diff options
| author | Kirill A. Shutemov <[email protected]> | 2016-09-19 14:44:01 -0700 |
|---|---|---|
| committer | Linus Torvalds <[email protected]> | 2016-09-19 15:36:16 -0700 |
| commit | c131f751ab1a852d4dd4b490b3a7fbba7d738de5 (patch) | |
| tree | 8aad30641286414906d71e5bcfa7f8274998a601 /lib/mpi/mpiutil.c | |
| parent | d8e3875431956c1f78e142d531f490f76c760ce3 (diff) | |
khugepaged: fix use-after-free in collapse_huge_page()
hugepage_vma_revalidate() tries to re-check if we still should try to
collapse small pages into huge one after the re-acquiring mmap_sem.
The problem Dmitry Vyukov reported[1] is that the vma found by
hugepage_vma_revalidate() can be suitable for huge pages, but not the
same vma we had before dropping mmap_sem. And dereferencing original
vma can lead to fun results..
Let's use vma hugepage_vma_revalidate() found instead of assuming it's the
same as what we had before the lock was dropped.
[1] http://lkml.kernel.org/r/CACT4Y+Z3gigBvhca9kRJFcjX0G70V_nRhbwKBU+yGoESBDKi9Q@mail.gmail.com
Link: http://lkml.kernel.org/r/[email protected]
Signed-off-by: Kirill A. Shutemov <[email protected]>
Reported-by: Dmitry Vyukov <[email protected]>
Reviewed-by: Andrea Arcangeli <[email protected]>
Cc: Ebru Akagunduz <[email protected]>
Cc: Vlastimil Babka <[email protected]>
Cc: Mel Gorman <[email protected]>
Cc: Johannes Weiner <[email protected]>
Cc: Vegard Nossum <[email protected]>
Cc: Sasha Levin <[email protected]>
Cc: Konstantin Khlebnikov <[email protected]>
Cc: Andrey Ryabinin <[email protected]>
Cc: Greg Thelen <[email protected]>
Cc: Suleiman Souhlal <[email protected]>
Cc: Hugh Dickins <[email protected]>
Cc: David Rientjes <[email protected]>
Cc: syzkaller <[email protected]>
Cc: Kostya Serebryany <[email protected]>
Cc: Alexander Potapenko <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
Diffstat (limited to 'lib/mpi/mpiutil.c')
0 files changed, 0 insertions, 0 deletions