• Mike Kravetz's avatar
    ipc/shm.c: add split function to shm_vm_ops · 3d942ee0
    Mike Kravetz authored
    If System V shmget/shmat operations are used to create a hugetlbfs
    backed mapping, it is possible to munmap part of the mapping and split
    the underlying vma such that it is not huge page aligned.  This will
    untimately result in the following BUG:
    
      kernel BUG at /build/linux-jWa1Fv/linux-4.15.0/mm/hugetlb.c:3310!
      Oops: Exception in kernel mode, sig: 5 [#1]
      LE SMP NR_CPUS=2048 NUMA PowerNV
      Modules linked in: kcm nfc af_alg caif_socket caif phonet fcrypt
      CPU: 18 PID: 43243 Comm: trinity-subchil Tainted: G         C  E 4.15.0-10-generic #11-Ubuntu
      NIP:  c00000000036e764 LR: c00000000036ee48 CTR: 0000000000000009
      REGS: c000003fbcdcf810 TRAP: 0700   Tainted: G         C  E (4.15.0-10-generic)
      MSR:  9000000000029033 <SF,HV,EE,ME,IR,DR,RI,LE>  CR: 24002222  XER: 20040000
      CFAR: c00000000036ee44 SOFTE: 1
      NIP __unmap_hugepage_range+0xa4/0x760
      LR __unmap_hugepage_range_final+0x28/0x50
      Call Trace:
        0x7115e4e00000 (unreliable)
        __unmap_hugepage_range_final+0x28/0x50
        unmap_single_vma+0x11c/0x190
        unmap_vmas+0x94/0x140
        exit_mmap+0x9c/0x1d0
        mmput+0xa8/0x1d0
        do_exit+0x360/0xc80
        do_group_exit+0x60/0x100
        SyS_exit_group+0x24/0x30
        system_call+0x58/0x6c
      ---[ end trace ee88f958a1c62605 ]---
    
    This bug was introduced by commit 31383c68 ("mm, hugetlbfs:
    introduce ->split() to vm_operations_struct").  A split function was
    added to vm_operations_struct to determine if a mapping can be split.
    This was mostly for device-dax and hugetlbfs mappings which have
    specific alignment constraints.
    
    Mappings initiated via shmget/shmat have their original vm_ops
    overwritten with shm_vm_ops.  shm_vm_ops functions will call back to the
    original vm_ops if needed.  Add such a split function to shm_vm_ops.
    
    Link: http://lkml.kernel.org/r/20180321161314.7711-1-mike.kravetz@oracle.com
    Fixes: 31383c68 ("mm, hugetlbfs: introduce ->split() to vm_operations_struct")
    Signed-off-by: default avatarMike Kravetz <mike.kravetz@oracle.com>
    Reported-by: default avatarLaurent Dufour <ldufour@linux.vnet.ibm.com>
    Reviewed-by: default avatarLaurent Dufour <ldufour@linux.vnet.ibm.com>
    Tested-by: default avatarLaurent Dufour <ldufour@linux.vnet.ibm.com>
    Reviewed-by: default avatarDan Williams <dan.j.williams@intel.com>
    Acked-by: default avatarMichal Hocko <mhocko@suse.com>
    Cc: Davidlohr Bueso <dave@stgolabs.net>
    Cc: Manfred Spraul <manfred@colorfullife.com>
    Cc: <stable@vger.kernel.org>
    Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
    Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    3d942ee0
shm.c 39.1 KB