Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp1824282imm; Mon, 3 Sep 2018 10:23:02 -0700 (PDT) X-Google-Smtp-Source: ANB0VdYnIOxmYN4vhYxiXk0oWPwSmEhWuzaZ7RKyI2brFzCC8VUR2RfrcjoLQ8ZuiACIdrWBG/mS X-Received: by 2002:a63:dc53:: with SMTP id f19-v6mr27189863pgj.56.1535995382562; Mon, 03 Sep 2018 10:23:02 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1535995382; cv=none; d=google.com; s=arc-20160816; b=TiSSJ4gM6eM2VY7ibe9yQTFFng3wrlfrx9JsplRYodqmbrq9rmeLbq7sFsrftydMJs xClW2KpJmmd31CVcIp/8D6LJKi000jm4FhhJp79gQW+Yarvl4nR/5+FNTGvZoKVZJVMl UtFVDLI/GPlTuSTr3Tcm6fVGKYvK39cCMVRYIBu4/kJ+6C4Rb/JAvE5IP7t5hIZZgrrL ohpZg5Oq2LScgi5mmjuKTYFb/UkyOGbCYKgMbNxonL85m/SMbsLVDpW9oK5ANGjwrWp7 p/YJrbDDLvENEtJgUpQD+Pjt5Z+yCsrh1c21pROM8JMfFZZho63aHqnkFKM/X4IV2hlK 2SPQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :in-reply-to:message-id:date:subject:cc:to:from :arc-authentication-results; bh=WClZqHQ8DfOlHCWCjB+0UWz3D25kEP9iCUwd0tXztHI=; b=CV0Vc4sKsQBV4oVsNJj7qntWyhHbnr5jFwo9Xd4ieoLBORtBgkkOhnY0Ar9uRYdKxO 42sOT06dgUOSA/KxzFT8aPXgG6s2b6WipB8geyOTbk69E6+SvibTl1U0xoLefhFjLgCI v4ilUOBIkb9R/bAUp2xoQYx5PwjyNTFAW6uOYPbZKes6wiqF2jX1LT4elDMs89F8jEsK eFnzmec0PHBCq1CVZGxpCJV3d4aiFcZdlAXVQle1vHMIM16WymjJHgEsrv9uVuojOgUk twb+TKR1F1PDtkLwbtQo2VPbXzTpUE0XSEkGoahvnHwFE65JEE5NnLjssWXMRK3/dOGI nABA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id i8-v6si17881596pgj.33.2018.09.03.10.22.47; Mon, 03 Sep 2018 10:23:02 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728967AbeICVlh (ORCPT + 99 others); Mon, 3 Sep 2018 17:41:37 -0400 Received: from mail.linuxfoundation.org ([140.211.169.12]:43184 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729941AbeICVkN (ORCPT ); Mon, 3 Sep 2018 17:40:13 -0400 Received: from localhost (ip-213-127-74-90.ip.prioritytelecom.net [213.127.74.90]) by mail.linuxfoundation.org (Postfix) with ESMTPSA id 69392D10; Mon, 3 Sep 2018 17:19:08 +0000 (UTC) From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Hugh Dickins , John Stultz , Kirill Shutemov , Andrew Morton , Linus Torvalds , Sasha Levin Subject: [PATCH 4.14 073/165] mm: delete historical BUG from zap_pmd_range() Date: Mon, 3 Sep 2018 18:55:59 +0200 Message-Id: <20180903165658.757763061@linuxfoundation.org> X-Mailer: git-send-email 2.18.0 In-Reply-To: <20180903165655.003605184@linuxfoundation.org> References: <20180903165655.003605184@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.14-stable review patch. If anyone has any objections, please let me know. ------------------ From: Hugh Dickins [ Upstream commit 53406ed1bcfdabe4b5bc35e6d17946c6f9f563e2 ] Delete the old VM_BUG_ON_VMA() from zap_pmd_range(), which asserted that mmap_sem must be held when splitting an "anonymous" vma there. Whether that's still strictly true nowadays is not entirely clear, but the danger of sometimes crashing on the BUG is now fairly clear. Even with the new stricter rules for anonymous vma marking, the condition it checks for can possible trigger. Commit 44960f2a7b63 ("staging: ashmem: Fix SIGBUS crash when traversing mmaped ashmem pages") is good, and originally I thought it was safe from that VM_BUG_ON_VMA(), because the /dev/ashmem fd exposed to the user is disconnected from the vm_file in the vma, and madvise(,,MADV_REMOVE) insists on VM_SHARED. But after I read John's earlier mail, drawing attention to the vfs_fallocate() in there: I may be wrong, and I don't know if Android has THP in the config anyway, but it looks to me like an unmap_mapping_range() from ashmem's vfs_fallocate() could hit precisely the VM_BUG_ON_VMA(), once it's vma_is_anonymous(). Signed-off-by: Hugh Dickins Cc: John Stultz Cc: Kirill Shutemov Cc: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Sasha Levin Signed-off-by: Greg Kroah-Hartman --- mm/memory.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) --- a/mm/memory.c +++ b/mm/memory.c @@ -1417,11 +1417,9 @@ static inline unsigned long zap_pmd_rang do { next = pmd_addr_end(addr, end); if (is_swap_pmd(*pmd) || pmd_trans_huge(*pmd) || pmd_devmap(*pmd)) { - if (next - addr != HPAGE_PMD_SIZE) { - VM_BUG_ON_VMA(vma_is_anonymous(vma) && - !rwsem_is_locked(&tlb->mm->mmap_sem), vma); + if (next - addr != HPAGE_PMD_SIZE) __split_huge_pmd(vma, pmd, addr, false, NULL); - } else if (zap_huge_pmd(tlb, vma, pmd, addr)) + else if (zap_huge_pmd(tlb, vma, pmd, addr)) goto next; /* fall through */ }