• Naoya Horiguchi's avatar
    mm/hugetlb: pmd_huge() returns true for non-present hugepage · 3794391f
    Naoya Horiguchi authored
    commit cbef8478 upstream.
    
    Migrating hugepages and hwpoisoned hugepages are considered as non-present
    hugepages, and they are referenced via migration entries and hwpoison
    entries in their page table slots.
    
    This behavior causes race condition because pmd_huge() doesn't tell
    non-huge pages from migrating/hwpoisoned hugepages.  follow_page_mask() is
    one example where the kernel would call follow_page_pte() for such
    hugepage while this function is supposed to handle only normal pages.
    
    To avoid this, this patch makes pmd_huge() return true when pmd_none() is
    true *and* pmd_present() is false.  We don't have to worry about mixing up
    non-present pmd entry with normal pmd (pointing to leaf level pte entry)
    because pmd_present() is true in normal pmd.
    
    The same race condition could happen in (x86-specific) gup_pmd_range(),
    where this patch simply adds pmd_present() check instead of pmd_huge().
    This is because gup_pmd_range() is fast path.  If we have non-present
    hugepage in this function, we will go into gup_huge_pmd(), then return 0
    at flag mask check, and finally fall back to the slow path.
    
    Fixes: 290408d4 ("hugetlb: hugepage migration core")
    Signed-off-by: default avatarNaoya Horiguchi <n-horiguchi@ah.jp.nec.com>
    Cc: Hugh Dickins <hughd@google.com>
    Cc: James Hogan <james.hogan@imgtec.com>
    Cc: David Rientjes <rientjes@google.com>
    Cc: Mel Gorman <mel@csn.ul.ie>
    Cc: Johannes Weiner <hannes@cmpxchg.org>
    Cc: Michal Hocko <mhocko@suse.cz>
    Cc: Rik van Riel <riel@redhat.com>
    Cc: Andrea Arcangeli <aarcange@redhat.com>
    Cc: Luiz Capitulino <lcapitulino@redhat.com>
    Cc: Nishanth Aravamudan <nacc@linux.vnet.ibm.com>
    Cc: Lee Schermerhorn <lee.schermerhorn@hp.com>
    Cc: Steve Capper <steve.capper@linaro.org>
    Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
    Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: default avatarLuis Henriques <luis.henriques@canonical.com>
    Signed-off-by: default avatarKamal Mostafa <kamal@canonical.com>
    3794391f
gup.c 10.5 KB