From: Mike Kravetz <mike.kravetz@oracle.com>
Date: Wed, 2 Jun 2021 03:52:43 +0000 (+1000)
Subject: mm: hugetlb: fix dissolve_free_huge_page use of tail/head page
X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=318998c0502274c92501fb0a4db2751a5d131a07;p=users%2Fjedix%2Flinux-maple.git

mm: hugetlb: fix dissolve_free_huge_page use of tail/head page

The routine dissolve_free_huge_page can be passed the tail page of a
hugetlb page.  The tail page is incorrectly passed on to the routines
alloc_huge_page_vmemmap and add_hugetlb_page which expect a hugetlb head
page.

Operating on a tail page instead of head page could result in addressing
exceptions or vmemmap corruption.

Link: https://lkml.kernel.org/r/20210527231225.226987-1-mike.kravetz@oracle.com
Signed-off-by: Mike Kravetz <mike.kravetz@oracle.com>
Reviewed-by: Muchun Song <songmuchun@bytedance.com>
Reviewed-by: Oscar Salvador <osalvador@suse.de>
Acked-by: Michal Hocko <mhocko@suse.com>
Cc: David Hildenbrand <david@redhat.com>
Cc: Naoya Horiguchi <naoya.horiguchi@nec.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au>
---

diff --git a/mm/hugetlb.c b/mm/hugetlb.c
index 7d64000ec7849..fffa8c3334a13 100644
--- a/mm/hugetlb.c
+++ b/mm/hugetlb.c
@@ -1915,7 +1915,7 @@ retry:
 		 * Attempt to allocate vmemmmap here so that we can take
 		 * appropriate action on failure.
 		 */
-		rc = alloc_huge_page_vmemmap(h, page);
+		rc = alloc_huge_page_vmemmap(h, head);
 		if (!rc) {
 			/*
 			 * Move PageHWPoison flag from head page to the raw
@@ -1929,7 +1929,7 @@ retry:
 			update_and_free_page(h, head, false);
 		} else {
 			spin_lock_irq(&hugetlb_lock);
-			add_hugetlb_page(h, page, false);
+			add_hugetlb_page(h, head, false);
 			h->max_huge_pages++;
 			spin_unlock_irq(&hugetlb_lock);
 		}