]> www.infradead.org Git - users/jedix/linux-maple.git/commit
projects / users / jedix / linux-maple.git / commit
summary | shortlog | log | commit | commitdiff | tree
(parent: 5b2553d) | patch
fs/hugetlbfs/inode.c: fix bugs in hugetlb_vmtruncate_list()
authorMike Kravetz <mike.kravetz@oracle.com>
Wed, 13 Jan 2016 05:16:24 +0000 (16:16 +1100)
committerChuck Anderson <chuck.anderson@oracle.com>
Thu, 4 Feb 2016 23:05:16 +0000 (15:05 -0800)
commit6045c5255932422522087450317a9dbbd1be9865
tree856bfa06d5176dc747cdbd1483bdebb909e44d49tree
parent5b2553d92af8128bc5dd21d7a978727c149e5f00commit | diff
fs/hugetlbfs/inode.c: fix bugs in hugetlb_vmtruncate_list()

Orabug: 22514912

Hillf Danton noticed bugs in the hugetlb_vmtruncate_list routine.  The
argument end is of type pgoff_t.  It was being converted to a vaddr offset
and passed to unmap_hugepage_range.  However, end was also being used as
an argument to the vma_interval_tree_foreach controlling loop.  In
addition, the conversion of end to vaddr offset was incorrect.

hugetlb_vmtruncate_list is called as part of a file truncate or fallocate
hole punch operation.

When truncating a hugetlbfs file, this bug could prevent some pages from
being unmapped.  This is possible if there are multiple vmas mapping the
file, and there is a sufficiently sized hole between the mappings.  The
size of the hole between two vmas (A,B) must be such that the starting
virtual address of B is greater than (ending virtual address of A <<
PAGE_SHIFT).  In this case, the pages in B would not be unmapped.  If
pages are not properly unmapped during truncate, the following BUG is hit:

kernel BUG at fs/hugetlbfs/inode.c:428!

In the fallocate hole punch case, this bug could prevent pages from being
unmapped as in the truncate case.  However, for hole punch the result is
that unmapped pages will not be removed during the operation.  For hole
punch, it is also possible that more pages than desired will be unmapped.
This unnecessary unmapping will cause page faults to reestablish the
mappings on subsequent page access.

Fixes: 1bfad99ab (" hugetlbfs: hugetlb_vmtruncate_list() needs to take a range")Reported-by: Hillf Danton <hillf.zj@alibaba-inc.com>
Signed-off-by: Mike Kravetz <mike.kravetz@oracle.com>
Cc: Hugh Dickins <hughd@google.com>
Cc: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com>
Cc: Davidlohr Bueso <dave@stgolabs.net>
Cc: Dave Hansen <dave.hansen@linux.intel.com>
Cc: <stable@vger.kernel.org> [4.3]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
(cherry picked from commit 29bfa18ca579419db54d93250c199bcb54d80047)
Signed-off-by: Mike Kravetz <mike.kravetz@oracle.com>
fs/hugetlbfs/inode.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.