The routine dissolve_free_huge_page can be passed the tail page of a
hugetlb page. The tail page is incorrectly passed on to the routines
alloc_huge_page_vmemmap and add_hugetlb_page which expect a hugetlb
head page.
Operating on a tail page instead of head page could result in addressing
exceptions or vmemmap corruption.
Signed-off-by: Mike Kravetz <mike.kravetz@xxxxxxxxxx>
---
The code with this issue is only in mmotm (and next). Specifically
mm: hugetlb: alloc the vmemmap pages associated with each HugeTLB page
Andrew, I assume you will fix in your tree.
mm/hugetlb.c | 4 ++--
scripts/rust-version.sh | 0
2 files changed, 2 insertions(+), 2 deletions(-)
mode change 100644 => 100755 scripts/rust-version.sh
diff --git a/mm/hugetlb.c b/mm/hugetlb.c
index 69a4b551c157..d2461c1f32dd 100644
--- a/mm/hugetlb.c
+++ b/mm/hugetlb.c
@@ -1954,7 +1954,7 @@ int dissolve_free_huge_page(struct page *page)
* Attempt to allocate vmemmmap here so that we can take
* appropriate action on failure.
*/
- rc = alloc_huge_page_vmemmap(h, page);
+ rc = alloc_huge_page_vmemmap(h, head);
if (!rc) {
/*
* Move PageHWPoison flag from head page to the raw
@@ -1968,7 +1968,7 @@ int dissolve_free_huge_page(struct page *page)
update_and_free_page(h, head, false);
} else {
spin_lock_irq(&hugetlb_lock);
- add_hugetlb_page(h, page, false);
+ add_hugetlb_page(h, head, false);
h->max_huge_pages++;
spin_unlock_irq(&hugetlb_lock);
}
diff --git a/scripts/rust-version.sh b/scripts/rust-version.sh
old mode 100644
new mode 100755
--
2.31.1
