[3.13.y.z extended stable] Patch "mm: add !pte_present() check on existing hugetlb_entry callbacks" has been added to staging queue

Kamal Mostafa kamal at canonical.com
Tue Jun 17 21:42:51 UTC 2014 

This is a note to let you know that I have just added a patch titled

    mm: add !pte_present() check on existing hugetlb_entry callbacks

to the linux-3.13.y-queue branch of the 3.13.y.z extended stable tree 
which can be found at:

 http://kernel.ubuntu.com/git?p=ubuntu/linux.git;a=shortlog;h=refs/heads/linux-3.13.y-queue

This patch is scheduled to be released in version 3.13.11.4.

If you, or anyone else, feels it should not be added to this tree, please 
reply to this email.

For more information about the 3.13.y.z tree, see
https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable

Thanks.
-Kamal

------

>From 28f3b5f1cb3435a3222b470c4e61549efbe8c313 Mon Sep 17 00:00:00 2001
From: Naoya Horiguchi <n-horiguchi at ah.jp.nec.com>
Date: Fri, 6 Jun 2014 10:00:01 -0400
Subject: mm: add !pte_present() check on existing hugetlb_entry callbacks

commit d4c54919ed86302094c0ca7d48a8cbd4ee753e92 upstream.

The age table walker doesn't check non-present hugetlb entry in common
path, so hugetlb_entry() callbacks must check it.  The reason for this
behavior is that some callers want to handle it in its own way.

[ I think that reason is bogus, btw - it should just do what the regular
  code does, which is to call the "pte_hole()" function for such hugetlb
  entries  - Linus]

However, some callers don't check it now, which causes unpredictable
result, for example when we have a race between migrating hugepage and
reading /proc/pid/numa_maps.  This patch fixes it by adding !pte_present
checks on buggy callbacks.

This bug exists for years and got visible by introducing hugepage
migration.

ChangeLog v2:
- fix if condition (check !pte_present() instead of pte_present())

Reported-by: Sasha Levin <sasha.levin at oracle.com>
Signed-off-by: Naoya Horiguchi <n-horiguchi at ah.jp.nec.com>
Cc: Rik van Riel <riel at redhat.com>
Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
[ Backported to 3.15.  Signed-off-by: Josh Boyer <jwboyer at fedoraproject.org> ]
Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
Signed-off-by: Kamal Mostafa <kamal at canonical.com>
---
 fs/proc/task_mmu.c | 2 +-
 mm/mempolicy.c     | 6 +++++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c
index fb52b54..8f78819 100644
--- a/fs/proc/task_mmu.c
+++ b/fs/proc/task_mmu.c
@@ -1350,7 +1350,7 @@ static int gather_hugetbl_stats(pte_t *pte, unsigned long hmask,
 	struct numa_maps *md;
 	struct page *page;

-	if (pte_none(*pte))
+	if (!pte_present(*pte))
 		return 0;

 	page = pte_page(*pte);
diff --git a/mm/mempolicy.c b/mm/mempolicy.c
index cb2f3dd..e980746 100644
--- a/mm/mempolicy.c
+++ b/mm/mempolicy.c
@@ -526,9 +526,13 @@ static void queue_pages_hugetlb_pmd_range(struct vm_area_struct *vma,
 	int nid;
 	struct page *page;
 	spinlock_t *ptl;
+	pte_t entry;

 	ptl = huge_pte_lock(hstate_vma(vma), vma->vm_mm, (pte_t *)pmd);
-	page = pte_page(huge_ptep_get((pte_t *)pmd));
+	entry = huge_ptep_get((pte_t *)pmd);
+	if (!pte_present(entry))
+		goto unlock;
+	page = pte_page(entry);
 	nid = page_to_nid(page);
 	if (node_isset(nid, *nodes) == !!(flags & MPOL_MF_INVERT))
 		goto unlock;
--
1.9.1

More information about the kernel-team mailing list