Russ Anderson ea35d7d69e drivers/base/memory.c: fix show_mem_removable() to handle missing sections ... commit 21ea9f5ace upstream. "cat /sys/devices/system/memory/memory*/removable" crashed the system. The problem is that show_mem_removable() is passing a bad pfn to is_mem_section_removable(), which causes if (!node_online(page_to_nid(page))) to blow up. Why is it passing in a bad pfn? The reason is that show_mem_removable() will loop sections_per_block times. sections_per_block is 16, but mem->section_count is 8, indicating holes in this memory block. Checking that the memory section is present before checking to see if the memory section is removable fixes the problem. harp5-sys:~ # cat /sys/devices/system/memory/memory*/removable 0 1 1 1 1 1 1 1 1 1 1 1 1 1 BUG: unable to handle kernel paging request at ffffea00c3200000 IP: [<ffffffff81117ed1>] is_pageblock_removable_nolock+0x1/0x90 PGD 83ffd4067 PUD 37bdfce067 PMD 0 Oops: 0000 [#1] SMP Modules linked in: autofs4 binfmt_misc rdma_ucm rdma_cm iw_cm ib_addr ib_srp scsi_transport_srp scsi_tgt ib_ipoib ib_cm ib_uverbs ib_umad iw_cxgb3 cxgb3 mdio mlx4_en mlx4_ib ib_sa mlx4_core ib_mthca ib_mad ib_core fuse nls_iso8859_1 nls_cp437 vfat fat joydev loop hid_generic usbhid hid hwperf(O) numatools(O) dm_mod iTCO_wdt ipv6 iTCO_vendor_support igb i2c_i801 ioatdma i2c_algo_bit ehci_pci pcspkr lpc_ich i2c_core ehci_hcd ptp sg mfd_core dca rtc_cmos pps_core mperf button xhci_hcd sd_mod crc_t10dif usbcore usb_common scsi_dh_emc scsi_dh_hp_sw scsi_dh_alua scsi_dh_rdac scsi_dh gru(O) xvma(O) xfs crc32c libcrc32c thermal sata_nv processor piix mptsas mptscsih scsi_transport_sas mptbase megaraid_sas fan thermal_sys hwmon ext3 jbd ata_piix ahci libahci libata scsi_mod CPU: 4 PID: 5991 Comm: cat Tainted: G O 3.11.0-rc5-rja-uv+ #10 Hardware name: SGI UV2000/ROMLEY, BIOS SGI UV 2000/3000 series BIOS 01/15/2013 task: ffff88081f034580 ti: ffff880820022000 task.ti: ffff880820022000 RIP: 0010:[<ffffffff81117ed1>] [<ffffffff81117ed1>] is_pageblock_removable_nolock+0x1/0x90 RSP: 0018:ffff880820023df8 EFLAGS: 00010287 RAX: 0000000000040000 RBX: ffffea00c3200000 RCX: 0000000000000004 RDX: ffffea00c30b0000 RSI: 00000000001c0000 RDI: ffffea00c3200000 RBP: ffff880820023e38 R08: 0000000000000000 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000000000001 R12: ffffea00c33c0000 R13: 0000160000000000 R14: 6db6db6db6db6db7 R15: 0000000000000001 FS: 00007ffff7fb2700(0000) GS:ffff88083fc80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffea00c3200000 CR3: 000000081b954000 CR4: 00000000000407e0 Call Trace: show_mem_removable+0x41/0x70 dev_attr_show+0x2a/0x60 sysfs_read_file+0xf7/0x1c0 vfs_read+0xc8/0x130 SyS_read+0x5d/0xa0 system_call_fastpath+0x16/0x1b Signed-off-by: Russ Anderson <rja@sgi.com> Cc: "Rafael J. Wysocki" <rafael.j.wysocki@intel.com> Cc: Yinghai Lu <yinghai@kernel.org> Reviewed-by: Yasuaki Ishimatsu <isimatu.yasuaki@jp.fujitsu.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>		2013-09-07 22:09:58 -07:00
..
power	PM: Avoid calling kfree() under spinlock in dev_pm_put_subsys_data()	2013-05-12 14:04:40 +02:00
regmap	regmap: cache: Make sure to sync the last register in a block	2013-08-14 22:59:06 -07:00
attribute_container.c	drivers: base: Convert dev_printk(KERN_<LEVEL> to dev_<level>(	2012-10-30 17:38:43 -07:00
base.h	driver/base: implement subsys_virtual_register()	2013-03-12 11:36:35 -07:00
bus.c	driver core: export subsys_virtual_register	2013-05-21 09:05:52 -07:00
class.c	driver-core: constify data for class_find_device()	2013-02-06 12:18:56 -08:00
core.c	driver core: print sysfs attribute name when warning about bogus permissions	2013-05-21 09:05:52 -07:00
cpu.c	numa, cpu hotplug: change links of CPU and node when changing node number by onlining CPU	2013-04-29 15:54:39 -07:00
dd.c	PM / Runtime: Idle devices asynchronously after probe|release	2013-04-11 12:42:52 -07:00
devres.c	Linux 3.9-rc3	2013-03-17 19:40:50 -07:00
devtmpfs.c	driver core: handle user namespaces properly with the uid/gid devtmpfs change	2013-04-11 11:43:29 -07:00
dma-buf.c	dma-buf: Add debugfs support	2013-05-01 16:36:22 +05:30
dma-coherent.c	drivers: dma-coherent: Fix typo in dma_mmap_from_coherent documentation	2012-10-23 14:05:32 +02:00
dma-contiguous.c	drivers: cma: represent physical addresses as phys_addr_t	2012-12-11 09:28:09 +01:00
dma-mapping.c	[media] dma-mapping: fix dma_common_get_sgtable() conditional compilation	2012-11-27 09:42:31 -02:00
driver.c	driver core: don't trigger uevent after failure	2012-07-17 10:40:23 -07:00
firmware_class.c	firmware loader: fix use-after-free by double abort	2013-06-18 10:41:55 -07:00
firmware.c
hypervisor.c	drivers/base: Add export.h for EXPORT_SYMBOL/THIS_MODULE as required.	2011-10-31 19:31:38 -04:00
init.c	driver-core: implement 'sysdev' functionality for regular devices and buses	2011-12-14 14:29:38 -08:00
isa.c
Kconfig	firmware: Make user-mode helper optional	2013-02-03 17:57:40 -08:00
Makefile	drivers/pinctrl: grab default handles from device core	2013-01-23 16:39:51 +01:00
map.c
memory.c	drivers/base/memory.c: fix show_mem_removable() to handle missing sections	2013-09-07 22:09:58 -07:00
module.c	driver core: module.c: Use kasprintf	2010-05-21 09:37:29 -07:00
node.c	drivers/base/node.c: switch to register_hotmemory_notifier()	2013-04-29 15:54:36 -07:00
pinctrl.c	drivers/pinctrl: grab default handles from device core	2013-01-23 16:39:51 +01:00
platform.c	driver core: platform.c: fix checkpatch errors and warnings	2013-03-29 09:10:55 -07:00
soc.c	mode_t whack-a-mole: ->is_visible() returns umode_t...	2012-05-29 23:28:42 -04:00
syscore.c	PM: Reintroduce dropped call to check_wakeup_irqs	2011-07-11 10:51:49 +02:00
topology.c	cpu: convert 'cpu' and 'machinecheck' sysdev_class to a regular subsystem	2011-12-21 14:29:42 -08:00
transport_class.c	drivers/base: transport_class explicitly requires EXPORT_SYMBOL	2011-10-31 19:31:15 -04:00