From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Hugh Dickins <hughd@google.com>,
Andrew Morton <akpm@linux-foundation.org>,
Andrea Arcangeli <aarcange@redhat.com>,
Song Liu <songliubraving@fb.com>,
Mike Kravetz <mike.kravetz@oracle.com>,
"Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
Linus Torvalds <torvalds@linux-foundation.org>,
Sasha Levin <sashal@kernel.org>
Subject: [PATCH 4.4 07/33] khugepaged: khugepaged_test_exit() check mmget_still_valid()
Date: Mon, 24 Aug 2020 10:31:03 +0200 [thread overview]
Message-ID: <20200824082346.885173926@linuxfoundation.org> (raw)
In-Reply-To: <20200824082346.498653578@linuxfoundation.org>
From: Hugh Dickins <hughd@google.com>
[ Upstream commit bbe98f9cadff58cdd6a4acaeba0efa8565dabe65 ]
Move collapse_huge_page()'s mmget_still_valid() check into
khugepaged_test_exit() itself. collapse_huge_page() is used for anon THP
only, and earned its mmget_still_valid() check because it inserts a huge
pmd entry in place of the page table's pmd entry; whereas
collapse_file()'s retract_page_tables() or collapse_pte_mapped_thp()
merely clears the page table's pmd entry. But core dumping without mmap
lock must have been as open to mistaking a racily cleared pmd entry for a
page table at physical page 0, as exit_mmap() was. And we certainly have
no interest in mapping as a THP once dumping core.
Fixes: 59ea6d06cfa9 ("coredump: fix race condition between collapse_huge_page() and core dumping")
Signed-off-by: Hugh Dickins <hughd@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: Song Liu <songliubraving@fb.com>
Cc: Mike Kravetz <mike.kravetz@oracle.com>
Cc: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Cc: <stable@vger.kernel.org> [4.8+]
Link: http://lkml.kernel.org/r/alpine.LSU.2.11.2008021217020.27773@eggly.anvils
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
mm/huge_memory.c | 5 +----
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/mm/huge_memory.c b/mm/huge_memory.c
index c5628ebc0fc29..1c4d7d2f53d22 100644
--- a/mm/huge_memory.c
+++ b/mm/huge_memory.c
@@ -2136,7 +2136,7 @@ static void insert_to_mm_slots_hash(struct mm_struct *mm,
static inline int khugepaged_test_exit(struct mm_struct *mm)
{
- return atomic_read(&mm->mm_users) == 0;
+ return atomic_read(&mm->mm_users) == 0 || !mmget_still_valid(mm);
}
int __khugepaged_enter(struct mm_struct *mm)
@@ -2587,9 +2587,6 @@ static void collapse_huge_page(struct mm_struct *mm,
* handled by the anon_vma lock + PG_lock.
*/
down_write(&mm->mmap_sem);
- result = SCAN_ANY_PROCESS;
- if (!mmget_still_valid(mm))
- goto out;
if (unlikely(khugepaged_test_exit(mm)))
goto out;
--
2.25.1
next prev parent reply other threads:[~2020-08-24 9:32 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-08-24 8:30 [PATCH 4.4 00/33] 4.4.234-rc1 review Greg Kroah-Hartman
2020-08-24 8:30 ` [PATCH 4.4 01/33] drm/imx: imx-ldb: Disable both channels for split mode in enc->disable() Greg Kroah-Hartman
2020-08-24 8:30 ` [PATCH 4.4 02/33] perf probe: Fix memory leakage when the probe point is not found Greg Kroah-Hartman
2020-08-24 8:30 ` [PATCH 4.4 03/33] net/compat: Add missing sock updates for SCM_RIGHTS Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.4 04/33] watchdog: f71808e_wdt: indicate WDIOF_CARDRESET support in watchdog_info.options Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.4 05/33] watchdog: f71808e_wdt: remove use of wrong watchdog_info option Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.4 06/33] coredump: fix race condition between collapse_huge_page() and core dumping Greg Kroah-Hartman
2020-08-24 8:31 ` Greg Kroah-Hartman [this message]
2020-08-24 8:31 ` [PATCH 4.4 08/33] khugepaged: adjust VM_BUG_ON_MM() in __khugepaged_enter() Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.4 09/33] btrfs: export helpers for subvolume name/id resolution Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.4 10/33] btrfs: dont show full path of bind mounts in subvol= Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.4 11/33] romfs: fix uninitialized memory leak in romfs_dev_read() Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.4 12/33] mm: include CMA pages in lowmem_reserve at boot Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.4 13/33] mm, page_alloc: fix core hung in free_pcppages_bulk() Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.4 14/33] ext4: clean up ext4_match() and callers Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.4 15/33] ext4: fix checking of directory entry validity for inline directories Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.4 16/33] media: budget-core: Improve exception handling in budget_register() Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.4 17/33] media: vpss: clean up resources in init Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.4 18/33] Input: psmouse - add a newline when printing proto by sysfs Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.4 19/33] m68knommu: fix overwriting of bits in ColdFire V3 cache control Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.4 20/33] xfs: fix inode quota reservation checks Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.4 21/33] jffs2: fix UAF problem Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.4 22/33] scsi: libfc: Free skb in fc_disc_gpn_id_resp() for valid cases Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.4 23/33] virtio_ring: Avoid loop when vq is broken in virtqueue_poll Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.4 24/33] xfs: Fix UBSAN null-ptr-deref in xfs_sysfs_init Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.4 25/33] alpha: fix annotation of io{read,write}{16,32}be() Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.4 26/33] ext4: fix potential negative array index in do_split() Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.4 27/33] ASoC: intel: Fix memleak in sst_media_open Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.4 28/33] powerpc: Allow 4224 bytes of stack expansion for the signal frame Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.4 29/33] epoll: Keep a reference on files added to the check list Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.4 30/33] do_epoll_ctl(): clean the failure exits up a bit Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.4 31/33] mm/hugetlb: fix calculation of adjust_range_if_pmd_sharing_possible Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.4 32/33] xen: dont reschedule in preemption off sections Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.4 33/33] omapfb: dss: Fix max fclk divider for omap36xx Greg Kroah-Hartman
2020-08-24 10:16 ` [PATCH 4.4 00/33] 4.4.234-rc1 review Jon Hunter
2020-08-26 8:09 ` Pavel Machek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200824082346.885173926@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=aarcange@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=hughd@google.com \
--cc=kirill.shutemov@linux.intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mike.kravetz@oracle.com \
--cc=sashal@kernel.org \
--cc=songliubraving@fb.com \
--cc=stable@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.