tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

[PATCH] hugetlb: move stale pte check into huge_pte_alloc()

Initial Post (Wed, 17 Aug 2005)

This patch moves the
if (! pte_none(*pte))
hugetlb_clean_stale_pgtable(pte);
logic into huge_pte_alloc() so all of its callers can be immune to the bug
described by Kenneth Chen at http://lkml.org/lkml/2004/6/16/246

> It turns out there is a bug in hugetlb_prefault(): with 3 level page table,
> huge_pte_alloc() might return a pmd that points to a PTE page. It happens
> if the virtual address for hugetlb mmap is recycled from previously used
> normal page mmap. free_pgtables() might not scrub the pmd entry on
> munmap and hugetlb_prefault skips on any pmd presence regardless what type
> it is.

Unless I am missing something, it seems more correct to place the check inside
huge_pte_alloc() to prevent a the same bug wherever a huge pte is allocated.
It also allows checking for this condition when lazily faulting huge pages
later in the series.

Signed-off-by: Adam Litke <agl@us.ibm.com>
Cc: <linux-mm@kvack.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

authored by

Adam Litke and committed by
Linus Torvalds 7bf07f3d 32e51a8c

+11 -4
+11 -2
arch/i386/mm/hugetlbpage.c
··· 22 22 { 23 23 pgd_t *pgd; 24 24 pud_t *pud; 25 - pmd_t *pmd = NULL; 25 + pmd_t *pmd; 26 + pte_t *pte = NULL; 26 27 27 28 pgd = pgd_offset(mm, addr); 28 29 pud = pud_alloc(mm, pgd, addr); 29 30 pmd = pmd_alloc(mm, pud, addr); 30 - return (pte_t *) pmd; 31 + 32 + if (!pmd) 33 + goto out; 34 + 35 + pte = (pte_t *) pmd; 36 + if (!pte_none(*pte) && !pte_huge(*pte)) 37 + hugetlb_clean_stale_pgtable(pte); 38 + out: 39 + return pte; 31 40 } 32 41 33 42 pte_t *huge_pte_offset(struct mm_struct *mm, unsigned long addr)
-2
mm/hugetlb.c
··· 360 360 ret = -ENOMEM; 361 361 goto out; 362 362 } 363 - if (! pte_none(*pte)) 364 - hugetlb_clean_stale_pgtable(pte); 365 363 366 364 idx = ((addr - vma->vm_start) >> HPAGE_SHIFT) 367 365 + (vma->vm_pgoff >> (HPAGE_SHIFT - PAGE_SHIFT));