diff for duplicates of <52439258.3010904@oracle.com> diff --git a/a/1.txt b/N1/1.txt index e59b8c3..8bf166c 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -32,7 +32,7 @@ On 09/26/2013 08:40 AM, Fengguang Wu wrote: > memory area with THP disabled. > > Signed-off-by: Vlastimil Babka <vbabka@suse.cz> -> Cc: Jorn Engel <joern@logfs.org> +> Cc: Jörn Engel <joern@logfs.org> > Cc: Mel Gorman <mgorman@suse.de> > Cc: Michel Lespinasse <walken@google.com> > Cc: Hugh Dickins <hughd@google.com> diff --git a/a/2.txt b/N1/2.txt index 8b13789..5412b6a 100644 --- a/a/2.txt +++ b/N1/2.txt @@ -1 +1,59 @@ +>From aef673d802a92aef8dc082c244fef51ae9c4a13c Mon Sep 17 00:00:00 2001 +From: Bob Liu <bob.liu@oracle.com> +Date: Thu, 26 Sep 2013 09:41:27 +0800 +Subject: [PATCH v2] mm: munlock: Prevent walking off the end of a pagetable in + no-pmd configuration +The function __munlock_pagevec_fill() introduced in commit 7a8010cd3 +("mm: munlock: manual pte walk in fast path instead of follow_page_mask()") +uses pmd_addr_end() for restricting its operation within current page table. +This is insufficient on architectures/configurations where pmd is folded +and pmd_addr_end() just returns the end of the full range to be walked. In +this case, it allows pte++ to walk off the end of a page table resulting in +unpredictable behaviour. + +This patch fixes the function by using pgd_addr_end() and pud_addr_end() +before pmd_addr_end(), which will yield correct page table boundary on all +configurations. This is similar to what existing page walkers do when walking +each level of the page table. + +Additionaly, the patch clarifies a comment for get_locked_pte() call in the +function. + +v2: walk page table after start += PAGESIZE + +Reported-by: Fengguang Wu <fengguang.wu@intel.com> +Signed-off-by: Vlastimil Babka <vbabka@suse.cz> +Signed-off-by: Bob Liu <bob.liu@oracle.com> +--- + mm/mlock.c | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +diff --git a/mm/mlock.c b/mm/mlock.c +index d638026..a91114a 100644 +--- a/mm/mlock.c ++++ b/mm/mlock.c +@@ -379,13 +379,19 @@ static unsigned long __munlock_pagevec_fill(struct pagevec *pvec, + + /* + * Initialize pte walk starting at the already pinned page where we +- * are sure that there is a pte. ++ * are sure that there is a pte, as it was pinned under the same ++ * mmap_sem write op. + */ + pte = get_locked_pte(vma->vm_mm, start, &ptl); +- end = min(end, pmd_addr_end(start, end)); + + /* The page next to the pinned page is the first we will try to get */ + start += PAGE_SIZE; ++ ++ /* Make sure we do not cross the page table boundary */ ++ end = pgd_addr_end(start, end); ++ end = pud_addr_end(start, end); ++ end = pmd_addr_end(start, end); ++ + while (start < end) { + struct page *page = NULL; + pte++; +-- +1.7.10.4 diff --git a/a/content_digest b/N1/content_digest index 5272126..5488a9b 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -42,7 +42,7 @@ "> memory area with THP disabled.\n" "> \n" "> Signed-off-by: Vlastimil Babka <vbabka@suse.cz>\n" - "> Cc: Jorn Engel <joern@logfs.org>\n" + "> Cc: J\303\266rn Engel <joern@logfs.org>\n" "> Cc: Mel Gorman <mgorman@suse.de>\n" "> Cc: Michel Lespinasse <walken@google.com>\n" "> Cc: Hugh Dickins <hughd@google.com>\n" @@ -106,5 +106,64 @@ "\01:2\0" "fn\00001-mm-munlock-Prevent-walking-off-the-end-of-a-pagetabl.patch\0" "b\0" + ">From aef673d802a92aef8dc082c244fef51ae9c4a13c Mon Sep 17 00:00:00 2001\n" + "From: Bob Liu <bob.liu@oracle.com>\n" + "Date: Thu, 26 Sep 2013 09:41:27 +0800\n" + "Subject: [PATCH v2] mm: munlock: Prevent walking off the end of a pagetable in\n" + " no-pmd configuration\n" + "\n" + "The function __munlock_pagevec_fill() introduced in commit 7a8010cd3\n" + "(\"mm: munlock: manual pte walk in fast path instead of follow_page_mask()\")\n" + "uses pmd_addr_end() for restricting its operation within current page table.\n" + "This is insufficient on architectures/configurations where pmd is folded\n" + "and pmd_addr_end() just returns the end of the full range to be walked. In\n" + "this case, it allows pte++ to walk off the end of a page table resulting in\n" + "unpredictable behaviour.\n" + "\n" + "This patch fixes the function by using pgd_addr_end() and pud_addr_end()\n" + "before pmd_addr_end(), which will yield correct page table boundary on all\n" + "configurations. This is similar to what existing page walkers do when walking\n" + "each level of the page table.\n" + "\n" + "Additionaly, the patch clarifies a comment for get_locked_pte() call in the\n" + "function.\n" + "\n" + "v2: walk page table after start += PAGESIZE\n" + "\n" + "Reported-by: Fengguang Wu <fengguang.wu@intel.com>\n" + "Signed-off-by: Vlastimil Babka <vbabka@suse.cz>\n" + "Signed-off-by: Bob Liu <bob.liu@oracle.com>\n" + "---\n" + " mm/mlock.c | 10 ++++++++--\n" + " 1 file changed, 8 insertions(+), 2 deletions(-)\n" + "\n" + "diff --git a/mm/mlock.c b/mm/mlock.c\n" + "index d638026..a91114a 100644\n" + "--- a/mm/mlock.c\n" + "+++ b/mm/mlock.c\n" + "@@ -379,13 +379,19 @@ static unsigned long __munlock_pagevec_fill(struct pagevec *pvec,\n" + " \n" + " \t/*\n" + " \t * Initialize pte walk starting at the already pinned page where we\n" + "-\t * are sure that there is a pte.\n" + "+\t * are sure that there is a pte, as it was pinned under the same\n" + "+\t * mmap_sem write op.\n" + " \t */\n" + " \tpte = get_locked_pte(vma->vm_mm, start,\t&ptl);\n" + "-\tend = min(end, pmd_addr_end(start, end));\n" + " \n" + " \t/* The page next to the pinned page is the first we will try to get */\n" + " \tstart += PAGE_SIZE;\n" + "+\n" + "+\t/* Make sure we do not cross the page table boundary */\n" + "+\tend = pgd_addr_end(start, end);\n" + "+\tend = pud_addr_end(start, end);\n" + "+\tend = pmd_addr_end(start, end);\n" + "+\n" + " \twhile (start < end) {\n" + " \t\tstruct page *page = NULL;\n" + " \t\tpte++;\n" + "-- \n" + 1.7.10.4 -f9198c84dd7b7c917f6ffdfb7e4644d1fe43c60c02637ef980be476442ca8279 +d7f68b010a8987bf4aa984f41f39b57f0e21bb57ddc7c017a83189ba191bf9da
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.