Re: [patch 023/192] mm, hugetlb: fix racy resv_huge_pages underflow on UFFDIO_COPY

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Jun 30, 2021 at 06:48:19PM -0700, Andrew Morton wrote:
> From: Mina Almasry <almasrymina@xxxxxxxxxx>
> Subject: mm, hugetlb: fix racy resv_huge_pages underflow on UFFDIO_COPY
> 
> On UFFDIO_COPY, if we fail to copy the page contents while holding the
> hugetlb_fault_mutex, we will drop the mutex and return to the caller after
> allocating a page that consumed a reservation.  In this case there may be
> a fault that double consumes the reservation.  To handle this, we free the
> allocated page, fix the reservations, and allocate a temporary hugetlb
> page and return that to the caller.  When the caller does the copy outside
> of the lock, we again check the cache, and allocate a page consuming the
> reservation, and copy over the contents.

But you only copy over the contents *IF* CONFIG_MIGRATION is enabled!
Now, maybe there aren't many configs out there that enable HUGETLBFS
and disable MIGRATION, but this is sloppy.

> +++ a/include/linux/migrate.h
> @@ -51,6 +51,7 @@ extern int migrate_huge_page_move_mappin
>  				  struct page *newpage, struct page *page);
>  extern int migrate_page_move_mapping(struct address_space *mapping,
>  		struct page *newpage, struct page *page, int extra_count);
> +extern void copy_huge_page(struct page *dst, struct page *src);
>  #else
>  
>  static inline void putback_movable_pages(struct list_head *l) {}
> @@ -77,6 +78,9 @@ static inline int migrate_huge_page_move
>  	return -ENOSYS;
>  }
>  
> +static inline void copy_huge_page(struct page *dst, struct page *src)
> +{
> +}
>  #endif /* CONFIG_MIGRATION */
>  
>  #ifdef CONFIG_COMPACTION



[Index of Archives]     [Kernel Archive]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]

  Powered by Linux