• Hugh Dickins's avatar
    mm: delete historical BUG from zap_pmd_range() · 53406ed1
    Hugh Dickins authored
    Delete the old VM_BUG_ON_VMA() from zap_pmd_range(), which asserted
    that mmap_sem must be held when splitting an "anonymous" vma there.
    Whether that's still strictly true nowadays is not entirely clear,
    but the danger of sometimes crashing on the BUG is now fairly clear.
    
    Even with the new stricter rules for anonymous vma marking, the
    condition it checks for can possible trigger. Commit 44960f2a
    ("staging: ashmem: Fix SIGBUS crash when traversing mmaped ashmem
    pages") is good, and originally I thought it was safe from that
    VM_BUG_ON_VMA(), because the /dev/ashmem fd exposed to the user is
    disconnected from the vm_file in the vma, and madvise(,,MADV_REMOVE)
    insists on VM_SHARED.
    
    But after I read John's earlier mail, drawing attention to the
    vfs_fallocate() in there: I may be wrong, and I don't know if Android
    has THP in the config anyway, but it looks to me like an
    unmap_mapping_range() from ashmem's vfs_fallocate() could hit precisely
    the VM_BUG_ON_VMA(), once it's vma_is_anonymous().
    Signed-off-by: default avatarHugh Dickins <hughd@google.com>
    Cc: John Stultz <john.stultz@linaro.org>
    Cc: Kirill Shutemov <kirill.shutemov@linux.intel.com>
    Cc: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    53406ed1
memory.c 127 KB