Hi Andrew, thanks for the detailed report. I am taking a look at this
but it seems a lot has happened since I last looked at this code. (If
anyone else knows what might be going on here, please do chime in).
Andrew Hastings wrote:
I think what happens is:
1. Driver does get_user_pages() for pages mapped by hugetlbfs.
2. Process exits.
3. hugetlbfs file is closed; the vma->vm_file->f_mapping value stored in
page_private now points to freed memory
4. Driver file is closed; driver's release() function calls put_page()
which calls free_huge_page() which passes bogus mapping value to
hugetlb_put_quota().
:( Definitely seems plausible.
I'd like to help with a fix, but it's not immediately obvious to me what
the right path is. Should hugetlb_no_page() always call add_to_page_cache()
even if VM_MAYSHARE is clear?
Are you seeing any corruption in the HugePages_Rsvd: counter? Would it
be possible for you to run the libhugetlbfs test suite before and after
trigerring the bug and let me know if any additional tests fail after
you reproduce this?
Thanks.
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@xxxxxxxxxx For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>