On Wed, Sep 03, 2014 at 06:06:34PM -0700, Hugh Dickins wrote:
> On Thu, 28 Aug 2014, Naoya Horiguchi wrote:
>
> > There is a race condition between hugepage migration and change_protection(),
> > where hugetlb_change_protection() doesn't care about migration entries and
> > wrongly overwrites them. That causes unexpected results like kernel crash.
> >
> > This patch adds is_hugetlb_entry_(migration|hwpoisoned) check in this
> > function to do proper actions.
> >
> > ChangeLog v3:
> > - handle migration entry correctly (instead of just skipping)
> >
> > Signed-off-by: Naoya Horiguchi <n-horiguchi@xxxxxxxxxxxxx>
> > Cc: <stable@xxxxxxxxxxxxxxx> # [2.6.36+]
>
> 2.6.36+? For the hwpoisoned part of it, I suppose.
> Then you'd better mentioned the hwpoisoned case in the comment above.
OK, I'll update the description and the subject.
> > ---
> > mm/hugetlb.c | 21 ++++++++++++++++++++-
> > 1 file changed, 20 insertions(+), 1 deletion(-)
> >
> > diff --git mmotm-2014-08-25-16-52.orig/mm/hugetlb.c mmotm-2014-08-25-16-52/mm/hugetlb.c
> > index 2aafe073cb06..1ed9df6def54 100644
> > --- mmotm-2014-08-25-16-52.orig/mm/hugetlb.c
> > +++ mmotm-2014-08-25-16-52/mm/hugetlb.c
> > @@ -3362,7 +3362,26 @@ unsigned long hugetlb_change_protection(struct vm_area_struct *vma,
> > spin_unlock(ptl);
> > continue;
> > }
> > - if (!huge_pte_none(huge_ptep_get(ptep))) {
> > + pte = huge_ptep_get(ptep);
> > + if (unlikely(is_hugetlb_entry_hwpoisoned(pte))) {
> > + spin_unlock(ptl);
> > + continue;
> > + }
> > + if (unlikely(is_hugetlb_entry_migration(pte))) {
> > + swp_entry_t entry = pte_to_swp_entry(pte);
> > +
> > + if (is_write_migration_entry(entry)) {
> > + pte_t newpte;
> > +
> > + make_migration_entry_read(&entry);
> > + newpte = swp_entry_to_pte(entry);
> > + set_pte_at(mm, address, ptep, newpte);
>
> set_huge_pte_at.
Fixed, thanks.
>
> (As usual, I can't bear to see these is_hugetlb_entry_hwpoisoned and
> is_hugetlb_entry_migration examples go past without bleating about
> wanting to streamline them a little; but agreed last time to leave
> that to some later cleanup once all the stable backports are stable.)
Yes, these two check routines need cleanup.
I'll do it in separate work later.
> > + pages++;
> > + }
> > + spin_unlock(ptl);
> > + continue;
> > + }
> > + if (!huge_pte_none(pte)) {
> > pte = huge_ptep_get_and_clear(mm, address, ptep);
> > pte = pte_mkhuge(huge_pte_modify(pte, newprot));
> > pte = arch_make_huge_pte(pte, vma, NULL, 0);
> > --
> > 1.9.3
>
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@xxxxxxxxx. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>