On 10 Dec 2024, at 4:34, David Hildenbrand wrote:
In split_large_buddy(), we might call pfn_to_page() on a PFN that might not exist. In corner cases, such as when freeing the highest pageblock in the last memory section, this could result with CONFIG_SPARSEMEM && !CONFIG_SPARSEMEM_EXTREME in __pfn_to_section() returning NULL and and __section_mem_map_addr() dereferencing that NULL pointer.
Let's fix it, and avoid doing a pfn_to_page() call for the first iteration, where we already have the page.
So far this was found by code inspection, but let's just CC stable as the fix is easy.
Fixes: fd919a85cd55 ("mm: page_isolation: prepare for hygienic freelists") Reported-by: Vlastimil Babka vbabka@suse.cz Closes: https://lkml.kernel.org/r/e1a898ba-a717-4d20-9144-29df1a6c8813@suse.cz Cc: Andrew Morton akpm@linux-foundation.org Cc: Johannes Weiner hannes@cmpxchg.org Cc: Zi Yan ziy@nvidia.com Cc: Yu Zhao yuzhao@google.com Cc: stable@vger.kernel.org Signed-off-by: David Hildenbrand david@redhat.com
Reviewed-by: Zi Yan ziy@nvidia.com
Best Regards, Yan, Zi