From nobody Mon Apr 6 11:23:55 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 18BD6C38145 for ; Thu, 8 Sep 2022 04:12:42 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229546AbiIHEMk (ORCPT ); Thu, 8 Sep 2022 00:12:40 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41846 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229437AbiIHEMi (ORCPT ); Thu, 8 Sep 2022 00:12:38 -0400 Received: from out0.migadu.com (out0.migadu.com [IPv6:2001:41d0:2:267::]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1582952085 for ; Wed, 7 Sep 2022 21:12:36 -0700 (PDT) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1662610354; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=zwoG+2A1DN6DhncHURTf/vjvqKNs3W4Fx+gG9cqxMPk=; b=A7GwQ/Ajj9bHP0svWliAGuGUePBOMb64r707Tp5vlSTdrsJmZTgQPuScjqWudkJLh4qqWa 17h/ZbQmIyWrdOnnSKEanHP3cz04vi8Y/2JWEvBn7DrJsh+phenHD6h+SzGvaEh18t94iR 8NtWpBUq5P4esfn8vgvaHzPmZMUxzls= From: Naoya Horiguchi To: linux-mm@kvack.org Cc: Andrew Morton , David Hildenbrand , Muchun Song , Miaohe Lin , Matthew Wilcox , Michal Hocko , Yang Shi , Naoya Horiguchi , linux-kernel@vger.kernel.org Subject: [PATCH v2] mm/huge_memory: use pfn_to_online_page() in split_huge_pages_all() Date: Thu, 8 Sep 2022 13:11:50 +0900 Message-Id: <20220908041150.3430269-1-naoya.horiguchi@linux.dev> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Migadu-Flow: FLOW_OUT X-Migadu-Auth-User: linux.dev Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Naoya Horiguchi NULL pointer dereference is triggered when calling thp split via debugfs on the system with offlined memory blocks. With debug option enabled, the following kernel messages are printed out: page:00000000467f4890 refcount:1 mapcount:0 mapping:0000000000000000 inde= x:0x0 pfn:0x121c000 flags: 0x17fffc00000000(node=3D0|zone=3D2|lastcpupid=3D0x1ffff) raw: 0017fffc00000000 0000000000000000 dead000000000122 0000000000000000 raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 page dumped because: unmovable page page:000000007d7ab72e is uninitialized and poisoned page dumped because: VM_BUG_ON_PAGE(PagePoisoned(p)) ------------[ cut here ]------------ kernel BUG at include/linux/mm.h:1248! invalid opcode: 0000 [#1] PREEMPT SMP PTI CPU: 16 PID: 20964 Comm: bash Tainted: G I 6.0.0-rc3-foll= -numa+ #41 ... RIP: 0010:split_huge_pages_write+0xcf4/0xe30 This shows that page_to_nid() in page_zone() is unexpectedly called for an offlined memmap. Use pfn_to_online_page() to get struct page in PFN walker. Fixes: 49071d436b51 ("thp: add debugfs handle to split all huge pages") Signed-off-by: Naoya Horiguchi Co-developed-by: David Hildenbrand Signed-off-by: David Hildenbrand Reviewed-by: Yang Shi Acked-by: Michal Hocko Reviewed-by: Miaohe Lin Reviewed-by: Oscar Salvador Cc: # 5.10+ Acked-by: Kirill A. Shutemov --- mm/huge_memory.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/mm/huge_memory.c b/mm/huge_memory.c index 5fa2ba86dae4..730eb6d6836b 100644 --- a/mm/huge_memory.c +++ b/mm/huge_memory.c @@ -2894,11 +2894,9 @@ static void split_huge_pages_all(void) max_zone_pfn =3D zone_end_pfn(zone); for (pfn =3D zone->zone_start_pfn; pfn < max_zone_pfn; pfn++) { int nr_pages; - if (!pfn_valid(pfn)) - continue; =20 - page =3D pfn_to_page(pfn); - if (!get_page_unless_zero(page)) + page =3D pfn_to_online_page(pfn); + if (!page || !get_page_unless_zero(page)) continue; =20 if (zone !=3D page_zone(page)) --=20 2.25.1