Re: [PATCH 2/2] hugepages: Fix use after free bug in "quota" handling

[Hillf Danton]

On Thu, Feb 16, 2012 at 12:24 PM, David Gibson
<david@xxxxxxxxxxxxxxxxxxxxx> wrote:
> @@ -1046,12 +1124,12 @@ static struct page *alloc_huge_page(struct vm_area_struct *vma,
> Â Â Â Âif (!page) {
> Â Â Â Â Â Â Â Âpage = alloc_buddy_huge_page(h, NUMA_NO_NODE);
> Â Â Â Â Â Â Â Âif (!page) {
> - Â Â Â Â Â Â Â Â Â Â Â hugetlb_put_quota(inode->i_mapping, chg);
> + Â Â Â Â Â Â Â Â Â Â Â hugepage_subpool_put_pages(spool, chg);
> Â Â Â Â Â Â Â Â Â Â Â Âreturn ERR_PTR(-VM_FAULT_SIGBUS);
> Â Â Â Â Â Â Â Â}
> Â Â Â Â}
>
> - Â Â Â set_page_private(page, (unsigned long) mapping);
> + Â Â Â set_page_private(page, (unsigned long)spool);
>

Page mapping is used in unmap_ref_private(), and I am
wondering it no longer works:-(

> @@ -2392,7 +2471,8 @@ retry_avoidcopy:
>
> Â Â Â Â/* Drop page_table_lock as buddy allocator may be called */
> Â Â Â Âspin_unlock(&mm->page_table_lock);
> - Â Â Â new_page = alloc_huge_page(vma, address, outside_reserve);
> + Â Â Â new_page = alloc_huge_page(vma, address, outside_reserve,
> + Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Âsubpool_vma(vma));

Change in the number of parameters of alloc_huge_page()
looks unnecessary.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/