21446 – [Bugfix][Anolis a23.3]hugetlb: Fix NULL pointer dereference BUG

Bug 21446 - [Bugfix][Anolis a23.3]hugetlb: Fix NULL pointer dereference BUG

Summary: [Bugfix][Anolis a23.3]hugetlb: Fix NULL pointer dereference BUG

Status:	NEW

Alias:	None

Product:	ANCK 6.6 Dev
Classification:	ANCK
Component:	mm (show other bugs)	mm
Sub Component:
Version:	unspecified
Hardware:	All Linux

Importance:	P3-Medium S2-major
Target Milestone:	---
Assignee:	baolinwang
QA Contact:	shuming

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2025-05-26 15:37 UTC by wojiaohanliyang
Modified:	2025-05-26 15:59 UTC (History)
CC List:	3 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description wojiaohanliyang hygon_group

2025-05-26 15:37:28 UTC

Description of problem:

There is a potential race between __update_and_free_hugetlb_folio() and
replace_free_hugepage_folios():

CPU1                              CPU2
__update_and_free_hugetlb_folio   replace_free_hugepage_folios
                                    folio_test_hugetlb(folio)
                                    -- It's still hugetlb folio.

  __folio_clear_hugetlb(folio)
  hugetlb_free_folio(folio)
                                    h = folio_hstate(folio)
                                    -- Here, h is NULL pointer

When the above race condition occurs, folio_hstate(folio) returns NULL,
and subsequent access to this NULL pointer will cause the system to crash.
To resolve this issue, execute folio_hstate(folio) under the protection
of the hugetlb_lock lock, ensuring that folio_hstate(folio) does not
return NULL.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:

Comment 1 小龙 admin

2025-05-26 15:52:06 UTC

The PR Link: https://gitee.com/anolis/cloud-kernel/pulls/5345