stable.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [to-be-updated] mm-z3foldc-lock-z3fold-page-before-__setpagemovable.patch removed from -mm tree
@ 2019-07-04 21:05 akpm
  0 siblings, 0 replies; only message in thread
From: akpm @ 2019-07-04 21:05 UTC (permalink / raw)
  To: henryburns, jwadams, mm-commits, rientjes, rppt, shakeelb,
	stable, vitaly.vul, vitalywool, wangxidong_97


The patch titled
     Subject: mm/z3fold.c: lock z3fold page before __SetPageMovable()
has been removed from the -mm tree.  Its filename was
     mm-z3foldc-lock-z3fold-page-before-__setpagemovable.patch

This patch was dropped because an updated version will be merged

------------------------------------------------------
From: Henry Burns <henryburns@google.com>
Subject: mm/z3fold.c: lock z3fold page before __SetPageMovable()

__SetPageMovable() expects its page to be locked, but z3fold.c doesn't
lock the page.  This triggers the VM_BUG_ON_PAGE(!PageLocked(page), page)
in __SetPageMovable().

Following zsmalloc.c's example we call trylock_page() and unlock_page(). 
Also make z3fold_page_migrate() assert that newpage is passed in locked,
as per the documentation.

Link: http://lkml.kernel.org/r/20190702005122.41036-1-henryburns@google.com
Signed-off-by: Henry Burns <henryburns@google.com>
Suggested-by: Vitaly Wool <vitalywool@gmail.com>
Acked-by: Vitaly Wool <vitalywool@gmail.com>
Acked-by: David Rientjes <rientjes@google.com>
Cc: Shakeel Butt <shakeelb@google.com>
Cc: Vitaly Vul <vitaly.vul@sony.com>
Cc: Mike Rapoport <rppt@linux.vnet.ibm.com>
Cc: Xidong Wang <wangxidong_97@163.com>
Cc: Jonathan Adams <jwadams@google.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

 mm/z3fold.c |    6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

--- a/mm/z3fold.c~mm-z3foldc-lock-z3fold-page-before-__setpagemovable
+++ a/mm/z3fold.c
@@ -919,7 +919,10 @@ retry:
 		set_bit(PAGE_HEADLESS, &page->private);
 		goto headless;
 	}
-	__SetPageMovable(page, pool->inode->i_mapping);
+	if (!WARN_ON(!trylock_page(page))) {
+		__SetPageMovable(page, pool->inode->i_mapping);
+		unlock_page(page);
+	}
 	z3fold_page_lock(zhdr);
 
 found:
@@ -1326,6 +1329,7 @@ static int z3fold_page_migrate(struct ad
 
 	VM_BUG_ON_PAGE(!PageMovable(page), page);
 	VM_BUG_ON_PAGE(!PageIsolated(page), page);
+	VM_BUG_ON_PAGE(!PageLocked(newpage), newpage);
 
 	zhdr = page_address(page);
 	pool = zhdr_to_pool(zhdr);
_

Patches currently in -mm which might be from henryburns@google.com are

mm-z3fold-fix-z3fold_buddy_slots-use-after-free.patch


^ permalink raw reply	[flat|nested] only message in thread
only message in thread, other threads:[~2019-07-04 21:05 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-07-04 21:05 [to-be-updated] mm-z3foldc-lock-z3fold-page-before-__setpagemovable.patch removed from -mm tree akpm

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).