Gh0st
/
linux
mirror of https://github.com/torvalds/linux.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
linux/mm
History
Jan Stancek b6a9b7f6b1 mm: prevent mmap_cache race in find_vma() 
find_vma() can be called by multiple threads with read lock
held on mm->mmap_sem and any of them can update mm->mmap_cache.
Prevent compiler from re-fetching mm->mmap_cache, because other
readers could update it in the meantime:

               thread 1                             thread 2
                                        |
  find_vma()                            |  find_vma()
    struct vm_area_struct *vma = NULL;  |
    vma = mm->mmap_cache;               |
    if (!(vma && vma->vm_end > addr     |
        && vma->vm_start <= addr)) {    |
                                        |    mm->mmap_cache = vma;
    return vma;                         |
     ^^ compiler may optimize this      |
        local variable out and re-read  |
        mm->mmap_cache                  |

This issue can be reproduced with gcc-4.8.0-1 on s390x by running
mallocstress testcase from LTP, which triggers:

  kernel BUG at mm/rmap.c:1088!
    Call Trace:
     ([<000003d100c57000>] 0x3d100c57000)
      [<000000000023a1c0>] do_wp_page+0x2fc/0xa88
      [<000000000023baae>] handle_pte_fault+0x41a/0xac8
      [<000000000023d832>] handle_mm_fault+0x17a/0x268
      [<000000000060507a>] do_protection_exception+0x1e2/0x394
      [<0000000000603a04>] pgm_check_handler+0x138/0x13c
      [<000003fffcf1f07a>] 0x3fffcf1f07a
    Last Breaking-Event-Address:
      [<000000000024755e>] page_add_new_anon_rmap+0xc2/0x168

Thanks to Jakub Jelinek for his insight on gcc and helping to
track this down.

Signed-off-by: Jan Stancek <jstancek@redhat.com>
Acked-by: David Rientjes <rientjes@google.com>
Signed-off-by: Hugh Dickins <hughd@google.com>
Cc: stable@vger.kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
 		2013-04-04 11:46:28 -07:00
..
Kconfig Select VIRT_TO_BUS directly where needed 2013-03-12 11:16:40 -07:00
Kconfig.debug
Makefile
backing-dev.c
balloon_compaction.c
bootmem.c
bounce.c
cleancache.c fs: encode_fh: return FILEID_INVALID if invalid fid_type 2013-02-26 02:46:10 -05:00
compaction.c
debug-pagealloc.c
dmapool.c
fadvise.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-02-26 20:16:07 -08:00
failslab.c
filemap.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-02-26 20:16:07 -08:00
filemap_xip.c
fremap.c Revert "mm: introduce VM_POPULATE flag to better deal with racy userspace programs" 2013-03-28 17:45:51 -07:00
frontswap.c
highmem.c
huge_memory.c hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
hugetlb.c mm/hugetlb: fix total hugetlbfs pages count when using memory overcommit accouting 2013-03-22 16:41:20 -07:00
hugetlb_cgroup.c
hwpoison-inject.c
init-mm.c
internal.h mm: accelerate munlock() treatment of THP pages 2013-02-27 19:10:09 -08:00
interval_tree.c
kmemcheck.c
kmemleak-test.c
kmemleak.c hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
ksm.c ksm: fix m68k build: only NUMA needs pfn_to_nid 2013-03-08 15:05:34 -08:00
maccess.c
madvise.c
memblock.c x86, ACPI, mm: Revert movablemem_map support 2013-03-02 09:34:39 -08:00
memcontrol.c memcg: initialize kmem-cache destroying work earlier 2013-03-08 15:05:34 -08:00
memory-failure.c
memory.c
memory_hotplug.c mm/hotplug: only free wait_table if it's allocated by vmalloc 2013-03-22 16:41:20 -07:00
mempolicy.c mm/mempolicy.c: fix sp_node_init() argument ordering 2013-03-08 15:05:34 -08:00
mempool.c
migrate.c
mincore.c
mlock.c Revert "mm: introduce VM_POPULATE flag to better deal with racy userspace programs" 2013-03-28 17:45:51 -07:00
mm_init.c
mmap.c mm: prevent mmap_cache race in find_vma() 2013-04-04 11:46:28 -07:00
mmu_context.c
mmu_notifier.c hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
mmzone.c
mprotect.c
mremap.c
msync.c
nobootmem.c
nommu.c mm: prevent mmap_cache race in find_vma() 2013-04-04 11:46:28 -07:00
oom_kill.c
page-writeback.c 2 writeback fixes 2013-02-28 13:21:44 -08:00
page_alloc.c x86, ACPI, mm: Revert movablemem_map support 2013-03-02 09:34:39 -08:00
page_cgroup.c
page_io.c
page_isolation.c
pagewalk.c
percpu-km.c
percpu-vm.c
percpu.c
pgtable-generic.c
process_vm_access.c Fix: compat_rw_copy_check_uvector() misuse in aio, readv, writev, and security keys 2013-03-12 11:05:45 -07:00
quicklist.c
readahead.c
rmap.c
shmem.c fix nommu breakage in shmem.c 2013-03-01 23:50:45 -05:00
slab.c
slab.h
slab_common.c
slob.c
slub.c
sparse-vmemmap.c
sparse.c
swap.c
swap_state.c
swapfile.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-02-26 20:16:07 -08:00
truncate.c
util.c
vmalloc.c
vmscan.c
vmstat.c