Skip to content
This repository
Browse code

percpu: pcpu_embed_first_chunk() should free unused parts after all a…

…llocs are complete

commit 42b6428 upstream.

pcpu_embed_first_chunk() allocates memory for each node, copies percpu
data and frees unused portions of it before proceeding to the next
group.  This assumes that allocations for different nodes doesn't
overlap; however, depending on memory topology, the bootmem allocator
may end up allocating memory from a different node than the requested
one which may overlap with the portion freed from one of the previous
percpu areas.  This leads to percpu groups for different nodes
overlapping which is a serious bug.

This patch separates out copy & partial free from the allocation loop
such that all allocations are complete before partial frees happen.

This also fixes overlapping frees which could happen on allocation
failure path - out_free_areas path frees whole groups but the groups
could have portions freed at that point.

Signed-off-by: Tejun Heo <tj@kernel.org>
Reported-by: "Pavel V. Panteleev" <pp_84@mail.ru>
Tested-by: "Pavel V. Panteleev" <pp_84@mail.ru>
LKML-Reference: <E1SNhwY-0007ui-V7.pp_84-mail-ru@f220.mail.ru>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
  • Loading branch information...
commit 8a2f7257ae6a7d1e1c87dd1ef146bd3e9c04e903 1 parent 1eafe98
authored April 27, 2012 Ben Hutchings committed May 20, 2012

Showing 1 changed file with 10 additions and 0 deletions. Show diff stats Hide diff stats

  1. 10  mm/percpu.c
10  mm/percpu.c
@@ -1642,6 +1642,16 @@ int __init pcpu_embed_first_chunk(size_t reserved_size, size_t dyn_size,
1642 1642
 		areas[group] = ptr;
1643 1643
 
1644 1644
 		base = min(ptr, base);
  1645
+	}
  1646
+
  1647
+	/*
  1648
+	 * Copy data and free unused parts.  This should happen after all
  1649
+	 * allocations are complete; otherwise, we may end up with
  1650
+	 * overlapping groups.
  1651
+	 */
  1652
+	for (group = 0; group < ai->nr_groups; group++) {
  1653
+		struct pcpu_group_info *gi = &ai->groups[group];
  1654
+		void *ptr = areas[group];
1645 1655
 
1646 1656
 		for (i = 0; i < gi->nr_units; i++, ptr += ai->unit_size) {
1647 1657
 			if (gi->cpu_map[i] == NR_CPUS) {

0 notes on commit 8a2f725

Please sign in to comment.
Something went wrong with that request. Please try again.