On 07/12/22 21:05, Miaohe Lin wrote:
> In MCOPY_ATOMIC_CONTINUE case with a non-shared VMA, pages in the page
> cache are installed in the ptes. But hugepage_add_new_anon_rmap is called
> for them mistakenly because they're not vm_shared. This will corrupt the
> page->mapping used by page cache code.
>
> Fixes: f619147104c8 ("userfaultfd: add UFFDIO_CONTINUE ioctl")
> Signed-off-by: Miaohe Lin <linmiaohe@xxxxxxxxxx>
> ---
> mm/hugetlb.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
This looks correct to me.
Reviewed-by: Mike Kravetz <mike.kravetz@xxxxxxxxxx>
However, I am having a hard time wrapping my head around how UFFDIO_CONTINUE
should work on non-anon private mappings. For example, a private mapping of
a hugetlbfs file. I think we just map the page in the file/cache and do not
set the write bit in the pte. So, yes we would want page_dup_file_rmap()
in this case as shown below.
Adding Axel and Peter on Cc: as they were more involved in adding that code
and the design of UFFDIO_CONTINUE.
--
Mike Kravetz
>
> diff --git a/mm/hugetlb.c b/mm/hugetlb.c
> index 8d379e03f672..b232e1508e49 100644
> --- a/mm/hugetlb.c
> +++ b/mm/hugetlb.c
> @@ -6038,7 +6038,7 @@ int hugetlb_mcopy_atomic_pte(struct mm_struct *dst_mm,
> if (!huge_pte_none_mostly(huge_ptep_get(dst_pte)))
> goto out_release_unlock;
>
> - if (vm_shared) {
> + if (page_in_pagecache) {
> page_dup_file_rmap(page, true);
> } else {
> ClearHPageRestoreReserve(page);
> --
> 2.23.0
>
