The patch titled
Subject: mm: write protect MADV_FREE pages
has been removed from the -mm tree. Its filename was
mm-write-protect-madv_free-pages.patch
This patch was dropped because it was withdrawn
------------------------------------------------------
From: Shaohua Li <shli@xxxxxx>
Subject: mm: write protect MADV_FREE pages
Page reclaim has an assumption that writing to a page with clean pte
should trigger a page fault, because there is a window between pte zero
and tlb flush where a new write could come. If the new write doesn't
trigger page fault, page reclaim will not notice it and think the page is
clean and reclaim it. The MADV_FREE pages don't comply with the rule and
the pte is just cleaned without writeprotect, so there will be no
pagefault for new write. This will cause data corruption.
I don't have a real workload to trigger this, it's from code
inspection. A workload like this may trigger the bug:
madvise(MADV_FREE) /* memory range */
write to the memory range
read from the memory range
With memory pressure, the data read by the application could be all 0s
instead of those written.
Link: http://lkml.kernel.org/r/791151284cd6941296f08488b8cb7f1968175a0a.1485212872.git.shli@xxxxxx
Signed-off-by: Shaohua Li <shli@xxxxxx>
Cc: Minchan Kim <minchan@xxxxxxxxxx>
Cc: Hugh Dickins <hughd@xxxxxxxxxx>
Cc: Rik van Riel <riel@xxxxxxxxxxx>
Cc: <stable@xxxxxxxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---
mm/huge_memory.c | 1 +
mm/madvise.c | 1 +
2 files changed, 2 insertions(+)
diff -puN mm/huge_memory.c~mm-write-protect-madv_free-pages mm/huge_memory.c
--- a/mm/huge_memory.c~mm-write-protect-madv_free-pages
+++ a/mm/huge_memory.c
@@ -1399,6 +1399,7 @@ bool madvise_free_huge_pmd(struct mmu_ga
tlb->fullmm);
orig_pmd = pmd_mkold(orig_pmd);
orig_pmd = pmd_mkclean(orig_pmd);
+ orig_pmd = pmd_wrprotect(orig_pmd);
set_pmd_at(mm, addr, pmd, orig_pmd);
tlb_remove_pmd_tlb_entry(tlb, pmd, addr);
diff -puN mm/madvise.c~mm-write-protect-madv_free-pages mm/madvise.c
--- a/mm/madvise.c~mm-write-protect-madv_free-pages
+++ a/mm/madvise.c
@@ -376,6 +376,7 @@ static int madvise_free_pte_range(pmd_t
ptent = pte_mkold(ptent);
ptent = pte_mkclean(ptent);
+ ptent = pte_wrprotect(ptent);
set_pte_at(mm, addr, pte, ptent);
if (PageActive(page))
deactivate_page(page);
_
Patches currently in -mm which might be from shli@xxxxxx are
--
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
