[PATCH] hugetlb: prepare_hugepage_range check offset too
(David:) If hugetlbfs_file_mmap() returns a failure to do_mmap_pgoff() - for example, because the given file offset is not hugepage aligned - then do_mmap_pgoff will go to the unmap_and_free_vma backout path. But at this stage the vma hasn't been marked as hugepage, and the backout path will call unmap_region() on it. That will eventually call down to the non-hugepage version of unmap_page_range(). On ppc64, at least, that will cause serious problems if there are any existing hugepage pagetable entries in the vicinity - for example if there are any other hugepage mappings under the same PUD. unmap_page_range() will trigger a bad_pud() on the hugepage pud entries. I suspect this will also cause bad problems on ia64, though I don't have a machine to test it on. (Hugh:) prepare_hugepage_range() should check file offset alignment when it checks virtual address and length, to stop MAP_FIXED with a bad huge offset from unmapping before it fails further down. PowerPC should apply the same prepare_hugepage_range alignment checks as ia64 and all the others do. Then none of the alignment checks in hugetlbfs_file_mmap are required (nor is the check for too small a mapping); but even so, move up setting of VM_HUGETLB and add a comment to warn of what David Gibson discovered - if hugetlbfs_file_mmap fails before setting it, do_mmap_pgoff's unmap_region when unwinding from error will go the non-huge way, which may cause bad behaviour on architectures (powerpc and ia64) which segregate their huge mappings into a separate region of the address space. Signed-off-by: Hugh Dickins <hugh@veritas.com> Cc: "Luck, Tony" <tony.luck@intel.com> Cc: "David S. Miller" <davem@davemloft.net> Acked-by: Adam Litke <agl@us.ibm.com> Acked-by: David Gibson <david@gibson.dropbear.id.au> Cc: Paul Mackerras <paulus@samba.org> Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
This commit is contained in:
Hugh Dickins
committed by
Linus Torvalds
Linus Torvalds
parent
69ae9e3ee4
commit
68589bc353
@ -62,24 +62,19 @@ static int hugetlbfs_file_mmap(struct file *file, struct vm_area_struct *vma)
|
||||
loff_t len, vma_len;
|
||||
int ret;
|
||||
|
||||
if (vma->vm_pgoff & (HPAGE_SIZE / PAGE_SIZE - 1))
|
||||
return -EINVAL;
|
||||
|
||||
if (vma->vm_start & ~HPAGE_MASK)
|
||||
return -EINVAL;
|
||||
|
||||
if (vma->vm_end & ~HPAGE_MASK)
|
||||
return -EINVAL;
|
||||
|
||||
if (vma->vm_end - vma->vm_start < HPAGE_SIZE)
|
||||
return -EINVAL;
|
||||
/*
|
||||
* vma alignment has already been checked by prepare_hugepage_range.
|
||||
* If you add any error returns here, do so after setting VM_HUGETLB,
|
||||
* so is_vm_hugetlb_page tests below unmap_region go the right way
|
||||
* when do_mmap_pgoff unwinds (may be important on powerpc and ia64).
|
||||
*/
|
||||
vma->vm_flags |= VM_HUGETLB | VM_RESERVED;
|
||||
vma->vm_ops = &hugetlb_vm_ops;
|
||||
|
||||
vma_len = (loff_t)(vma->vm_end - vma->vm_start);
|
||||
|
||||
mutex_lock(&inode->i_mutex);
|
||||
file_accessed(file);
|
||||
vma->vm_flags |= VM_HUGETLB | VM_RESERVED;
|
||||
vma->vm_ops = &hugetlb_vm_ops;
|
||||
|
||||
ret = -ENOMEM;
|
||||
len = vma_len + ((loff_t)vma->vm_pgoff << PAGE_SHIFT);
|
||||
|
||||
Reference in New Issue
Block a user