• Michal Hocko's avatar
    mm: make page pfmemalloc check more robust · 2f064f34
    Michal Hocko authored
    Commit c48a11c7 ("netvm: propagate page->pfmemalloc to skb") added
    checks for page->pfmemalloc to __skb_fill_page_desc():
            if (page->pfmemalloc && !page->mapping)
                    skb->pfmemalloc = true;
    It assumes page->mapping == NULL implies that page->pfmemalloc can be
    trusted.  However, __delete_from_page_cache() can set set page->mapping
    to NULL and leave page->index value alone.  Due to being in union, a
    non-zero page->index will be interpreted as true page->pfmemalloc.
    So the assumption is invalid if the networking code can see such a page.
    And it seems it can.  We have encountered this with a NFS over loopback
    setup when such a page is attached to a new skbuf.  There is no copying
    going on in this case so the page confuses __skb_fill_page_desc which
    interprets the index as pfmemalloc flag and the network stack drops
    packets that have been allocated using the reserves unless they are to
    be queued on sockets handling the swapping which is the ...
ixgbe_main.c 250 KB