[PATCH] /dev/zero vs hugetlb mappings.

Hugetlbfs mmap with MAP_PRIVATE becomes MAP_SHARED silently, but vma->vm_flags have no VM_SHARED bit. Reading from /dev/zero into hugetlb area will do: read_zero() read_zero_pagealigned() if (vma->vm_flags & VM_SHARED) break; // fallback to clear_user() zap_page_range(); zeromap_page_range(); It will hit BUG_ON() in unmap_hugepage_range() if region is not huge page aligned, or silently convert it into the private anonymous mapping. Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>

[PATCH] /dev/zero vs hugetlb mappings.
Hugetlbfs mmap with MAP_PRIVATE becomes MAP_SHARED silently, but vma->vm_flags have no VM_SHARED bit. Reading from /dev/zero into hugetlb area will do: read_zero() read_zero_pagealigned() if (vma->vm_flags & VM_SHARED) break; // fallback to clear_user() zap_page_range(); zeromap_page_range(); It will hit BUG_ON() in unmap_hugepage_range() if region is not huge page aligned, or silently convert it into the private anonymous mapping. Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
ec081b11 · Oleg Nesterov · Linus Torvalds · 82b11318 · ec081b11
Commit ec081b11 authored Aug 30, 2004 by Oleg Nesterov Committed by Linus Torvalds Aug 30, 2004
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

drivers/char/mem.c drivers/char/mem.c +1 -1

No files found.
--- a/drivers/char/mem.c
+++ b/drivers/char/mem.c
@@ -416,7 +416,7 @@ static inline size_t read_zero_pagealigned(char __user * buf, size_t size)

 		if (vma->vm_start > addr || (vma->vm_flags & VM_WRITE) == 0)
 			goto out_up;
-		if (vma->vm_flags & VM_SHARED)
+		if (vma->vm_flags & (VM_SHARED | VM_HUGETLB))
 			break;
 		count = vma->vm_end - addr;
 		if (count > size)