[PATCH openEuler-1.0-LTS 4/4] mm/hwpoison: put page in already hwpoisoned case with MF_COUNT_INCREASED

From: Naoya Horiguchi naoya.horiguchi@nec.com

mainline inclusion from mainline-v5.19-rc1 commit f361e2462e8cccdd9231aa3274690705a2ea35a2 category: bugfix bugzilla: 188200, https://gitee.com/openeuler/kernel/issues/I68OOI CVE: NA

--------------------------------

In already hwpoisoned case, memory_failure() is supposed to return with releasing the page refcount taken for error handling. But currently the refcount is not released when called with MF_COUNT_INCREASED, which makes page refcount inconsistent. This should be rare and non-critical, but it might be inconvenient in testing (unpoison doesn't work).

Link: https://lkml.kernel.org/r/20220408135323.1559401-3-naoya.horiguchi@linux.dev Signed-off-by: Naoya Horiguchi naoya.horiguchi@nec.com Suggested-by: Miaohe Lin linmiaohe@huawei.com Reviewed-by: Miaohe Lin linmiaohe@huawei.com Reviewed-by: Mike Kravetz mike.kravetz@oracle.com Cc: Dan Carpenter dan.carpenter@oracle.com Cc: Yang Shi shy828301@gmail.com Signed-off-by: Andrew Morton akpm@linux-foundation.org Signed-off-by: Ma Wupeng mawupeng1@huawei.com Reviewed-by: Kefeng Wang wangkefeng.wang@huawei.com Signed-off-by: Yongqiang Liu liuyongqiang13@huawei.com --- mm/memory-failure.c | 2 ++ 1 file changed, 2 insertions(+)

diff --git a/mm/memory-failure.c b/mm/memory-failure.c index 11ae0dacaae7..55c175f57223 100644 --- a/mm/memory-failure.c +++ b/mm/memory-failure.c @@ -1379,6 +1379,8 @@ int memory_failure(unsigned long pfn, int flags) pr_err("Memory failure: %#lx: already hardware poisoned\n", pfn); res = -EHWPOISON; + if (flags & MF_COUNT_INCREASED) + put_page(p); goto unlock_mutex; }