mm/hugetlb.c | 3 +++ mm/hugetlb_cma.c | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-)
alloc_buddy_hugetlb_folio_with_mpol() can pass a NULL nodemask to
alloc_fresh_hugetlb_folio() as a fallback to allocate from all
nodes. If order is gigantic, alloc_fresh_hugetlb_folio() propagates
the NULL nodemask down to hugetlb_cma_alloc_frozen_folio() which blindly
dereferences it in for_each_node_mask(), leading to a null pointer
dereference.
Similarly, if the CMA allocation fails, the fallback
alloc_contig_frozen_pages() is also called with a NULL nodemask,
which may cause issues.
Fix this by explicitly checking if nodemask is NULL in
alloc_fresh_hugetlb_folio() and defaulting to
cpuset_current_mems_allowed. This ensures that both the CMA and
contiguous allocators receive a valid nodemask.
Additionally, this patch adds a missing node_isset(nid, *nodemask) check
in hugetlb_cma_alloc_frozen_folio() to ensure the initial node allocation
attempt respects the memory policy.
Fixes: eb02f14c4a2b ("mm/hugetlb: allow overcommitting gigantic hugepages")
Cc: stable@vger.kernel.org
Signed-off-by: Sourav Panda <souravpanda@google.com>
---
Changes in v2:
- Fixed in alloc_fresh_hugetlb_folio(), because we also need a right node_mask for alloc_contig_frozen_pages() as suggested by Muchun.
- Added node_isset() check to the initial preferred node allocation in hugetlb_cma_alloc_frozen_folio() to respect memory policy, as suggested by Sashiko.
- Added Cc stable as suggested by Andrew Morton.
- v1: https://lore.kernel.org/linux-mm/20260702215713.627941-1-souravpanda@google.com/
mm/hugetlb.c | 3 +++
mm/hugetlb_cma.c | 2 +-
2 files changed, 4 insertions(+), 1 deletion(-)
diff --git a/mm/hugetlb.c b/mm/hugetlb.c
index 571212b80835..ab5deba4f7a1 100644
--- a/mm/hugetlb.c
+++ b/mm/hugetlb.c
@@ -1865,6 +1865,9 @@ static struct folio *alloc_fresh_hugetlb_folio(struct hstate *h,
{
struct folio *folio;
+ if (!nmask)
+ nmask = &cpuset_current_mems_allowed;
+
folio = only_alloc_fresh_hugetlb_folio(h, gfp_mask, nid, nmask, NULL);
if (folio)
hugetlb_vmemmap_optimize_folio(h, folio);
diff --git a/mm/hugetlb_cma.c b/mm/hugetlb_cma.c
index 39344d6c78d8..79dbd0baafa3 100644
--- a/mm/hugetlb_cma.c
+++ b/mm/hugetlb_cma.c
@@ -34,7 +34,7 @@ struct folio *hugetlb_cma_alloc_frozen_folio(int order, gfp_t gfp_mask,
if (!hugetlb_cma_size)
return NULL;
- if (hugetlb_cma[nid])
+ if (hugetlb_cma[nid] && node_isset(nid, *nodemask))
page = cma_alloc_frozen_compound(hugetlb_cma[nid], order);
if (!page && !(gfp_mask & __GFP_THISNODE)) {
--
2.55.0.rc0.799.gd6f94ed593-goog
© 2016 - 2026 Red Hat, Inc.