Commit 453c7192 authored by Johannes Weiner's avatar Johannes Weiner Committed by Linus Torvalds

thp: keep highpte mapped until it is no longer needed

Two users reported THP-related crashes on 32-bit x86 machines.  Their oops
reports indicated an invalid pte, and subsequent code inspection showed
that the highpte is actually used after unmap.

The fix is to unmap the pte only after all operations against it are
finished.
Signed-off-by: default avatarJohannes Weiner <hannes@cmpxchg.org>
Reported-by: default avatarIlya Dryomov <idryomov@gmail.com>
Reported-by: default avatarwerner <w.landgraf@ru.ru>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Tested-by: default avatarIlya Dryomov <idryomov@gmail.com>
Tested-by: Steven Rostedt <rostedt@goodmis.org
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent 6a108a14
...@@ -1837,9 +1837,9 @@ static void collapse_huge_page(struct mm_struct *mm, ...@@ -1837,9 +1837,9 @@ static void collapse_huge_page(struct mm_struct *mm,
spin_lock(ptl); spin_lock(ptl);
isolated = __collapse_huge_page_isolate(vma, address, pte); isolated = __collapse_huge_page_isolate(vma, address, pte);
spin_unlock(ptl); spin_unlock(ptl);
pte_unmap(pte);
if (unlikely(!isolated)) { if (unlikely(!isolated)) {
pte_unmap(pte);
spin_lock(&mm->page_table_lock); spin_lock(&mm->page_table_lock);
BUG_ON(!pmd_none(*pmd)); BUG_ON(!pmd_none(*pmd));
set_pmd_at(mm, address, pmd, _pmd); set_pmd_at(mm, address, pmd, _pmd);
...@@ -1856,6 +1856,7 @@ static void collapse_huge_page(struct mm_struct *mm, ...@@ -1856,6 +1856,7 @@ static void collapse_huge_page(struct mm_struct *mm,
anon_vma_unlock(vma->anon_vma); anon_vma_unlock(vma->anon_vma);
__collapse_huge_page_copy(pte, new_page, vma, address, ptl); __collapse_huge_page_copy(pte, new_page, vma, address, ptl);
pte_unmap(pte);
__SetPageUptodate(new_page); __SetPageUptodate(new_page);
pgtable = pmd_pgtable(_pmd); pgtable = pmd_pgtable(_pmd);
VM_BUG_ON(page_count(pgtable) != 1); VM_BUG_ON(page_count(pgtable) != 1);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment