mime-version:references:message-id:subject:to:from:date; bh=NAIxJH1RWWiqWiwfaiDUCPcQ0tPnLizlfJsIpBZrl/U=; b=E2X9N5OKxes8H+d/2EdbGkOOYQov7ruZ9MEl5uA4oIIF6lVjAAmgoft79r2nGEbtGE f8AAsHNMaBebEeLq2ITEpN5GsqmfjxSSGzYPSAuqZjj1sfizMrTe7reMU/WwevzzEofQ dRdXnp8C3UdxmkIpZk1Lbpejt2TKdinBm97TAxaSOJLEcmsW0vFitJ1GUhAcgRyo+mMR Z0+N5dG/vIWwZ6nZo8rO12tbbsGKNDDSE8al2St/9LLhyLn4I0Z329/PTSVCqlPuVk7o fNfGh0/0Zv/c99FhXAXquztX+rhDKNMMNF1ufSr9kk0FMtdK7uLBgZKP9rlC8Y3X9yBA ZnTA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id a3si8779226ilr.11.2021.06.28.04.54.25; Mon, 28 Jun 2021 04:54:37 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232807AbhF1L4P (ORCPT + 99 others); Mon, 28 Jun 2021 07:56:15 -0400 Received: from outbound-smtp33.blacknight.com ([81.17.249.66]:49323 "EHLO outbound-smtp33.blacknight.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232524AbhF1L4O (ORCPT ); Mon, 28 Jun 2021 07:56:14 -0400 Received: from mail.blacknight.com (pemlinmail03.blacknight.ie [81.17.254.16]) by outbound-smtp33.blacknight.com (Postfix) with ESMTPS id EC6F516C018 for ; Mon, 28 Jun 2021 12:53:47 +0100 (IST) Received: (qmail 18831 invoked from network); 28 Jun 2021 11:53:47 -0000 Received: from unknown (HELO techsingularity.net) (mgorman@techsingularity.net@[84.203.17.255]) by 81.17.254.9 with ESMTPSA (AES256-SHA encrypted, authenticated); 28 Jun 2021 11:53:47 -0000 Date: Mon, 28 Jun 2021 12:53:23 +0100 From: Mel Gorman To: Dave Jones , Andrew Morton , Dan Carpenter , Jesper Dangaard Brouer , Vlastimil Babka , Linux-MM , LKML , Linus Torvalds Subject: Re: [PATCH] mm/page_alloc: do bulk array bounds check after checking populated elements Message-ID: <20210628115322.GA3840@techsingularity.net> References: <20210618125102.GU30378@techsingularity.net> <20210628042759.GA19686@codemonkey.org.uk> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-15 Content-Disposition: inline In-Reply-To: <20210628042759.GA19686@codemonkey.org.uk> User-Agent: Mutt/1.10.1 (2018-07-13) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Jun 28, 2021 at 12:27:59AM -0400, Dave Jones wrote: > On Fri, Jun 18, 2021 at 01:51:02PM +0100, Mel Gorman wrote: > > Dan Carpenter reported the following > > > > The patch 0f87d9d30f21: "mm/page_alloc: add an array-based interface > > to the bulk page allocator" from Apr 29, 2021, leads to the following > > static checker warning: > > > > mm/page_alloc.c:5338 __alloc_pages_bulk() > > warn: potentially one past the end of array 'page_array[nr_populated]' > > > > The problem can occur if an array is passed in that is fully populated. That > > potentially ends up allocating a single page and storing it past the end of > > the array. This patch returns 0 if the array is fully populated. > > > > Fixes: 0f87d9d30f21 ("mm/page_alloc: add an array-based interface to the bulk page allocator") > > Reported-by: Dan Carpenter > > Signed-off-by: Mel Gorman > > --- > > mm/page_alloc.c | 4 ++++ > > 1 file changed, 4 insertions(+) > > > > diff --git a/mm/page_alloc.c b/mm/page_alloc.c > > index 7124bb00219d..ef2265f86b91 100644 > > --- a/mm/page_alloc.c > > +++ b/mm/page_alloc.c > > @@ -5056,6 +5056,10 @@ unsigned long __alloc_pages_bulk(gfp_t gfp, int preferred_nid, > > while (page_array && nr_populated < nr_pages && page_array[nr_populated]) > > nr_populated++; > > > > + /* Already populated array? */ > > + if (unlikely(page_array && nr_pages - nr_populated == 0)) > > + return 0; > > + > > /* Use the single page allocator for one page. */ > > if (nr_pages - nr_populated == 1) > > goto failed; > > > This made it into 5.13 final, and completely breaks NFSD for me (Serving tcp v3 mounts). > Existing mounts on clients hang, as do new mounts from new clients. > Rebooting the server back to rc7 everything recovers. Bisect lands on > this commit. > Thanks Dave, can you try this? diff --git a/mm/page_alloc.c b/mm/page_alloc.c index ef2265f86b91..04220581579c 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c @@ -5058,7 +5058,7 @@ unsigned long __alloc_pages_bulk(gfp_t gfp, int preferred_nid, /* Already populated array? */ if (unlikely(page_array && nr_pages - nr_populated == 0)) - return 0; + return nr_populated; /* Use the single page allocator for one page. */ if (nr_pages - nr_populated == 1)