[PATCH] mm/vmalloc: Do not trigger BUG() on BH disabled context

Next message: Faisal Bukhari: "[PATCH] selftests/bpf: fix tunnel option size in ip6geneve_set_tunnel()"
Previous message: Vlastimil Babka (SUSE): "Re: [PATCH 4/4] mm/page_alloc: remove ifdefs from pindex helpers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Uladzislau Rezki (Sony)

Date: Fri May 15 2026 - 11:31:05 EST

__get_vm_area_node() currently triggers a BUG() if in_interrupt()
returns true. However, in_interrupt() also reports true when BH
are disabled.

The bridge code can call rhashtable_lookup_insert_fast() with
bottom halves disabled:

__vlan_add()
-> br_fdb_add_local()
spin_lock_bh(&br->hash_lock); <-- Disable BH
-> fdb_add_local()
-> fdb_create()
-> rhashtable_lookup_insert_fast()
-> kvmalloc()
-> vmalloc()
-> __get_vm_area_node()
-> BUG_ON(in_interrupt())
spin_unlock_bh(&br->hash_lock)

this triggers the BUG() despite the caller not being in NMI or
hard IRQ context.

Replace the in_interrupt() check with in_nmi() || in_hardirq().

Cc: Ido Schimmel <idosch@xxxxxxxxxx>
Fixes: c6307674ed82 ("mm: kvmalloc: add non-blocking support for vmalloc")
Reported-by: syzbot+8b12fc6e0fb139765b58@xxxxxxxxxxxxxxxxxxxxxxxxx
Closes: https://lore.kernel.org/all/69ff8c7c.050a0220.1036b8.000b.GAE@xxxxxxxxxx/
Signed-off-by: Uladzislau Rezki (Sony) <urezki@xxxxxxxxx>
---
mm/vmalloc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mm/vmalloc.c b/mm/vmalloc.c
index 676851d5cfe7..273bbe49eaef 100644
--- a/mm/vmalloc.c
+++ b/mm/vmalloc.c
@@ -3209,7 +3209,7 @@ struct vm_struct *__get_vm_area_node(unsigned long size,
struct vm_struct *area;
unsigned long requested_size = size;

- BUG_ON(in_interrupt());
+ BUG_ON(in_nmi() || in_hardirq());
size = ALIGN(size, 1ul << shift);
if (unlikely(!size))
return NULL;
--
2.47.3