[PATCH 4.19 08/34] mm/thp: fix page_address_in_vma() on file THP tails

From: Greg Kroah-Hartman
Date: Fri Jul 09 2021 - 09:21:21 EST

Next message: Greg Kroah-Hartman: "[PATCH 4.19 09/34] mm/thp: unmap_mapping_page() to fix THP truncate_cleanup_page()"
Previous message: Greg Kroah-Hartman: "[PATCH 4.19 07/34] mm/thp: fix vma_address() if virtual address below file offset"
In reply to: Greg Kroah-Hartman: "[PATCH 4.19 07/34] mm/thp: fix vma_address() if virtual address below file offset"
Next in thread: Greg Kroah-Hartman: "[PATCH 4.19 09/34] mm/thp: unmap_mapping_page() to fix THP truncate_cleanup_page()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Jue Wang <juew@xxxxxxxxxx>

[ Upstream commit 31657170deaf1d8d2f6a1955fbc6fa9d228be036 ]

Anon THP tails were already supported, but memory-failure may need to
use page_address_in_vma() on file THP tails, which its page->mapping
check did not permit: fix it.

hughd adds: no current usage is known to hit the issue, but this does
fix a subtle trap in a general helper: best fixed in stable sooner than
later.

Link: https://lkml.kernel.org/r/a0d9b53-bf5d-8bab-ac5-759dc61819c1@xxxxxxxxxx
Fixes: 800d8c63b2e9 ("shmem: add huge pages support")
Signed-off-by: Jue Wang <juew@xxxxxxxxxx>
Signed-off-by: Hugh Dickins <hughd@xxxxxxxxxx>
Reviewed-by: Matthew Wilcox (Oracle) <willy@xxxxxxxxxxxxx>
Reviewed-by: Yang Shi <shy828301@xxxxxxxxx>
Acked-by: Kirill A. Shutemov <kirill.shutemov@xxxxxxxxxxxxxxx>
Cc: Alistair Popple <apopple@xxxxxxxxxx>
Cc: Jan Kara <jack@xxxxxxx>
Cc: Miaohe Lin <linmiaohe@xxxxxxxxxx>
Cc: Minchan Kim <minchan@xxxxxxxxxx>
Cc: Naoya Horiguchi <naoya.horiguchi@xxxxxxx>
Cc: Oscar Salvador <osalvador@xxxxxxx>
Cc: Peter Xu <peterx@xxxxxxxxxx>
Cc: Ralph Campbell <rcampbell@xxxxxxxxxx>
Cc: Shakeel Butt <shakeelb@xxxxxxxxxx>
Cc: Wang Yugui <wangyugui@xxxxxxxxxxxx>
Cc: Zi Yan <ziy@xxxxxxxxxx>
Cc: <stable@xxxxxxxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
Signed-off-by: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
---
mm/rmap.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/mm/rmap.c b/mm/rmap.c
index ff56c460af53..699f445e3e78 100644
--- a/mm/rmap.c
+++ b/mm/rmap.c
@@ -695,11 +695,11 @@ unsigned long page_address_in_vma(struct page *page, struct vm_area_struct *vma)
if (!vma->anon_vma || !page__anon_vma ||
vma->anon_vma->root != page__anon_vma->root)
return -EFAULT;
- } else if (page->mapping) {
- if (!vma->vm_file || vma->vm_file->f_mapping != page->mapping)
- return -EFAULT;
- } else
+ } else if (!vma->vm_file) {
+ return -EFAULT;
+ } else if (vma->vm_file->f_mapping != compound_head(page)->mapping) {
return -EFAULT;
+ }

return vma_address(page, vma);
}
--
2.30.2

Next message: Greg Kroah-Hartman: "[PATCH 4.19 09/34] mm/thp: unmap_mapping_page() to fix THP truncate_cleanup_page()"
Previous message: Greg Kroah-Hartman: "[PATCH 4.19 07/34] mm/thp: fix vma_address() if virtual address below file offset"
In reply to: Greg Kroah-Hartman: "[PATCH 4.19 07/34] mm/thp: fix vma_address() if virtual address below file offset"
Next in thread: Greg Kroah-Hartman: "[PATCH 4.19 09/34] mm/thp: unmap_mapping_page() to fix THP truncate_cleanup_page()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]