diff options
authorMikhail Zaslonko <>2019-02-01 14:20:38 -0800
committerLinus Torvalds <>2019-02-01 15:46:23 -0800
commit24feb47c5fa5b825efb0151f28906dfdad027e61 (patch)
parentefad4e475c312456edb3c789d0996d12ed744c13 (diff)
mm, memory_hotplug: test_pages_in_a_zone do not pass the end of zone
If memory end is not aligned with the sparse memory section boundary, the mapping of such a section is only partly initialized. This may lead to VM_BUG_ON due to uninitialized struct pages access from test_pages_in_a_zone() function triggered by memory_hotplug sysfs handlers. Here are the the panic examples: CONFIG_DEBUG_VM_PGFLAGS=y kernel parameter mem=2050M -------------------------- page:000003d082008000 is uninitialized and poisoned page dumped because: VM_BUG_ON_PAGE(PagePoisoned(p)) Call Trace: test_pages_in_a_zone+0xde/0x160 show_valid_zones+0x5c/0x190 dev_attr_show+0x34/0x70 sysfs_kf_seq_show+0xc8/0x148 seq_read+0x204/0x480 __vfs_read+0x32/0x178 vfs_read+0x82/0x138 ksys_read+0x5a/0xb0 system_call+0xdc/0x2d8 Last Breaking-Event-Address: test_pages_in_a_zone+0xde/0x160 Kernel panic - not syncing: Fatal exception: panic_on_oops Fix this by checking whether the pfn to check is within the zone. [ separated this change from] Link: [ separated this change from] Signed-off-by: Michal Hocko <> Signed-off-by: Mikhail Zaslonko <> Tested-by: Mikhail Gavrilov <> Reviewed-by: Oscar Salvador <> Tested-by: Gerald Schaefer <> Cc: Heiko Carstens <> Cc: Martin Schwidefsky <> Cc: Mikhail Gavrilov <> Cc: Pavel Tatashin <> Signed-off-by: Andrew Morton <> Signed-off-by: Linus Torvalds <>
1 files changed, 3 insertions, 0 deletions
diff --git a/mm/memory_hotplug.c b/mm/memory_hotplug.c
index 91e6fef4cf9f..ecc5ee04e301 100644
--- a/mm/memory_hotplug.c
+++ b/mm/memory_hotplug.c
@@ -1274,6 +1274,9 @@ int test_pages_in_a_zone(unsigned long start_pfn, unsigned long end_pfn,
if (i == MAX_ORDER_NR_PAGES || pfn + i >= end_pfn)
+ /* Check if we got outside of the zone */
+ if (zone && !zone_spans_pfn(zone, pfn + i))
+ return 0;
page = pfn_to_page(pfn + i);
if (zone && page_zone(page) != zone)
return 0;