a7y18lte-ubports/android_kernel_samsung_a7y18lte
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
543e495ee9
android_kernel_samsung_a7y1.../mm
History
Minchan Kim 543e495ee9 zram: do not free pool->size_class 
Mike reported kernel goes oops with ltp:zram03 testcase.

  zram: Added device: zram0
  zram0: detected capacity change from 0 to 107374182400
  BUG: unable to handle kernel paging request at 0000306d61727a77
  IP: zs_map_object+0xb9/0x260
  PGD 0
  P4D 0
  Oops: 0000 [#1] SMP
  Dumping ftrace buffer:
     (ftrace buffer empty)
  Modules linked in: zram(E) xfs(E) libcrc32c(E) btrfs(E) xor(E) raid6_pq(E) loop(E) ebtable_filter(E) ebtables(E) ip6table_filter(E) ip6_tables(E) iptable_filter(E) ip_tables(E) x_tables(E) af_packet(E) br_netfilter(E) bridge(E) stp(E) llc(E) iscsi_ibft(E) iscsi_boot_sysfs(E) nls_iso8859_1(E) nls_cp437(E) vfat(E) fat(E) intel_powerclamp(E) coretemp(E) cdc_ether(E) kvm_intel(E) usbnet(E) mii(E) kvm(E) irqbypass(E) crct10dif_pclmul(E) crc32_pclmul(E) crc32c_intel(E) iTCO_wdt(E) ghash_clmulni_intel(E) bnx2(E) iTCO_vendor_support(E) pcbc(E) ioatdma(E) ipmi_ssif(E) aesni_intel(E) i5500_temp(E) i2c_i801(E) aes_x86_64(E) lpc_ich(E) shpchp(E) mfd_core(E) crypto_simd(E) i7core_edac(E) dca(E) glue_helper(E) cryptd(E) ipmi_si(E) button(E) acpi_cpufreq(E) ipmi_devintf(E) pcspkr(E) ipmi_msghandler(E)
   nfsd(E) auth_rpcgss(E) nfs_acl(E) lockd(E) grace(E) sunrpc(E) ext4(E) crc16(E) mbcache(E) jbd2(E) sd_mod(E) ata_generic(E) i2c_algo_bit(E) ata_piix(E) drm_kms_helper(E) ahci(E) syscopyarea(E) sysfillrect(E) libahci(E) sysimgblt(E) fb_sys_fops(E) uhci_hcd(E) ehci_pci(E) ttm(E) ehci_hcd(E) libata(E) drm(E) megaraid_sas(E) usbcore(E) sg(E) dm_multipath(E) dm_mod(E) scsi_dh_rdac(E) scsi_dh_emc(E) scsi_dh_alua(E) scsi_mod(E) efivarfs(E) autofs4(E) [last unloaded: zram]
  CPU: 6 PID: 12356 Comm: swapon Tainted: G            E   4.13.0.g87b2c3f-default #194
  Hardware name: IBM System x3550 M3 -[7944K3G]-/69Y5698     , BIOS -[D6E150AUS-1.10]- 12/15/2010
  task: ffff880158d2c4c0 task.stack: ffffc90001680000
  RIP: 0010:zs_map_object+0xb9/0x260
  Call Trace:
   zram_bvec_rw.isra.26+0xe8/0x780 [zram]
   zram_rw_page+0x6e/0xa0 [zram]
   bdev_read_page+0x81/0xb0
   do_mpage_readpage+0x51a/0x710
   mpage_readpages+0x122/0x1a0
   blkdev_readpages+0x1d/0x20
   __do_page_cache_readahead+0x1b2/0x270
   ondemand_readahead+0x180/0x2c0
   page_cache_sync_readahead+0x31/0x50
   generic_file_read_iter+0x7e7/0xaf0
   blkdev_read_iter+0x37/0x40
   __vfs_read+0xce/0x140
   vfs_read+0x9e/0x150
   SyS_read+0x46/0xa0
   entry_SYSCALL_64_fastpath+0x1a/0xa5
  Code: 81 e6 00 c0 3f 00 81 fe 00 00 16 00 0f 85 9f 01 00 00 0f b7 13 65 ff 05 5e 07 dc 7e 66 c1 ea 02 81 e2 ff 01 00 00 49 8b 54 d4 08 <8b> 4a 48 41 0f af ce 81 e1 ff 0f 00 00 41 89 c9 48 c7 c3 a0 70
  RIP: zs_map_object+0xb9/0x260 RSP: ffffc90001683988
  CR2: 0000306d61727a77

He bisected the problem is [1].

After commit cf8e0fedf078 ("mm/zsmalloc: simplify zs_max_alloc_size
handling"), zram doesn't use double pointer for pool->size_class any
more in zs_create_pool so counter function zs_destroy_pool don't need to
free it, either.

Otherwise, it does kfree wrong address and then, kernel goes Oops.

Link: http://lkml.kernel.org/r/20170725062650.GA12134@bbox
Fixes: cf8e0fedf078 ("mm/zsmalloc: simplify zs_max_alloc_size handling")
Signed-off-by: Minchan Kim <minchan@kernel.org>
Reported-by: Mike Galbraith <efault@gmx.de>
Tested-by: Mike Galbraith <efault@gmx.de>
Reviewed-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
Cc: Jerome Marchand <jmarchan@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2020-08-19 11:34:39 +05:30
..
kasan
backing-dev.c
balloon_compaction.c
bootmem.c
cleancache.c
cma_debug.c
cma.c mm/cma.c: fail if fixed declaration can't be honored 2020-04-06 20:27:19 +02:00
cma.h
compaction.c
debug-pagealloc.c
debug.c
dmapool.c
early_ioremap.c
fadvise.c
failslab.c
filemap.c mm/filemap.c: don't initiate writeback if mapping has no dirty pages 2020-04-07 11:58:51 +02:00
frame_vector.c
frontswap.c
gup.c mm: prevent get_user_pages() from overflowing page refcount 2020-04-07 14:08:50 +02:00
highmem.c
hpa.c
huge_memory.c
hugetlb_cgroup.c mm: hugetlb: switch to css_tryget() in hugetlb_cgroup_charge_cgroup() 2020-04-07 12:26:33 +02:00
hugetlb.c mm: prevent get_user_pages() from overflowing page refcount 2020-04-07 14:08:50 +02:00
hwpoison-inject.c
init-mm.c
internal.h mm: add 'try_get_page()' helper function 2020-04-07 14:05:08 +02:00
interval_tree.c
io_record.c
Kconfig
Kconfig.debug
kmemcheck.c
kmemleak-test.c
kmemleak.c mm/kmemleak.c: fix check for softirq context 2020-04-06 20:16:21 +02:00
ksm.c mm/ksm.c: don't WARN if page is still mapped in remove_stable_node() 2020-04-07 12:33:44 +02:00
list_lru.c
maccess.c
madvise.c
Makefile
memblock.c
memcontrol.c memcg: fix NULL pointer dereference in __mem_cgroup_usage_unregister_event 2020-04-07 14:14:28 +02:00
memory_hotplug.c
memory-failure.c
memory.c
mempolicy.c mm/mempolicy.c: fix out of bounds write in mpol_parse_str() 2020-04-07 13:48:18 +02:00
mempool.c
memtest.c
migrate.c
mincore.c
mlock.c
mm_init.c
mmap.c Revert "coredump: fix race condition between mmget_not_zero()/get_task_mm() and core dumping" 2020-04-06 22:47:46 +05:30
mmu_context.c
mmu_notifier.c mm/mmu_notifier: use hlist_add_head_rcu() 2020-04-06 20:16:25 +02:00
mmzone.c
mprotect.c
mremap.c
msync.c
nobootmem.c
nommu.c x86/mm: split vmalloc_sync_all() 2020-04-07 14:14:34 +02:00
oom_kill.c
page_alloc.c mm/page_alloc.c: calculate 'available' memory in a separate function 2020-04-07 13:36:28 +02:00
page_counter.c
page_ext.c
page_idle.c mm/page_idle.c: fix oops because end_pfn is larger than max_pfn 2020-04-06 19:14:16 +02:00
page_io.c
page_isolation.c
page_owner.c
page-writeback.c mm/page-writeback.c: avoid potential division by zero in wb_min_max_ratio() 2020-04-07 13:37:49 +02:00
pagewalk.c
percpu-km.c
percpu-vm.c
percpu.c
pgtable-generic.c
process_vm_access.c
quicklist.c
readahead.c
rmap.c
shmem.c mm/shmem.c: cast the type of unmap_start to u64 2020-04-07 13:08:06 +02:00
showmem_extra.c
slab_common.c
slab.c
slab.h
slob.c
slub.c mm, slub: prevent kmalloc_node crashes and memory leaks 2020-04-07 14:14:32 +02:00
sparse-vmemmap.c
sparse.c
swap_cgroup.c
swap_state.c
swap.c
swapfile.c
truncate.c
usercopy.c
userfaultfd.c
util.c
vmacache.c
vmalloc.c x86/mm: split vmalloc_sync_all() 2020-04-07 14:14:34 +02:00
vmpressure.c
vmscan.c
vmstat.c mm: add NR_ZSMALLOC to vmstat 2020-08-19 11:34:38 +05:30
workingset.c
zbud.c
zpool.c
zsmalloc.c zram: do not free pool->size_class 2020-08-19 11:34:39 +05:30
zswap.c mm, zram: Use zstd as initial compressor 2020-08-19 11:34:37 +05:30