1. Patchew
  2. linux
  3. View series

[PATCH] mm/vmalloc: Do not trigger BUG() on BH disabled context

Uladzislau Rezki (Sony) posted 1 patch 1 week, 2 days ago 
mm/vmalloc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
[PATCH] mm/vmalloc: Do not trigger BUG() on BH disabled context
Posted by Uladzislau Rezki (Sony) 1 week, 2 days ago 
__get_vm_area_node() currently triggers a BUG() if in_interrupt()
returns true. However, in_interrupt() also reports true when BH
are disabled.

The bridge code can call rhashtable_lookup_insert_fast() with
bottom halves disabled:

__vlan_add()
 -> br_fdb_add_local()
  spin_lock_bh(&br->hash_lock); <-- Disable BH
   -> fdb_add_local()
    -> fdb_create()
     -> rhashtable_lookup_insert_fast()
      -> kvmalloc()
       -> vmalloc()
        -> __get_vm_area_node()
         -> BUG_ON(in_interrupt())
  spin_unlock_bh(&br->hash_lock)

this triggers the BUG() despite the caller not being in NMI or
hard IRQ context.

Replace the in_interrupt() check with in_nmi() || in_hardirq().

Cc: Ido Schimmel <idosch@nvidia.com>
Fixes: c6307674ed82 ("mm: kvmalloc: add non-blocking support for vmalloc")
Reported-by: syzbot+8b12fc6e0fb139765b58@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/all/69ff8c7c.050a0220.1036b8.000b.GAE@google.com/
Signed-off-by: Uladzislau Rezki (Sony) <urezki@gmail.com>
---
 mm/vmalloc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mm/vmalloc.c b/mm/vmalloc.c
index 676851d5cfe7..273bbe49eaef 100644
--- a/mm/vmalloc.c
+++ b/mm/vmalloc.c
@@ -3209,7 +3209,7 @@ struct vm_struct *__get_vm_area_node(unsigned long size,
 	struct vm_struct *area;
 	unsigned long requested_size = size;
 
-	BUG_ON(in_interrupt());
+	BUG_ON(in_nmi() || in_hardirq());
 	size = ALIGN(size, 1ul << shift);
 	if (unlikely(!size))
 		return NULL;
-- 
2.47.3
Re: [PATCH] mm/vmalloc: Do not trigger BUG() on BH disabled context
Posted by Baoquan He 6 days, 5 hours ago 
On 05/15/26 at 05:30pm, Uladzislau Rezki (Sony) wrote:
> __get_vm_area_node() currently triggers a BUG() if in_interrupt()
> returns true. However, in_interrupt() also reports true when BH
> are disabled.
> 
> The bridge code can call rhashtable_lookup_insert_fast() with
> bottom halves disabled:
> 
> __vlan_add()
>  -> br_fdb_add_local()
>   spin_lock_bh(&br->hash_lock); <-- Disable BH
>    -> fdb_add_local()
>     -> fdb_create()
>      -> rhashtable_lookup_insert_fast()
>       -> kvmalloc()
>        -> vmalloc()
>         -> __get_vm_area_node()
>          -> BUG_ON(in_interrupt())
>   spin_unlock_bh(&br->hash_lock)
> 
> this triggers the BUG() despite the caller not being in NMI or
> hard IRQ context.

Because the current vmalloc supports non-blocking allocation, so we
need to skip disabled BH or in_serving_softirq() cases to avoid unwanted
BUG(). This change looks great to me, not sure if I undersand it
correctly.

Reviewed-by: Baoquan He <baoquan.he@linux.dev>

Thanks
Baoquan

> 
> Replace the in_interrupt() check with in_nmi() || in_hardirq().
> 
> Cc: Ido Schimmel <idosch@nvidia.com>
> Fixes: c6307674ed82 ("mm: kvmalloc: add non-blocking support for vmalloc")
> Reported-by: syzbot+8b12fc6e0fb139765b58@syzkaller.appspotmail.com
> Closes: https://lore.kernel.org/all/69ff8c7c.050a0220.1036b8.000b.GAE@google.com/
> Signed-off-by: Uladzislau Rezki (Sony) <urezki@gmail.com>
> ---
>  mm/vmalloc.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/mm/vmalloc.c b/mm/vmalloc.c
> index 676851d5cfe7..273bbe49eaef 100644
> --- a/mm/vmalloc.c
> +++ b/mm/vmalloc.c
> @@ -3209,7 +3209,7 @@ struct vm_struct *__get_vm_area_node(unsigned long size,
>  	struct vm_struct *area;
>  	unsigned long requested_size = size;
>  
> -	BUG_ON(in_interrupt());
> +	BUG_ON(in_nmi() || in_hardirq());
>  	size = ALIGN(size, 1ul << shift);
>  	if (unlikely(!size))
>  		return NULL;
> -- 
> 2.47.3
>
Re: [PATCH] mm/vmalloc: Do not trigger BUG() on BH disabled context
Posted by Uladzislau Rezki 5 days, 15 hours ago 
On Tue, May 19, 2026 at 09:40:19AM +0800, Baoquan He wrote:
> On 05/15/26 at 05:30pm, Uladzislau Rezki (Sony) wrote:
> > __get_vm_area_node() currently triggers a BUG() if in_interrupt()
> > returns true. However, in_interrupt() also reports true when BH
> > are disabled.
> > 
> > The bridge code can call rhashtable_lookup_insert_fast() with
> > bottom halves disabled:
> > 
> > __vlan_add()
> >  -> br_fdb_add_local()
> >   spin_lock_bh(&br->hash_lock); <-- Disable BH
> >    -> fdb_add_local()
> >     -> fdb_create()
> >      -> rhashtable_lookup_insert_fast()
> >       -> kvmalloc()
> >        -> vmalloc()
> >         -> __get_vm_area_node()
> >          -> BUG_ON(in_interrupt())
> >   spin_unlock_bh(&br->hash_lock)
> > 
> > this triggers the BUG() despite the caller not being in NMI or
> > hard IRQ context.
> 
> Because the current vmalloc supports non-blocking allocation, so we
> need to skip disabled BH or in_serving_softirq() cases to avoid unwanted
> BUG(). This change looks great to me, not sure if I undersand it
> correctly.
> 
> Reviewed-by: Baoquan He <baoquan.he@linux.dev>
> 
Thank you!

--
Uladzislau Rezki
Re: [PATCH] mm/vmalloc: Do not trigger BUG() on BH disabled context
Posted by Andrew Morton 6 days, 8 hours ago 
On Fri, 15 May 2026 17:30:09 +0200 "Uladzislau Rezki (Sony)" <urezki@gmail.com> wrote:

> __get_vm_area_node() currently triggers a BUG() if in_interrupt()
> returns true. However, in_interrupt() also reports true when BH
> are disabled.
> 
> The bridge code can call rhashtable_lookup_insert_fast() with
> bottom halves disabled:
> 
> __vlan_add()
>  -> br_fdb_add_local()
>   spin_lock_bh(&br->hash_lock); <-- Disable BH
>    -> fdb_add_local()
>     -> fdb_create()
>      -> rhashtable_lookup_insert_fast()
>       -> kvmalloc()
>        -> vmalloc()
>         -> __get_vm_area_node()
>          -> BUG_ON(in_interrupt())
>   spin_unlock_bh(&br->hash_lock)
> 
> this triggers the BUG() despite the caller not being in NMI or
> hard IRQ context.
> 
> Replace the in_interrupt() check with in_nmi() || in_hardirq().
> 
> Cc: Ido Schimmel <idosch@nvidia.com>
> Fixes: c6307674ed82 ("mm: kvmalloc: add non-blocking support for vmalloc")

Was added in 6.19 so I assumed we want cc:stable on this.

> Reported-by: syzbot+8b12fc6e0fb139765b58@syzkaller.appspotmail.com
> Closes: https://lore.kernel.org/all/69ff8c7c.050a0220.1036b8.000b.GAE@google.com/
> Signed-off-by: Uladzislau Rezki (Sony) <urezki@gmail.com>
Re: [PATCH] mm/vmalloc: Do not trigger BUG() on BH disabled context
Posted by Uladzislau Rezki 5 days, 15 hours ago 
On Mon, May 18, 2026 at 04:10:12PM -0700, Andrew Morton wrote:
> On Fri, 15 May 2026 17:30:09 +0200 "Uladzislau Rezki (Sony)" <urezki@gmail.com> wrote:
> 
> > __get_vm_area_node() currently triggers a BUG() if in_interrupt()
> > returns true. However, in_interrupt() also reports true when BH
> > are disabled.
> > 
> > The bridge code can call rhashtable_lookup_insert_fast() with
> > bottom halves disabled:
> > 
> > __vlan_add()
> >  -> br_fdb_add_local()
> >   spin_lock_bh(&br->hash_lock); <-- Disable BH
> >    -> fdb_add_local()
> >     -> fdb_create()
> >      -> rhashtable_lookup_insert_fast()
> >       -> kvmalloc()
> >        -> vmalloc()
> >         -> __get_vm_area_node()
> >          -> BUG_ON(in_interrupt())
> >   spin_unlock_bh(&br->hash_lock)
> > 
> > this triggers the BUG() despite the caller not being in NMI or
> > hard IRQ context.
> > 
> > Replace the in_interrupt() check with in_nmi() || in_hardirq().
> > 
> > Cc: Ido Schimmel <idosch@nvidia.com>
> > Fixes: c6307674ed82 ("mm: kvmalloc: add non-blocking support for vmalloc")
> 
> Was added in 6.19 so I assumed we want cc:stable on this.
> 
Thank you. Yep, we want cc:stable!

--
Uladzislau Rezki

Patchew 2.1-devel-ea86937

© 2016 - 2026 Red Hat, Inc.