Commit f12d5bfc authored by Linus Torvalds's avatar Linus Torvalds

futex: fix handling of read-only-mapped hugepages

The hugepage code had the exact same bug that regular pages had in
commit 7485d0d3 ("futexes: Remove rw parameter from
get_futex_key()").

The regular page case was fixed by commit 9ea71503 ("futex: Fix
regression with read only mappings"), but the transparent hugepage case
(added in a5b338f2: "thp: update futex compound knowledge") case
remained broken.

Found by Dave Jones and his trinity tool.
Reported-and-tested-by: default avatarDave Jones <davej@fedoraproject.org>
Cc: stable@kernel.org # v2.6.38+
Acked-by: default avatarThomas Gleixner <tglx@linutronix.de>
Cc: Mel Gorman <mgorman@suse.de>
Cc: Darren Hart <dvhart@linux.intel.com>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent 9538e100
...@@ -288,7 +288,7 @@ get_futex_key(u32 __user *uaddr, int fshared, union futex_key *key, int rw) ...@@ -288,7 +288,7 @@ get_futex_key(u32 __user *uaddr, int fshared, union futex_key *key, int rw)
put_page(page); put_page(page);
/* serialize against __split_huge_page_splitting() */ /* serialize against __split_huge_page_splitting() */
local_irq_disable(); local_irq_disable();
if (likely(__get_user_pages_fast(address, 1, 1, &page) == 1)) { if (likely(__get_user_pages_fast(address, 1, !ro, &page) == 1)) {
page_head = compound_head(page); page_head = compound_head(page);
/* /*
* page_head is valid pointer but we must pin * page_head is valid pointer but we must pin
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment