Commit 4e30b94c authored by Luiz Capitulino's avatar Luiz Capitulino Committed by Andrew Morton
Browse files

mm: page_table_check: use new iteration API 

The page_ext_next() function assumes that page extension objects for a
page order allocation always reside in the same memory section, which may
not be true and could lead to crashes.  Use the new page_ext iteration API
instead.

Link: https://lkml.kernel.org/r/ca2d53a020fe1cd65c442627ff6c0c40d591cbd8.1741301089.git.luizcap@redhat.com


Fixes: cf54f310 ("mm/hugetlb: use __GFP_COMP for gigantic folios")
Signed-off-by: default avatarLuiz Capitulino <luizcap@redhat.com>
Acked-by: default avatarDavid Hildenbrand <david@redhat.com>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: Muchun Song <muchun.song@linux.dev>
Cc: Pasha Tatashin <pasha.tatashin@soleen.com>
Cc: Yu Zhao <yuzhao@google.com>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
parent 9039b909

mm/page_table_check.c

+12 −27
Original line number Diff line number Diff line
@@ -62,24 +62,20 @@ static struct page_table_check *get_page_table_check(struct page_ext *page_ext) 
 */

static void page_table_check_clear(unsigned long pfn, unsigned long pgcnt)

{

	struct page_ext_iter iter;

	struct page_ext *page_ext;

	struct page *page;

	unsigned long i;

	bool anon;



	if (!pfn_valid(pfn))

		return;



	page = pfn_to_page(pfn);

	page_ext = page_ext_get(page);



	if (!page_ext)

		return;



	BUG_ON(PageSlab(page));

	anon = PageAnon(page);



	for (i = 0; i < pgcnt; i++) {

	rcu_read_lock();

	for_each_page_ext(page, pgcnt, page_ext, iter) {

		struct page_table_check *ptc = get_page_table_check(page_ext);



		if (anon) {
@@ -89,9 +85,8 @@ static void page_table_check_clear(unsigned long pfn, unsigned long pgcnt) 
			BUG_ON(atomic_read(&ptc->anon_map_count));

			BUG_ON(atomic_dec_return(&ptc->file_map_count) < 0);

		}

		page_ext = page_ext_next(page_ext);

	}

	page_ext_put(page_ext);

	rcu_read_unlock();

}



/*
@@ -102,24 +97,20 @@ static void page_table_check_clear(unsigned long pfn, unsigned long pgcnt) 
static void page_table_check_set(unsigned long pfn, unsigned long pgcnt,

				 bool rw)

{

	struct page_ext_iter iter;

	struct page_ext *page_ext;

	struct page *page;

	unsigned long i;

	bool anon;



	if (!pfn_valid(pfn))

		return;



	page = pfn_to_page(pfn);

	page_ext = page_ext_get(page);



	if (!page_ext)

		return;



	BUG_ON(PageSlab(page));

	anon = PageAnon(page);



	for (i = 0; i < pgcnt; i++) {

	rcu_read_lock();

	for_each_page_ext(page, pgcnt, page_ext, iter) {

		struct page_table_check *ptc = get_page_table_check(page_ext);



		if (anon) {
@@ -129,9 +120,8 @@ static void page_table_check_set(unsigned long pfn, unsigned long pgcnt, 
			BUG_ON(atomic_read(&ptc->anon_map_count));

			BUG_ON(atomic_inc_return(&ptc->file_map_count) < 0);

		}

		page_ext = page_ext_next(page_ext);

	}

	page_ext_put(page_ext);

	rcu_read_unlock();

}



/*
@@ -140,24 +130,19 @@ static void page_table_check_set(unsigned long pfn, unsigned long pgcnt, 
 */

void __page_table_check_zero(struct page *page, unsigned int order)

{

	struct page_ext_iter iter;

	struct page_ext *page_ext;

	unsigned long i;



	BUG_ON(PageSlab(page));



	page_ext = page_ext_get(page);



	if (!page_ext)

		return;



	for (i = 0; i < (1ul << order); i++) {

	rcu_read_lock();

	for_each_page_ext(page, 1 << order, page_ext, iter) {

		struct page_table_check *ptc = get_page_table_check(page_ext);



		BUG_ON(atomic_read(&ptc->anon_map_count));

		BUG_ON(atomic_read(&ptc->file_map_count));

		page_ext = page_ext_next(page_ext);

	}

	page_ext_put(page_ext);

	rcu_read_unlock();

}



void __page_table_check_pte_clear(struct mm_struct *mm, pte_t pte)