Sumanth Korikkar 4666f003af mm/memory_hotplug: add missing mem_hotplug_lock ... [ Upstream commit 001002e73712cdf6b8d9a103648cda3040ad7647 ] From Documentation/core-api/memory-hotplug.rst: When adding/removing/onlining/offlining memory or adding/removing heterogeneous/device memory, we should always hold the mem_hotplug_lock in write mode to serialise memory hotplug (e.g. access to global/zone variables). mhp_(de)init_memmap_on_memory() functions can change zone stats and struct page content, but they are currently called w/o the mem_hotplug_lock. When memory block is being offlined and when kmemleak goes through each populated zone, the following theoretical race conditions could occur: CPU 0: | CPU 1: memory_offline() | -> offline_pages() | -> mem_hotplug_begin() | ... | -> mem_hotplug_done() | | kmemleak_scan() | -> get_online_mems() | ... -> mhp_deinit_memmap_on_memory() | [not protected by mem_hotplug_begin/done()]| Marks memory section as offline, | Retrieves zone_start_pfn poisons vmemmap struct pages and updates | and struct page members. the zone related data | | ... | -> put_online_mems() Fix this by ensuring mem_hotplug_lock is taken before performing mhp_init_memmap_on_memory(). Also ensure that mhp_deinit_memmap_on_memory() holds the lock. online/offline_pages() are currently only called from memory_block_online/offline(), so it is safe to move the locking there. Link: https://lkml.kernel.org/r/20231120145354.308999-2-sumanthk@linux.ibm.com Fixes: a08a2ae346 ("mm,memory_hotplug: allocate memmap from the added memory range") Signed-off-by: Sumanth Korikkar <sumanthk@linux.ibm.com> Reviewed-by: Gerald Schaefer <gerald.schaefer@linux.ibm.com> Acked-by: David Hildenbrand <david@redhat.com> Cc: Alexander Gordeev <agordeev@linux.ibm.com> Cc: Aneesh Kumar K.V <aneesh.kumar@linux.ibm.com> Cc: Anshuman Khandual <anshuman.khandual@arm.com> Cc: Heiko Carstens <hca@linux.ibm.com> Cc: Michal Hocko <mhocko@suse.com> Cc: Oscar Salvador <osalvador@suse.de> Cc: Vasily Gorbik <gor@linux.ibm.com> Cc: kernel test robot <lkp@intel.com> Cc: <stable@vger.kernel.org> [5.15+] Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Sasha Levin <sashal@kernel.org>		2024-01-10 17:10:33 +01:00
..
firmware_loader	firmware_loader: Fix memory leak in firmware upload	2022-09-01 17:47:27 +02:00
power	PM: sleep: wakeirq: fix wake irq arming	2023-08-03 10:24:16 +02:00
regmap	regmap: fix bogus error on regcache_sync success	2023-12-13 18:39:20 +01:00
test	driver core: test_async: fix an error code	2023-09-13 09:42:53 +02:00
arch_numa.c	mm: percpu: add generic pcpu_populate_pte() function	2022-01-20 08:52:52 +02:00
arch_topology.c	RISC-V Patches for the 6.1 Merge Window, Part 1	2022-10-09 13:24:01 -07:00
attribute_container.c	driver core: attribute_container: fix W=1 warnings	2021-05-14 13:37:10 +02:00
auxiliary.c	Documentation/auxiliary_bus: Move the text into the code	2021-12-03 16:41:50 +01:00
base.h	driver core: remove make_class_name declaration	2022-09-09 10:49:54 +02:00
bus.c	driver: base: fix UAF when driver_attach failed	2022-05-19 19:28:42 +02:00
cacheinfo.c	drivers: base: cacheinfo: Fix shared_cpu_map changes in event of CPU hotplug	2023-06-09 10:34:17 +02:00
class.c	class: fix possible memory leak in __class_register()	2022-12-31 13:32:38 +01:00
component.c	drivers: base: component: fix memory leak with using debugfs_lookup()	2023-03-11 13:55:39 +01:00
container.c
core.c	drivers: base: Free devm resources when unregistering a device	2023-09-13 09:42:54 +02:00
cpu.c	x86/srso: Add a Speculative RAS Overflow mitigation	2023-08-08 20:03:50 +02:00
dd.c	driver core: Release all resources during unbind before updating device links	2023-11-28 17:07:13 +00:00
devcoredump.c	devcoredump: Send uevent once devcd is ready	2023-12-13 18:39:28 +01:00
devres.c	devres: Slightly optimize alloc_dr()	2022-09-01 18:17:14 +02:00
devtmpfs.c	devtmpfs: fix the dangling pointer of global devtmpfsd thread	2022-06-27 16:41:13 +02:00
driver.c	driver core: fix driver_set_override() issue with empty strings	2022-09-05 13:01:34 +02:00
firmware.c
hypervisor.c
init.c	init: Initialize noop_backing_dev_info early	2022-06-16 10:55:57 +02:00
isa.c	bus: Make remove callback return void	2021-07-21 11:53:42 +02:00
Kconfig	devtmpfs: mount with noexec and nosuid	2021-12-30 13:54:42 +01:00
Makefile	driver core: Add sysfs support for physical location of a device	2022-04-27 09:51:57 +02:00
map.c	driver: base: Prefer unsigned int to bare use of unsigned	2021-07-21 17:30:09 +02:00
memory.c	mm/memory_hotplug: add missing mem_hotplug_lock	2024-01-10 17:10:33 +01:00
module.c
node.c	- Yu Zhao's Multi-Gen LRU patches are here. They've been under test in	2022-10-10 17:53:04 -07:00
physical_location.c	driver core: location: Free struct acpi_pld_info *pld before return false	2023-03-10 09:33:33 +01:00
physical_location.h	driver core: Add sysfs support for physical location of a device	2022-04-27 09:51:57 +02:00
pinctrl.c
platform-msi.c	platform-msi: Export symbol platform_msi_create_irq_domain()	2022-09-28 14:21:05 +01:00
platform.c	platform: Provide a remove callback that returns no value	2023-05-24 17:32:43 +01:00
property.c	device property: Allow const parameter to dev_fwnode()	2024-01-05 15:18:40 +01:00
soc.c	base: soc: Make soc_device_match() simpler and easier to read	2022-03-18 14:28:07 +01:00
swnode.c	software node: fix wrong node passed to find nargs_prop	2021-12-22 18:26:18 +01:00
syscore.c	syscore: Use pm_pr_dbg() for syscore_{suspend,resume}()	2020-09-08 13:32:06 +02:00
topology.c	drivers/base: fix userspace break from using bin_attributes for cpumap and cpulist	2022-07-15 17:36:33 +02:00
trace.c	devres: Enable trace events	2021-06-15 17:14:36 +02:00
trace.h	devres: Enable trace events	2021-06-15 17:14:36 +02:00
transport_class.c	drivers: base: transport_class: fix resource leak when transport_add_device() fails	2023-03-10 09:33:34 +01:00