linux/include
Kirill A. Shutemov ee53664bda mm: Fix NULL pointer dereference in madvise(MADV_WILLNEED) support
Sasha Levin found a NULL pointer dereference that is due to a missing
page table lock, which in turn is due to the pmd entry in question being
a transparent huge-table entry.

The code - introduced in commit 1998cc0489 ("mm: make
madvise(MADV_WILLNEED) support swap file prefetch") - correctly checks
for this situation using pmd_none_or_trans_huge_or_clear_bad(), but it
turns out that that function doesn't work correctly.

pmd_none_or_trans_huge_or_clear_bad() expected that pmd_bad() would
trigger if the transparent hugepage bit was set, but it doesn't do that
if pmd_numa() is also set. Note that the NUMA bit only gets set on real
NUMA machines, so people trying to reproduce this on most normal
development systems would never actually trigger this.

Fix it by removing the very subtle (and subtly incorrect) expectation,
and instead just checking pmd_trans_huge() explicitly.

Reported-by: Sasha Levin <sasha.levin@oracle.com>
Acked-by: Andrea Arcangeli <aarcange@redhat.com>
[ Additionally remove the now stale test for pmd_trans_huge() inside the
  pmd_bad() case - Linus ]
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2013-12-20 12:17:03 -08:00
..
acpi Merge branch 'acpica' 2013-11-27 01:03:27 +01:00
asm-generic mm: Fix NULL pointer dereference in madvise(MADV_WILLNEED) support 2013-12-20 12:17:03 -08:00
clocksource
crypto crypto: scatterwalk - Use sg_chain_ptr on chain entries 2013-12-09 19:58:52 +08:00
drm Merge branch 'ttm-fixes-3.13' of git://people.freedesktop.org/~thomash/linux into drm-fixes 2013-11-21 18:46:56 +10:00
dt-bindings For the 3.13 merge window we have a couple of new drivers for the AMS 2013-11-15 16:37:40 -08:00
keys
kvm
linux mm: numa: guarantee that tlb_flush_pending updates are visible before page table updates 2013-12-18 19:04:51 -08:00
math-emu
media [media] videobuf2: Add support for file access mode flags for DMABUF exporting 2013-12-09 14:50:50 -02:00
memory
misc
net sctp: properly latch and use autoclose value from sock to association 2013-12-10 22:41:26 -05:00
pcmcia
ras
rdma Merge branches 'cma', 'cxgb4', 'flowsteer', 'ipoib', 'misc', 'mlx4', 'mlx5', 'nes', 'ocrdma', 'qib' and 'srp' into for-next 2013-11-17 08:22:19 -08:00
rxrpc
scsi [SCSI] Disable WRITE SAME for RAID and virtual host adapter drivers 2013-11-29 08:48:39 +04:00
sound ALSA: memalloc.h - fix wrong truncation of dma_addr_t 2013-12-10 15:30:46 +01:00
target target_core_alua: Store supported ALUA states 2013-11-20 11:26:37 -08:00
trace Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2013-12-02 10:13:09 -08:00
uapi Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2013-12-19 09:10:46 -08:00
video fbdev changes for 3.13 2013-11-14 14:44:20 +09:00
xen Bug-fixes: 2013-12-20 09:34:54 -08:00
Kbuild