Received: by 10.213.65.68 with SMTP id h4csp717381imn; Fri, 6 Apr 2018 07:46:53 -0700 (PDT) X-Google-Smtp-Source: AIpwx4/koah63P90u/wInOFvbeT123CILrq09eYkxLPHj5GIJOPNYxx2toHzHgjZl4narrNOYiOe X-Received: by 2002:a17:902:7d8e:: with SMTP id a14-v6mr5250777plm.380.1523026013021; Fri, 06 Apr 2018 07:46:53 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1523026012; cv=none; d=google.com; s=arc-20160816; b=dTrXQ98GVD+dWZPed297EhBxDlUwowdeJ8M5fxIO4uirbHeZbwpXzcDmzJBnudU9uh WFJ2e/Z0jCV2R8B4RpPKFycjhu2L5jJUvnXotVehjF8y9az7yF/ZApMuLlwth/WNEy5I PRud99zUgU9g4rRCkQFdtZnz5ZqC3aIuU9iWjICF01Mpt1L3zZoXSJxUsh9y0Rgw7O+W f7vtK1a4a6ax50hzVytLXKiP0R3pFOEa0eFjnQkw1E42wx74Ok2O6yazrJCeOcZI9GiQ YKKMiqEJiPgqDihr7lvO5U3mfmkOM4l+sJkK18cGtq4pGPNMj2Q600T74hESoAMxhgMu wO/Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :in-reply-to:message-id:date:subject:cc:to:from :arc-authentication-results; bh=4Up6+U2L55+/O5gs0KCgUOLBZ4vH3e2vJEg5zQPlxlo=; b=be+IZiTAeh82C6YgwVqeGl+PcR1Wsc2gijo1/68CBMGtKmUbuQ6tQ7KluCiKWv5ld9 152bfDaBl10xJL62YhgnJj3tduyu6Jxuq7bWSlIHUZDbtXj541SZjOcZrfdiv0Hvt9sJ itRE2qckQpAy0J8Zk/I2fY4JUbybDe6StMHJl5fRyqEB0j5P6EcsnsQ+2nnSIx7yFaHS F9T+Rtfn7sh7OAl4vRaSb4lw8VriJWRfFzF0nTAs55P1ypfAsi58RnjAHhZHzOMbsWMP kOVM+JrtmJ3TbDStRZBjphlV++LzsU0e1dF+ia49jfEUWyKeX+m7+5JefRcd/LxNL5PJ VLaQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id t5si7097794pgo.96.2018.04.06.07.46.38; Fri, 06 Apr 2018 07:46:52 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755866AbeDFOph (ORCPT + 99 others); Fri, 6 Apr 2018 10:45:37 -0400 Received: from mail.linuxfoundation.org ([140.211.169.12]:58080 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755711AbeDFNdz (ORCPT ); Fri, 6 Apr 2018 09:33:55 -0400 Received: from localhost (LFbn-1-12247-202.w90-92.abo.wanadoo.fr [90.92.61.202]) by mail.linuxfoundation.org (Postfix) with ESMTPSA id 94262CFF; Fri, 6 Apr 2018 13:33:54 +0000 (UTC) From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Mike Kravetz , Laurent Dufour , Dan Williams , Michal Hocko , Davidlohr Bueso , Manfred Spraul , Andrew Morton , Linus Torvalds Subject: [PATCH 4.9 008/102] ipc/shm.c: add split function to shm_vm_ops Date: Fri, 6 Apr 2018 15:22:49 +0200 Message-Id: <20180406084332.690189179@linuxfoundation.org> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20180406084331.507038179@linuxfoundation.org> References: <20180406084331.507038179@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.9-stable review patch. If anyone has any objections, please let me know. ------------------ From: Mike Kravetz commit 3d942ee079b917b24e2a0c5f18d35ac8ec9fee48 upstream. If System V shmget/shmat operations are used to create a hugetlbfs backed mapping, it is possible to munmap part of the mapping and split the underlying vma such that it is not huge page aligned. This will untimately result in the following BUG: kernel BUG at /build/linux-jWa1Fv/linux-4.15.0/mm/hugetlb.c:3310! Oops: Exception in kernel mode, sig: 5 [#1] LE SMP NR_CPUS=2048 NUMA PowerNV Modules linked in: kcm nfc af_alg caif_socket caif phonet fcrypt CPU: 18 PID: 43243 Comm: trinity-subchil Tainted: G C E 4.15.0-10-generic #11-Ubuntu NIP: c00000000036e764 LR: c00000000036ee48 CTR: 0000000000000009 REGS: c000003fbcdcf810 TRAP: 0700 Tainted: G C E (4.15.0-10-generic) MSR: 9000000000029033 CR: 24002222 XER: 20040000 CFAR: c00000000036ee44 SOFTE: 1 NIP __unmap_hugepage_range+0xa4/0x760 LR __unmap_hugepage_range_final+0x28/0x50 Call Trace: 0x7115e4e00000 (unreliable) __unmap_hugepage_range_final+0x28/0x50 unmap_single_vma+0x11c/0x190 unmap_vmas+0x94/0x140 exit_mmap+0x9c/0x1d0 mmput+0xa8/0x1d0 do_exit+0x360/0xc80 do_group_exit+0x60/0x100 SyS_exit_group+0x24/0x30 system_call+0x58/0x6c ---[ end trace ee88f958a1c62605 ]--- This bug was introduced by commit 31383c6865a5 ("mm, hugetlbfs: introduce ->split() to vm_operations_struct"). A split function was added to vm_operations_struct to determine if a mapping can be split. This was mostly for device-dax and hugetlbfs mappings which have specific alignment constraints. Mappings initiated via shmget/shmat have their original vm_ops overwritten with shm_vm_ops. shm_vm_ops functions will call back to the original vm_ops if needed. Add such a split function to shm_vm_ops. Link: http://lkml.kernel.org/r/20180321161314.7711-1-mike.kravetz@oracle.com Fixes: 31383c6865a5 ("mm, hugetlbfs: introduce ->split() to vm_operations_struct") Signed-off-by: Mike Kravetz Reported-by: Laurent Dufour Reviewed-by: Laurent Dufour Tested-by: Laurent Dufour Reviewed-by: Dan Williams Acked-by: Michal Hocko Cc: Davidlohr Bueso Cc: Manfred Spraul Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman --- ipc/shm.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) --- a/ipc/shm.c +++ b/ipc/shm.c @@ -381,6 +381,17 @@ static int shm_fault(struct vm_area_stru return sfd->vm_ops->fault(vma, vmf); } +static int shm_split(struct vm_area_struct *vma, unsigned long addr) +{ + struct file *file = vma->vm_file; + struct shm_file_data *sfd = shm_file_data(file); + + if (sfd->vm_ops && sfd->vm_ops->split) + return sfd->vm_ops->split(vma, addr); + + return 0; +} + #ifdef CONFIG_NUMA static int shm_set_policy(struct vm_area_struct *vma, struct mempolicy *new) { @@ -503,6 +514,7 @@ static const struct vm_operations_struct .open = shm_open, /* callback for a new vm-area open */ .close = shm_close, /* callback for when the vm-area is released */ .fault = shm_fault, + .split = shm_split, #if defined(CONFIG_NUMA) .set_policy = shm_set_policy, .get_policy = shm_get_policy,