Commit ec081b11 authored by Oleg Nesterov's avatar Oleg Nesterov Committed by Linus Torvalds

[PATCH] /dev/zero vs hugetlb mappings.

Hugetlbfs mmap with MAP_PRIVATE becomes MAP_SHARED silently, but
vma->vm_flags have no VM_SHARED bit.  Reading from /dev/zero into hugetlb
area will do:

read_zero()
    read_zero_pagealigned()
        if (vma->vm_flags & VM_SHARED)
            break;                      // fallback to clear_user()
        zap_page_range();
        zeromap_page_range();

It will hit BUG_ON() in unmap_hugepage_range() if region is not huge page
aligned, or silently convert it into the private anonymous mapping.
Signed-off-by: default avatarOleg Nesterov <oleg@tv-sign.ru>
Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
parent 82b11318
...@@ -416,7 +416,7 @@ static inline size_t read_zero_pagealigned(char __user * buf, size_t size) ...@@ -416,7 +416,7 @@ static inline size_t read_zero_pagealigned(char __user * buf, size_t size)
if (vma->vm_start > addr || (vma->vm_flags & VM_WRITE) == 0) if (vma->vm_start > addr || (vma->vm_flags & VM_WRITE) == 0)
goto out_up; goto out_up;
if (vma->vm_flags & VM_SHARED) if (vma->vm_flags & (VM_SHARED | VM_HUGETLB))
break; break;
count = vma->vm_end - addr; count = vma->vm_end - addr;
if (count > size) if (count > size)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment