+2
−3
Loading
mm/hugetlb: fix pgtable lock on pmd sharing
mainline inclusion from mainline-v6.5-rc1 commit 349d1670 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/IAQT9Q Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=349d1670008d3dab99a11b015bef51ad3f26fb4f -------------------------------- Huge pmd sharing operates on PUD not PMD, huge_pte_lock() is not suitable in this case because it should only work for last level pte changes, while pmd sharing is always one level higher. Meanwhile, here we're locking over the spte pgtable lock which is even not a lock for current mm but someone else's. It seems even racy on operating on the lock, as after put_page() of the spte pgtable page logically the page can be released, so at least the spin_unlock() needs to be done after the put_page(). No report I am aware, I'm not even sure whether it'll just work on taking the spte pmd lock, because while we're holding i_mmap read lock it probably means the vma interval tree is frozen, all pte allocators over this pud entry could always find the specific svma and spte page, so maybe they'll serialize on this spte page lock? Even so, doesn't seem to be expected. It just seems to be an accident of cb900f41. Fix it with the proper pud lock (which is the mm's page_table_lock). Link: https://lkml.kernel.org/r/20230612160420.809818-1-peterx@redhat.com Fixes: cb900f41 ("mm, hugetlb: convert hugetlbfs to use split pmd lock") Signed-off-by:Peter Xu <peterx@redhat.com> Reviewed-by: