aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorChristoph Lameter <clameter@sgi.com>2007-01-05 19:37:02 -0500
committerLinus Torvalds <torvalds@woody.osdl.org>2007-01-06 02:55:29 -0500
commitf2e12bb272f2544d1504f982270e90ae3dcc4ff2 (patch)
tree68e8d10521fdcf1d7f4df411d87809cd1110b929
parent6929da4427b4335365dd51ab0b7dd2a0393656f0 (diff)
[PATCH] Check for populated zone in __drain_pages
Both process_zones() and drain_node_pages() check for populated zones before touching pagesets. However, __drain_pages does not do so, This may result in a NULL pointer dereference for pagesets in unpopulated zones if a NUMA setup is combined with cpu hotplug. Initially the unpopulated zone has the pcp pointers pointing to the boot pagesets. Since the zone is not populated the boot pageset pointers will not be changed during page allocator and slab bootstrap. If a cpu is later brought down (first call to __drain_pages()) then the pcp pointers for cpus in unpopulated zones are set to NULL since __drain_pages does not first check for an unpopulated zone. If the cpu is then brought up again then we call process_zones() which will ignore the unpopulated zone. So the pageset pointers will still be NULL. If the cpu is then again brought down then __drain_pages will attempt to drain pages by following the NULL pageset pointer for unpopulated zones. Signed-off-by: Christoph Lameter <clameter@sgi.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-rw-r--r--mm/page_alloc.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/mm/page_alloc.c b/mm/page_alloc.c
index 4a9a83fc1b39..a49f96b7ea43 100644
--- a/mm/page_alloc.c
+++ b/mm/page_alloc.c
@@ -711,6 +711,9 @@ static void __drain_pages(unsigned int cpu)
711 for_each_zone(zone) { 711 for_each_zone(zone) {
712 struct per_cpu_pageset *pset; 712 struct per_cpu_pageset *pset;
713 713
714 if (!populated_zone(zone))
715 continue;
716
714 pset = zone_pcp(zone, cpu); 717 pset = zone_pcp(zone, cpu);
715 for (i = 0; i < ARRAY_SIZE(pset->pcp); i++) { 718 for (i = 0; i < ARRAY_SIZE(pset->pcp); i++) {
716 struct per_cpu_pages *pcp; 719 struct per_cpu_pages *pcp;