Revision 0d777df5d8953293be090d9ab5a355db893e8357 authored by Naoya Horiguchi on 11 December 2015, 21:40:49 UTC, committed by Linus Torvalds on 12 December 2015, 18:15:34 UTC
Currently at the beginning of hugetlb_fault(), we call huge_pte_offset() and check whether the obtained *ptep is a migration/hwpoison entry or not. And if not, then we get to call huge_pte_alloc(). This is racy because the *ptep could turn into migration/hwpoison entry after the huge_pte_offset() check. This race results in BUG_ON in huge_pte_alloc(). We don't have to call huge_pte_alloc() when the huge_pte_offset() returns non-NULL, so let's fix this bug with moving the code into else block. Note that the *ptep could turn into a migration/hwpoison entry after this block, but that's not a problem because we have another !pte_present check later (we never go into hugetlb_no_page() in that case.) Fixes: 290408d4a250 ("hugetlb: hugepage migration core") Signed-off-by: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com> Acked-by: Hillf Danton <hillf.zj@alibaba-inc.com> Acked-by: David Rientjes <rientjes@google.com> Cc: Hugh Dickins <hughd@google.com> Cc: Dave Hansen <dave.hansen@intel.com> Cc: Mel Gorman <mgorman@suse.de> Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com> Cc: Mike Kravetz <mike.kravetz@oracle.com> Cc: <stable@vger.kernel.org> [2.6.36+] Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
1 parent 86fffe4
File | Mode | Size |
---|---|---|
bpf | ||
configs | ||
debug | ||
events | ||
gcov | ||
irq | ||
livepatch | ||
locking | ||
power | ||
printk | ||
rcu | ||
sched | ||
time | ||
trace | ||
.gitignore | -rw-r--r-- | 69 bytes |
Kconfig.freezer | -rw-r--r-- | 52 bytes |
Kconfig.hz | -rw-r--r-- | 1.6 KB |
Kconfig.locks | -rw-r--r-- | 4.8 KB |
Kconfig.preempt | -rw-r--r-- | 2.1 KB |
Makefile | -rw-r--r-- | 3.8 KB |
acct.c | -rw-r--r-- | 15.4 KB |
async.c | -rw-r--r-- | 9.9 KB |
audit.c | -rw-r--r-- | 53.2 KB |
audit.h | -rw-r--r-- | 10.9 KB |
audit_fsnotify.c | -rw-r--r-- | 6.1 KB |
audit_tree.c | -rw-r--r-- | 22.7 KB |
audit_watch.c | -rw-r--r-- | 14.4 KB |
auditfilter.c | -rw-r--r-- | 34.7 KB |
auditsc.c | -rw-r--r-- | 64.0 KB |
backtracetest.c | -rw-r--r-- | 2.1 KB |
bounds.c | -rw-r--r-- | 703 bytes |
capability.c | -rw-r--r-- | 12.1 KB |
cgroup.c | -rw-r--r-- | 161.1 KB |
cgroup_freezer.c | -rw-r--r-- | 12.4 KB |
cgroup_pids.c | -rw-r--r-- | 8.1 KB |
compat.c | -rw-r--r-- | 29.5 KB |
configs.c | -rw-r--r-- | 2.8 KB |
context_tracking.c | -rw-r--r-- | 6.3 KB |
cpu.c | -rw-r--r-- | 20.1 KB |
cpu_pm.c | -rw-r--r-- | 6.5 KB |
cpuset.c | -rw-r--r-- | 75.4 KB |
crash_dump.c | -rw-r--r-- | 1.3 KB |
cred.c | -rw-r--r-- | 21.4 KB |
delayacct.c | -rw-r--r-- | 4.5 KB |
dma.c | -rw-r--r-- | 3.6 KB |
elfcore.c | -rw-r--r-- | 396 bytes |
exec_domain.c | -rw-r--r-- | 1.4 KB |
exit.c | -rw-r--r-- | 41.6 KB |
extable.c | -rw-r--r-- | 4.0 KB |
fork.c | -rw-r--r-- | 50.7 KB |
freezer.c | -rw-r--r-- | 4.4 KB |
futex.c | -rw-r--r-- | 84.6 KB |
futex_compat.c | -rw-r--r-- | 4.5 KB |
groups.c | -rw-r--r-- | 5.9 KB |
hung_task.c | -rw-r--r-- | 5.7 KB |
irq_work.c | -rw-r--r-- | 4.4 KB |
jump_label.c | -rw-r--r-- | 12.5 KB |
kallsyms.c | -rw-r--r-- | 14.9 KB |
kcmp.c | -rw-r--r-- | 4.3 KB |
kexec.c | -rw-r--r-- | 6.6 KB |
kexec_core.c | -rw-r--r-- | 38.0 KB |
kexec_file.c | -rw-r--r-- | 25.0 KB |
kexec_internal.h | -rw-r--r-- | 789 bytes |
kmod.c | -rw-r--r-- | 19.1 KB |
kprobes.c | -rw-r--r-- | 60.7 KB |
ksysfs.c | -rw-r--r-- | 5.6 KB |
kthread.c | -rw-r--r-- | 19.2 KB |
latencytop.c | -rw-r--r-- | 7.6 KB |
membarrier.c | -rw-r--r-- | 2.4 KB |
memremap.c | -rw-r--r-- | 5.4 KB |
module-internal.h | -rw-r--r-- | 458 bytes |
module.c | -rw-r--r-- | 102.3 KB |
module_signing.c | -rw-r--r-- | 2.0 KB |
notifier.c | -rw-r--r-- | 16.3 KB |
nsproxy.c | -rw-r--r-- | 6.0 KB |
padata.c | -rw-r--r-- | 26.8 KB |
panic.c | -rw-r--r-- | 13.0 KB |
params.c | -rw-r--r-- | 24.1 KB |
pid.c | -rw-r--r-- | 15.0 KB |
pid_namespace.c | -rw-r--r-- | 10.0 KB |
profile.c | -rw-r--r-- | 16.1 KB |
ptrace.c | -rw-r--r-- | 30.6 KB |
range.c | -rw-r--r-- | 3.0 KB |
reboot.c | -rw-r--r-- | 13.3 KB |
relay.c | -rw-r--r-- | 32.5 KB |
resource.c | -rw-r--r-- | 37.0 KB |
seccomp.c | -rw-r--r-- | 24.7 KB |
signal.c | -rw-r--r-- | 93.9 KB |
smp.c | -rw-r--r-- | 19.9 KB |
smpboot.c | -rw-r--r-- | 13.1 KB |
smpboot.h | -rw-r--r-- | 564 bytes |
softirq.c | -rw-r--r-- | 18.9 KB |
stacktrace.c | -rw-r--r-- | 1.7 KB |
stop_machine.c | -rw-r--r-- | 16.6 KB |
sys.c | -rw-r--r-- | 57.5 KB |
sys_ni.c | -rw-r--r-- | 7.0 KB |
sysctl.c | -rw-r--r-- | 64.3 KB |
sysctl_binary.c | -rw-r--r-- | 51.0 KB |
task_work.c | -rw-r--r-- | 3.2 KB |
taskstats.c | -rw-r--r-- | 16.1 KB |
test_kprobes.c | -rw-r--r-- | 7.4 KB |
torture.c | -rw-r--r-- | 19.9 KB |
tracepoint.c | -rw-r--r-- | 14.5 KB |
tsacct.c | -rw-r--r-- | 4.9 KB |
uid16.c | -rw-r--r-- | 5.0 KB |
up.c | -rw-r--r-- | 1.7 KB |
user-return-notifier.c | -rw-r--r-- | 1.3 KB |
user.c | -rw-r--r-- | 5.4 KB |
user_namespace.c | -rw-r--r-- | 25.6 KB |
utsname.c | -rw-r--r-- | 3.0 KB |
utsname_sysctl.c | -rw-r--r-- | 3.0 KB |
watchdog.c | -rw-r--r-- | 29.0 KB |
workqueue.c | -rw-r--r-- | 145.3 KB |
workqueue_internal.h | -rw-r--r-- | 2.2 KB |
Computing file changes ...