git.baikalelectronics.ru Git - kernel.git/commit

author	Steve Capper <steve.capper@arm.com>
	Wed, 3 Aug 2016 14:15:55 +0000 (15:15 +0100)
committer	Will Deacon <will.deacon@arm.com>
	Thu, 4 Aug 2016 12:41:18 +0000 (13:41 +0100)
commit	09275901bcb15dae15e932dbc48c8ada553b7895
tree	5c81c992943a916638781bf2fe3a1f4778bf4457	tree \| snapshot
parent	2c6d8b8009b42f3f1f68a6b1a9831d6ea9389871	commit \| diff

arm64: Fix copy-on-write referencing in HugeTLB

set_pte_at(.) will set or unset the PTE_RDONLY hardware bit before
writing the entry to the table.

This can cause problems with the copy-on-write logic in hugetlb_cow:
*) hugetlb_cow(.) called to handle a write fault on read only pte,
*) Before the copy-on-write updates the new page table a call is
made to pte_same(huge_ptep_get(ptep), pte)), to check for a race,
*) Because set_pte_at(.) changed the pte, *ptep != pte, and the
hugetlb_cow(.) code erroneously assumes that it lost the race,
*) The new page is subsequently freed without being used.

On arm64 this problem only becomes apparent when we apply:
e84ef69 mm/hugetlb: fix huge page reserve accounting for private
mappings

When one runs the libhugetlbfs test suite, there are allocation errors
and hugetlbfs pages become erroneously locked in memory as reserved.
(There is a high HugePages_Rsvd: count).

In this patch we introduce pte_same which ignores the PTE_RDONLY bit,
allowing for the libhugetlbfs test suite to pass as expected and
without leaking any reserved HugeTLB pages.

Reported-by: Huang Shijie <shijie.huang@arm.com>
Signed-off-by: Steve Capper <steve.capper@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>