On 2022/7/14 1:23, Andrew Morton wrote:
> On Tue, 12 Jul 2022 21:05:42 +0800 Miaohe Lin <linmiaohe@xxxxxxxxxx> wrote:
>
>> In MCOPY_ATOMIC_CONTINUE case with a non-shared VMA, pages in the page
>> cache are installed in the ptes. But hugepage_add_new_anon_rmap is called
>> for them mistakenly because they're not vm_shared. This will corrupt the
>> page->mapping used by page cache code.
>
> Well that sounds bad. And theories on why this has gone unnoticed for
> over a year? I assume this doesn't have coverage in our selftests?
As discussed in another thread, when minor fault handling is proposed, only
VM_SHARED vma is expected to be supported. And the test case is also missing.
Thanks.
>
>> --- a/mm/hugetlb.c
>> +++ b/mm/hugetlb.c
>> @@ -6038,7 +6038,7 @@ int hugetlb_mcopy_atomic_pte(struct mm_struct *dst_mm,
>> if (!huge_pte_none_mostly(huge_ptep_get(dst_pte)))
>> goto out_release_unlock;
>>
>> - if (vm_shared) {
>> + if (page_in_pagecache) {
>> page_dup_file_rmap(page, true);
>> } else {
>> ClearHPageRestoreReserve(page);
>> --
>> 2.23.0
> .
>
