Revision 38e088546522e1e86d2b8f401a1354ad3a9b3303 authored by Lorenzo Stoakes on 11 September 2016, 22:54:25 UTC, committed by Linus Torvalds on 25 September 2016, 22:43:42 UTC
The NUMA balancing logic uses an arch-specific PROT_NONE page table flag defined by pte_protnone() or pmd_protnone() to mark PTEs or huge page PMDs respectively as requiring balancing upon a subsequent page fault. User-defined PROT_NONE memory regions which also have this flag set will not normally invoke the NUMA balancing code as do_page_fault() will send a segfault to the process before handle_mm_fault() is even called. However if access_remote_vm() is invoked to access a PROT_NONE region of memory, handle_mm_fault() is called via faultin_page() and __get_user_pages() without any access checks being performed, meaning the NUMA balancing logic is incorrectly invoked on a non-NUMA memory region. A simple means of triggering this problem is to access PROT_NONE mmap'd memory using /proc/self/mem which reliably results in the NUMA handling functions being invoked when CONFIG_NUMA_BALANCING is set. This issue was reported in bugzilla (issue 99101) which includes some simple repro code. There are BUG_ON() checks in do_numa_page() and do_huge_pmd_numa_page() added at commit c0e7cad to avoid accidentally provoking strange behaviour by attempting to apply NUMA balancing to pages that are in fact PROT_NONE. The BUG_ON()'s are consistently triggered by the repro. This patch moves the PROT_NONE check into mm/memory.c rather than invoking BUG_ON() as faulting in these pages via faultin_page() is a valid reason for reaching the NUMA check with the PROT_NONE page table flag set and is therefore not always a bug. Link: https://bugzilla.kernel.org/show_bug.cgi?id=99101 Reported-by: Trevor Saunders <tbsaunde@tbsaunde.org> Signed-off-by: Lorenzo Stoakes <lstoakes@gmail.com> Acked-by: Rik van Riel <riel@redhat.com> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: Mel Gorman <mgorman@techsingularity.net> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
1 parent 831e45d
File | Mode | Size |
---|---|---|
Kconfig | -rw-r--r-- | 1.3 KB |
Makefile | -rw-r--r-- | 285 bytes |
awacs.c | -rw-r--r-- | 31.8 KB |
awacs.h | -rw-r--r-- | 8.0 KB |
beep.c | -rw-r--r-- | 7.7 KB |
burgundy.c | -rw-r--r-- | 24.3 KB |
burgundy.h | -rw-r--r-- | 4.0 KB |
daca.c | -rw-r--r-- | 6.9 KB |
keywest.c | -rw-r--r-- | 4.3 KB |
pmac.c | -rw-r--r-- | 37.2 KB |
pmac.h | -rw-r--r-- | 5.1 KB |
powermac.c | -rw-r--r-- | 5.1 KB |
snd_ps3.c | -rw-r--r-- | 28.6 KB |
snd_ps3.h | -rw-r--r-- | 3.5 KB |
snd_ps3_reg.h | -rw-r--r-- | 33.2 KB |
tumbler.c | -rw-r--r-- | 38.3 KB |
tumbler_volume.h | -rw-r--r-- | 6.5 KB |
Computing file changes ...