kernel_optimize_test/mm
Huang Ying 688272809f mm, gup: prevent pmd checking race in follow_pmd_mask()
mmap_sem will be read locked when calling follow_pmd_mask().  But this
cannot prevent PMD from being changed for all cases when PTL is
unlocked, for example, from pmd_trans_huge() to pmd_none() via
MADV_DONTNEED.  So it is possible for the pmd_present() check in
follow_pmd_mask() to encounter an invalid PMD.  This may cause an
incorrect VM_BUG_ON() or an infinite loop.  Fix this by reading the PMD
entry into a local variable with READ_ONCE() and checking the local
variable and pmd_none() in the retry loop.

As Kirill pointed out, with PTL unlocked, the *pmd may be changed under
us, so reading it directly again and again may incur weird bugs.  So
although using *pmd directly other than for pmd_present() checking may
be safe, it is still better to replace them to read *pmd once and check
the local variable multiple times.

When PTL unlocked, replace all *pmd with local variable was suggested by
Kirill.

Link: http://lkml.kernel.org/r/20180419083514.1365-1-ying.huang@intel.com
Signed-off-by: "Huang, Ying" <ying.huang@intel.com>
Reviewed-by: Zi Yan <zi.yan@cs.rutgers.edu>
Cc: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: "Aneesh Kumar K.V" <aneesh.kumar@linux.vnet.ibm.com>
Cc: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2018-06-07 17:34:35 -07:00
..
kasan kasan: fix memory hotplug during boot 2018-05-25 18:12:11 -07:00
backing-dev.c bdi: Move cgroup bdi_writeback to a dedicated low concurrency workqueue 2018-05-23 15:28:50 -06:00
balloon_compaction.c
bootmem.c
cleancache.c docs/vm: rename documentation files to .rst 2018-04-16 14:18:15 -06:00
cma_debug.c
cma.c Revert "mm/cma: manage the memory of the CMA area by using the ZONE_MOVABLE" 2018-05-24 10:07:50 -07:00
cma.h
compaction.c Revert "mm/cma: manage the memory of the CMA area by using the ZONE_MOVABLE" 2018-05-24 10:07:50 -07:00
debug_page_ref.c
debug.c
dmapool.c
early_ioremap.c
fadvise.c mm: add ksys_fadvise64_64() helper; remove in-kernel call to sys_fadvise64_64() 2018-04-02 20:16:10 +02:00
failslab.c mm: make should_failslab always available for fault injection 2018-04-05 21:36:26 -07:00
filemap.c mm/filemap.c: fix NULL pointer in page_cache_tree_insert() 2018-04-20 17:18:36 -07:00
frame_vector.c
frontswap.c docs/vm: rename documentation files to .rst 2018-04-16 14:18:15 -06:00
gup_benchmark.c mm/gup_benchmark: handle gup failures 2018-04-13 17:10:27 -07:00
gup.c mm, gup: prevent pmd checking race in follow_pmd_mask() 2018-06-07 17:34:35 -07:00
highmem.c
hmm.c Merge branch 'mm-rst' into docs-next 2018-04-16 14:25:08 -06:00
huge_memory.c There's been a fair amount of work in the docs tree this time around, 2018-06-04 12:34:27 -07:00
hugetlb_cgroup.c mm: rename page_counter's count/limit into usage/max 2018-06-07 17:34:35 -07:00
hugetlb.c Merge branch 'mm-rst' into docs-next 2018-04-16 14:25:08 -06:00
hwpoison-inject.c
init-mm.c mm: introduce arg_lock to protect arg_start|end and env_start|end in mm_struct 2018-06-07 17:34:34 -07:00
internal.h Changes for 4.18: 2018-06-05 13:24:20 -07:00
interval_tree.c
Kconfig mm: introduce ARCH_HAS_PTE_SPECIAL 2018-06-07 17:34:35 -07:00
Kconfig.debug
khugepaged.c page cache: use xa_lock 2018-04-11 10:28:39 -07:00
kmemleak-test.c
kmemleak.c mm: kernel-doc: add missing parameter descriptions 2018-04-05 21:36:27 -07:00
ksm.c mm/ksm: docs: extend overview comment and make it "DOC:" 2018-04-27 17:19:24 -06:00
list_lru.c mm: make counting of list_lru_one::nr_items lockless 2018-04-05 21:36:27 -07:00
maccess.c
madvise.c
Makefile mm: restructure memfd code 2018-06-07 17:34:35 -07:00
memblock.c mm/memblock: introduce PHYS_ADDR_MAX 2018-06-07 17:34:35 -07:00
memcontrol.c mm: treat memory.low value inclusive 2018-06-07 17:34:35 -07:00
memfd.c mm: restructure memfd code 2018-06-07 17:34:35 -07:00
memory_hotplug.c mm/memory_hotplug: fix leftover use of struct page during hotplug 2018-05-25 18:12:11 -07:00
memory-failure.c mm, migrate: remove reason argument from new_page_t 2018-04-11 10:28:32 -07:00
memory.c mm: remove odd HAVE_PTE_SPECIAL 2018-06-07 17:34:35 -07:00
mempolicy.c mm: unclutter THP migration 2018-04-11 10:28:32 -07:00
mempool.c mempool: Add mempool_init()/mempool_exit() 2018-05-14 13:14:23 -06:00
memtest.c
migrate.c mm: migrate: fix double call of radix_tree_replace_slot() 2018-05-11 17:28:45 -07:00
mincore.c
mlock.c
mm_init.c
mmap.c There's been a fair amount of work in the docs tree this time around, 2018-06-04 12:34:27 -07:00
mmu_context.c
mmu_notifier.c
mmzone.c
mprotect.c sched/numa: avoid trapping faults and attempting migration of file-backed dirty pages 2018-04-11 10:28:31 -07:00
mremap.c
msync.c
nobootmem.c
nommu.c mm/nommu: remove description of alloc_vm_area 2018-04-05 21:36:26 -07:00
oom_kill.c mm: rename page_counter's count/limit into usage/max 2018-06-07 17:34:35 -07:00
page_alloc.c mm/page_alloc: remove realsize in free_area_init_core() 2018-06-07 17:34:35 -07:00
page_counter.c mm: memory.low hierarchical behavior 2018-06-07 17:34:35 -07:00
page_ext.c
page_idle.c mm: thp: fix potential clearing to referenced flag in page_idle_clear_pte_refs_one() 2018-04-05 21:36:25 -07:00
page_io.c
page_isolation.c mm, migrate: remove reason argument from new_page_t 2018-04-11 10:28:32 -07:00
page_owner.c mm/page_owner.c: make early_page_owner_param() __init 2018-04-05 21:36:26 -07:00
page_poison.c mm/page_poison.c: make early_page_poison_param() __init 2018-04-05 21:36:26 -07:00
page_vma_mapped.c
page-writeback.c writeback: safer lock nesting 2018-04-20 17:18:35 -07:00
pagewalk.c mm: kernel-doc: add missing parameter descriptions 2018-04-05 21:36:27 -07:00
percpu-internal.h
percpu-km.c
percpu-stats.c mm: reuse DEFINE_SHOW_ATTRIBUTE() macro 2018-04-05 21:36:25 -07:00
percpu-vm.c
percpu.c arch: remove obsolete architecture ports 2018-04-02 20:20:12 -07:00
pgtable-generic.c
process_vm_access.c
quicklist.c
readahead.c mm: split ->readpages calls to avoid non-contiguous pages lists 2018-06-01 18:37:32 -07:00
rmap.c Linux 4.17-rc2 2018-04-27 17:13:20 -06:00
rodata_test.c
shmem.c mm: restructure memfd code 2018-06-07 17:34:35 -07:00
slab_common.c mm: make should_failslab always available for fault injection 2018-04-05 21:36:26 -07:00
slab.c slab: __GFP_ZERO is incompatible with a constructor 2018-06-07 17:34:34 -07:00
slab.h slab, slub: skip unnecessary kasan_cache_shutdown() 2018-04-05 21:36:24 -07:00
slob.c slab: __GFP_ZERO is incompatible with a constructor 2018-06-07 17:34:34 -07:00
slub.c mm/slub: remove obsolete comment 2018-06-07 17:34:34 -07:00
sparse-vmemmap.c
sparse.c mm: sections are not offlined during memory hotremove 2018-05-11 17:28:45 -07:00
swap_cgroup.c
swap_slots.c mm, memcontrol: move swap charge handling into get_swap_page() 2018-06-07 17:34:34 -07:00
swap_state.c mm, memcontrol: move swap charge handling into get_swap_page() 2018-06-07 17:34:34 -07:00
swap.c mm/swap.c: remove @cold parameter description for release_pages() 2018-04-05 21:36:26 -07:00
swapfile.c mm: fix nr_rotate_swap leak in swapon() error case 2018-05-25 18:12:10 -07:00
truncate.c page cache: use xa_lock 2018-04-11 10:28:39 -07:00
usercopy.c
userfaultfd.c
util.c Merge branch 'mm-rst' into docs-next 2018-04-16 14:25:08 -06:00
vmacache.c
vmalloc.c proc: introduce proc_create_seq_private 2018-05-16 07:23:35 +02:00
vmpressure.c
vmscan.c mm: fix the NULL mapping case in __isolate_lru_page() 2018-06-02 09:33:47 -07:00
vmstat.c proc: introduce proc_create_seq{,_data} 2018-05-16 07:23:35 +02:00
workingset.c page cache: use xa_lock 2018-04-11 10:28:39 -07:00
z3fold.c z3fold: fix reclaim lock-ups 2018-05-11 17:28:45 -07:00
zbud.c
zpool.c
zsmalloc.c mm: kernel-doc: add missing parameter descriptions 2018-04-05 21:36:27 -07:00
zswap.c