diff options
author | Miaohe Lin <linmiaohe@huawei.com> | 2022-08-18 21:00:11 +0800 |
---|---|---|
committer | Andrew Morton <akpm@linux-foundation.org> | 2022-09-11 20:25:57 -0700 |
commit | f36a5543a74883c21a59b8082b403a13c7654769 (patch) | |
tree | 810c5c8f4cf22151aaaa78c8ff131f384a96378b /mm/memory-failure.c | |
parent | b1d5488a252dc9c0d9574100d0b8d807bf154603 (diff) | |
download | linux-starfive-f36a5543a74883c21a59b8082b403a13c7654769.tar.gz linux-starfive-f36a5543a74883c21a59b8082b403a13c7654769.tar.bz2 linux-starfive-f36a5543a74883c21a59b8082b403a13c7654769.zip |
mm, hwpoison: fix page refcnt leaking in try_memory_failure_hugetlb()
Patch series "A few fixup patches for memory-failure", v2.
This series contains a few fixup patches to fix incorrect update of page
refcnt, fix possible use-after-free issue and so on. More details can be
found in the respective changelogs.
This patch (of 6):
When hwpoison_filter() refuses to hwpoison a hugetlb page, the refcnt of
the page would have been incremented if res == 1. Using put_page() to fix
the refcnt leaking in this case.
Link: https://lkml.kernel.org/r/20220823032346.4260-1-linmiaohe@huawei.com
Link: https://lkml.kernel.org/r/20220818130016.45313-1-linmiaohe@huawei.com
Link: https://lkml.kernel.org/r/20220818130016.45313-2-linmiaohe@huawei.com
Fixes: 405ce051236c ("mm/hwpoison: fix race between hugetlb free/demotion and memory_failure_hugetlb()")
Signed-off-by: Miaohe Lin <linmiaohe@huawei.com>
Acked-by: Naoya Horiguchi <naoya.horiguchi@nec.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Diffstat (limited to 'mm/memory-failure.c')
-rw-r--r-- | mm/memory-failure.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/mm/memory-failure.c b/mm/memory-failure.c index 0dfed9d7b273..3f98fa2ac6cf 100644 --- a/mm/memory-failure.c +++ b/mm/memory-failure.c @@ -1860,8 +1860,10 @@ retry: if (hwpoison_filter(p)) { hugetlb_clear_page_hwpoison(head); - res = -EOPNOTSUPP; - goto out; + unlock_page(head); + if (res == 1) + put_page(head); + return -EOPNOTSUPP; } /* |