> @@ -5397,7 +5397,10 @@ int copy_hugetlb_page_range(struct mm_struct *dst, struct mm_struct *src,
> } else {
> ptepage = pte_page(entry);
> hpage = compound_head(ptepage);
> - get_page(hpage);
> + if (try_get_page(hpage)) {
> + ret = -EFAULT;
> + break;
spin_unlock(src_ptl) and spin_unlock(dst_ptl) is required here.
I'll make sure there's a selftest that actually makes sure that
refcount overflowing is handled gracefully for v3.
> + }
>
> /*
> * Failing to duplicate the anon rmap is a rare case
> @@ -6132,6 +6135,30 @@ static bool hugetlb_pte_stable(struct hstate *h, struct hugetlb_pte *hpte,
> return same;
> }
