From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.linuxfoundation.org ([140.211.169.12]:48945 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751074AbcBLVAz (ORCPT ); Fri, 12 Feb 2016 16:00:55 -0500 Subject: Patch "mm: hugetlb: call huge_pte_alloc() only if ptep is null" has been added to the 4.3-stable tree To: n-horiguchi@ah.jp.nec.com, akpm@linux-foundation.org, dave.hansen@intel.com, gregkh@linuxfoundation.org, hillf.zj@alibaba-inc.com, hughd@google.com, iamjoonsoo.kim@lge.com, mgorman@suse.de, mike.kravetz@oracle.com, rientjes@google.com, torvalds@linux-foundation.org Cc: , From: Date: Fri, 12 Feb 2016 13:00:54 -0800 Message-ID: <1455310854100192@kroah.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ANSI_X3.4-1968 Content-Transfer-Encoding: 8bit Sender: stable-owner@vger.kernel.org List-ID: This is a note to let you know that I've just added the patch titled mm: hugetlb: call huge_pte_alloc() only if ptep is null to the 4.3-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: mm-hugetlb-call-huge_pte_alloc-only-if-ptep-is-null.patch and it can be found in the queue-4.3 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let know about it. >>From 0d777df5d8953293be090d9ab5a355db893e8357 Mon Sep 17 00:00:00 2001 From: Naoya Horiguchi Date: Fri, 11 Dec 2015 13:40:49 -0800 Subject: mm: hugetlb: call huge_pte_alloc() only if ptep is null From: Naoya Horiguchi commit 0d777df5d8953293be090d9ab5a355db893e8357 upstream. Currently at the beginning of hugetlb_fault(), we call huge_pte_offset() and check whether the obtained *ptep is a migration/hwpoison entry or not. And if not, then we get to call huge_pte_alloc(). This is racy because the *ptep could turn into migration/hwpoison entry after the huge_pte_offset() check. This race results in BUG_ON in huge_pte_alloc(). We don't have to call huge_pte_alloc() when the huge_pte_offset() returns non-NULL, so let's fix this bug with moving the code into else block. Note that the *ptep could turn into a migration/hwpoison entry after this block, but that's not a problem because we have another !pte_present check later (we never go into hugetlb_no_page() in that case.) Fixes: 290408d4a250 ("hugetlb: hugepage migration core") Signed-off-by: Naoya Horiguchi Acked-by: Hillf Danton Acked-by: David Rientjes Cc: Hugh Dickins Cc: Dave Hansen Cc: Mel Gorman Cc: Joonsoo Kim Cc: Mike Kravetz Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman --- mm/hugetlb.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -3590,12 +3590,12 @@ int hugetlb_fault(struct mm_struct *mm, } else if (unlikely(is_hugetlb_entry_hwpoisoned(entry))) return VM_FAULT_HWPOISON_LARGE | VM_FAULT_SET_HINDEX(hstate_index(h)); + } else { + ptep = huge_pte_alloc(mm, address, huge_page_size(h)); + if (!ptep) + return VM_FAULT_OOM; } - ptep = huge_pte_alloc(mm, address, huge_page_size(h)); - if (!ptep) - return VM_FAULT_OOM; - mapping = vma->vm_file->f_mapping; idx = vma_hugecache_offset(h, vma, address); Patches currently in stable-queue which might be from n-horiguchi@ah.jp.nec.com are queue-4.3/mm-hugetlb-call-huge_pte_alloc-only-if-ptep-is-null.patch queue-4.3/mm-hugetlbfs-fix-bugs-in-fallocate-hole-punch-of-areas-with-holes.patch queue-4.3/mm-hugetlb-fix-hugepage-memory-leak-caused-by-wrong-reserve-count.patch