On Fri, Feb 24, 2023 at 9:42 AM James Houghton <jthoughton@xxxxxxxxxx> wrote:
>
> > @@ -5397,7 +5397,10 @@ int copy_hugetlb_page_range(struct mm_struct *dst, struct mm_struct *src,
> > } else {
> > ptepage = pte_page(entry);
> > hpage = compound_head(ptepage);
> > - get_page(hpage);
> > + if (try_get_page(hpage)) {
> > + ret = -EFAULT;
> > + break;
>
> spin_unlock(src_ptl) and spin_unlock(dst_ptl) is required here.
>
> I'll make sure there's a selftest that actually makes sure that
> refcount overflowing is handled gracefully for v3.
And this should be !try_get_page(). This hunk was a last-minute
addition to this commit; apparently I hadn't retested fork() after I
made this change. Sorry! The hugetlb-hgm selftest immediately catches
this problem.
- James
