The patch titled
Subject: fs/hugetlbfs/inode.c: fix bugs in hugetlb_vmtruncate_list()
has been added to the -mm tree. Its filename is
mm-hugetlbfs-fix-bugs-in-hugetlb_vmtruncate_list.patch
This patch should soon appear at
http://ozlabs.org/~akpm/mmots/broken-out/mm-hugetlbfs-fix-bugs-in-hugetlb_vmtruncate_list.patch
and later at
http://ozlabs.org/~akpm/mmotm/broken-out/mm-hugetlbfs-fix-bugs-in-hugetlb_vmtruncate_list.patch
Before you just go and hit "reply", please:
a) Consider who else should be cc'ed
b) Prefer to cc a suitable mailing list as well
c) Ideally: find the original patch on the mailing list and do a
reply-to-all to that, adding suitable additional cc's
*** Remember to use Documentation/SubmitChecklist when testing your code ***
The -mm tree is included into linux-next and is updated
there every 3-4 working days
------------------------------------------------------
From: Mike Kravetz <mike.kravetz@xxxxxxxxxx>
Subject: fs/hugetlbfs/inode.c: fix bugs in hugetlb_vmtruncate_list()
Hillf Danton noticed bugs in hugetlb_vmtruncate_list(). The argument end
is of type pgoff_t. It was being converted to a vaddr offset and passed
to unmap_hugepage_range. However, end was also being used as an argument
to the vma_interval_tree_foreach controlling loop. In addition, the
conversion of end to vaddr offset was incorrect.
Fixes: 1bfad99ab (" hugetlbfs: hugetlb_vmtruncate_list() needs to take a range")Repored-by: Hillf Danton <hillf.zj@xxxxxxxxxxxxxxx>
Signed-off-by: Mike Kravetz <mike.kravetz@xxxxxxxxxx>
Cc: Hugh Dickins <hughd@xxxxxxxxxx>
Cc: Naoya Horiguchi <n-horiguchi@xxxxxxxxxxxxx>
Cc: Davidlohr Bueso <dave@xxxxxxxxxxxx>
Cc: Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx>
Cc: <stable@xxxxxxxxxxxxxxx> [4.3]
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---
fs/hugetlbfs/inode.c | 19 ++++++++++---------
1 file changed, 10 insertions(+), 9 deletions(-)
diff -puN fs/hugetlbfs/inode.c~mm-hugetlbfs-fix-bugs-in-hugetlb_vmtruncate_list fs/hugetlbfs/inode.c
--- a/fs/hugetlbfs/inode.c~mm-hugetlbfs-fix-bugs-in-hugetlb_vmtruncate_list
+++ a/fs/hugetlbfs/inode.c
@@ -461,8 +461,12 @@ hugetlb_vmdelete_list(struct rb_root *ro
* end == 0 indicates that the entire range after
* start should be unmapped.
*/
- vma_interval_tree_foreach(vma, root, start, end ? end : ULONG_MAX) {
+ if (!end)
+ end = ULONG_MAX;
+
+ vma_interval_tree_foreach(vma, root, start, end) {
unsigned long v_offset;
+ unsigned long v_end;
/*
* Can the expression below overflow on 32-bit arches?
@@ -475,15 +479,12 @@ hugetlb_vmdelete_list(struct rb_root *ro
else
v_offset = 0;
- if (end) {
- end = ((end - start) << PAGE_SHIFT) +
- vma->vm_start + v_offset;
- if (end > vma->vm_end)
- end = vma->vm_end;
- } else
- end = vma->vm_end;
+ v_end = (end - vma->vm_pgoff) << PAGE_SHIFT;
+ if (v_end > vma->vm_end)
+ v_end = vma->vm_end;
- unmap_hugepage_range(vma, vma->vm_start + v_offset, end, NULL);
+ unmap_hugepage_range(vma, vma->vm_start + v_offset, v_end,
+ NULL);
}
}
_
Patches currently in -mm which might be from mike.kravetz@xxxxxxxxxx are
mm-hugetlbfs-fix-bugs-in-hugetlb_vmtruncate_list.patch
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html