github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-09 07:03:37 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
541086495d
linux/include
History
Kirill A. Shutemov 23f1538b9c mm: Fix NULL pointer dereference in madvise(MADV_WILLNEED) support 
commit ee53664bda upstream.

Sasha Levin found a NULL pointer dereference that is due to a missing
page table lock, which in turn is due to the pmd entry in question being
a transparent huge-table entry.

The code - introduced in commit 1998cc0489 ("mm: make
madvise(MADV_WILLNEED) support swap file prefetch") - correctly checks
for this situation using pmd_none_or_trans_huge_or_clear_bad(), but it
turns out that that function doesn't work correctly.

pmd_none_or_trans_huge_or_clear_bad() expected that pmd_bad() would
trigger if the transparent hugepage bit was set, but it doesn't do that
if pmd_numa() is also set. Note that the NUMA bit only gets set on real
NUMA machines, so people trying to reproduce this on most normal
development systems would never actually trigger this.

Fix it by removing the very subtle (and subtly incorrect) expectation,
and instead just checking pmd_trans_huge() explicitly.

Reported-by: Sasha Levin <sasha.levin@oracle.com>
Acked-by: Andrea Arcangeli <aarcange@redhat.com>
[ Additionally remove the now stale test for pmd_trans_huge() inside the
  pmd_bad() case - Linus ]
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Wang Long <long.wanglong@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2015-04-29 10:33:58 +02:00
..
acpi ACPI / hotplug: Fix conflicted PCI bridge notify handlers 2013-12-04 10:57:04 -08:00
asm-generic mm: Fix NULL pointer dereference in madvise(MADV_WILLNEED) support 2015-04-29 10:33:58 +02:00
clocksource clocksource: arch_timer: use virtual counters 2014-01-09 12:24:26 -08:00
crypto crypto: scatterwalk - Use sg_chain_ptr on chain entries 2013-12-11 22:36:29 -08:00
drm drm/radeon: remove invalid pci id 2014-11-14 08:48:00 -08:00
dt-bindings
keys
linux remove extra definitions of U32_MAX 2015-04-29 10:33:54 +02:00
math-emu
media media: vb2: fix VBI/poll regression 2014-10-09 12:18:42 -07:00
memory
misc
net ipv4: tcp: get rid of ugly unicast_sock 2015-02-26 17:48:48 -08:00
pcmcia
ras
rdma
rxrpc
scsi scsi: fix our current target reap infrastructure 2014-05-30 21:52:11 -07:00
sound ALSA: ak411x: Fix stall in work callback 2015-02-11 14:48:17 +08:00
target target: Report correct response length for some commands 2014-06-30 20:09:45 -07:00
trace tracing: Fix syscall_*regfunc() vs copy_process() race 2014-07-06 18:54:16 -07:00
uapi netfilter: xt_bpf: add mising opaque struct sk_filter definition 2014-11-21 09:22:54 -08:00
video Merge branch 'fbdev-3.10-fixes' of git://gitorious.org/linux-omap-dss2/linux into linux-fbdev/for-3.10-fixes 2013-05-29 17:00:34 +08:00
xen xenbus: delay xenbus frontend resume if xenstored is not running 2013-05-29 09:04:19 -04:00
Kbuild UAPI: remove empty Kbuild files 2013-04-30 17:04:09 -07:00