[3.11.y.z extended stable] Patch "futex: fix handling of read-only-mapped hugepages" has been added to staging queue

Luis Henriques luis.henriques at canonical.com
Wed Dec 18 10:21:03 UTC 2013 

This is a note to let you know that I have just added a patch titled

    futex: fix handling of read-only-mapped hugepages

to the linux-3.11.y-queue branch of the 3.11.y.z extended stable tree 
which can be found at:

 http://kernel.ubuntu.com/git?p=ubuntu/linux.git;a=shortlog;h=refs/heads/linux-3.11.y-queue

If you, or anyone else, feels it should not be added to this tree, please 
reply to this email.

For more information about the 3.11.y.z tree, see
https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable

Thanks.
-Luis

------

>From 6ab9fee2eabc655570c781d3317f9911cd4bce1e Mon Sep 17 00:00:00 2001
From: Linus Torvalds <torvalds at linux-foundation.org>
Date: Thu, 12 Dec 2013 09:38:42 -0800
Subject: futex: fix handling of read-only-mapped hugepages

commit f12d5bfceb7e1f9051563381ec047f7f13956c3c upstream.

The hugepage code had the exact same bug that regular pages had in
commit 7485d0d3758e ("futexes: Remove rw parameter from
get_futex_key()").

The regular page case was fixed by commit 9ea71503a8ed ("futex: Fix
regression with read only mappings"), but the transparent hugepage case
(added in a5b338f2b0b1: "thp: update futex compound knowledge") case
remained broken.

Found by Dave Jones and his trinity tool.

Reported-and-tested-by: Dave Jones <davej at fedoraproject.org>
Acked-by: Thomas Gleixner <tglx at linutronix.de>
Cc: Mel Gorman <mgorman at suse.de>
Cc: Darren Hart <dvhart at linux.intel.com>
Cc: Andrea Arcangeli <aarcange at redhat.com>
Cc: Oleg Nesterov <oleg at redhat.com>
Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
Signed-off-by: Luis Henriques <luis.henriques at canonical.com>
---
 kernel/futex.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kernel/futex.c b/kernel/futex.c
index c3a1a55..221a58f 100644
--- a/kernel/futex.c
+++ b/kernel/futex.c
@@ -288,7 +288,7 @@ again:
 		put_page(page);
 		/* serialize against __split_huge_page_splitting() */
 		local_irq_disable();
-		if (likely(__get_user_pages_fast(address, 1, 1, &page) == 1)) {
+		if (likely(__get_user_pages_fast(address, 1, !ro, &page) == 1)) {
 			page_head = compound_head(page);
 			/*
 			 * page_head is valid pointer but we must pin
--
1.8.3.2

More information about the kernel-team mailing list