From patchwork Mon Nov 23 20:04:42 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kani, Toshi" X-Patchwork-Id: 7685951 Return-Path: X-Original-To: patchwork-linux-nvdimm@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.136]) by patchwork1.web.kernel.org (Postfix) with ESMTP id F30869F1BE for ; Mon, 23 Nov 2015 20:09:07 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 27FD8207F0 for ; Mon, 23 Nov 2015 20:09:07 +0000 (UTC) Received: from ml01.01.org (ml01.01.org [198.145.21.10]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 04234207EB for ; Mon, 23 Nov 2015 20:09:06 +0000 (UTC) Received: from ml01.vlan14.01.org (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id D4FDF1A208B; Mon, 23 Nov 2015 12:09:05 -0800 (PST) X-Original-To: linux-nvdimm@lists.01.org Delivered-To: linux-nvdimm@lists.01.org Received: from g2t2355.austin.hp.com (g2t2355.austin.hp.com [15.217.128.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 154F11A207D for ; Mon, 23 Nov 2015 12:09:05 -0800 (PST) Received: from g2t2360.austin.hp.com (g2t2360.austin.hp.com [16.197.8.247]) by g2t2355.austin.hp.com (Postfix) with ESMTP id 1C1834D; Mon, 23 Nov 2015 20:09:04 +0000 (UTC) Received: from misato.fc.hp.com (misato.fc.hp.com [16.78.168.61]) by g2t2360.austin.hp.com (Postfix) with ESMTP id 2CBEF3F; Mon, 23 Nov 2015 20:09:03 +0000 (UTC) From: Toshi Kani To: akpm@linux-foundation.org Subject: [PATCH] mm: Fix mmap MAP_POPULATE for DAX pmd mapping Date: Mon, 23 Nov 2015 13:04:42 -0700 Message-Id: <1448309082-20851-1-git-send-email-toshi.kani@hpe.com> X-Mailer: git-send-email 2.4.3 Cc: mauricio.porto@hpe.com, linux-nvdimm@lists.01.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, kirill.shutemov@linux.intel.com X-BeenThere: linux-nvdimm@lists.01.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Linux-nvdimm developer list." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: linux-nvdimm-bounces@lists.01.org Sender: "Linux-nvdimm" X-Spam-Status: No, score=-3.2 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_LOW, RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP The following oops was observed when mmap() with MAP_POPULATE pre-faulted pmd mappings of a DAX file. follow_trans_huge_pmd() expects that a target address has a struct page. BUG: unable to handle kernel paging request at ffffea0012220000 follow_trans_huge_pmd+0xba/0x390 follow_page_mask+0x33d/0x420 __get_user_pages+0xdc/0x800 populate_vma_page_range+0xb5/0xe0 __mm_populate+0xc5/0x150 vm_mmap_pgoff+0xd5/0xe0 SyS_mmap_pgoff+0x1c1/0x290 SyS_mmap+0x1b/0x30 Fix it by making the PMD pre-fault handling consistent with PTE. After pre-faulted in faultin_page(), follow_page_mask() calls follow_trans_huge_pmd(), which is changed to call follow_pfn_pmd() for VM_PFNMAP or VM_MIXEDMAP. follow_pfn_pmd() handles FOLL_TOUCH and returns with -EEXIST. Reported-by: Mauricio Porto Signed-off-by: Toshi Kani Cc: Andrew Morton Cc: Kirill A. Shutemov Cc: Matthew Wilcox Cc: Dan Williams Cc: Ross Zwisler --- mm/huge_memory.c | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/mm/huge_memory.c b/mm/huge_memory.c index d5b8920..f56e034 100644 --- a/mm/huge_memory.c +++ b/mm/huge_memory.c @@ -1267,6 +1267,32 @@ out_unlock: return ret; } +/* + * Follow a pmd inserted by vmf_insert_pfn_pmd(). See follow_pfn_pte() for pte. + */ +static int follow_pfn_pmd(struct vm_area_struct *vma, unsigned long address, + pmd_t *pmd, unsigned int flags) +{ + /* No page to get reference */ + if (flags & FOLL_GET) + return -EFAULT; + + if (flags & FOLL_TOUCH) { + pmd_t entry = *pmd; + + /* Set the dirty bit per follow_trans_huge_pmd() */ + entry = pmd_mkyoung(pmd_mkdirty(entry)); + + if (!pmd_same(*pmd, entry)) { + set_pmd_at(vma->vm_mm, address, pmd, entry); + update_mmu_cache_pmd(vma, address, pmd); + } + } + + /* Proper page table entry exists, but no corresponding struct page */ + return -EEXIST; +} + struct page *follow_trans_huge_pmd(struct vm_area_struct *vma, unsigned long addr, pmd_t *pmd, @@ -1274,6 +1300,7 @@ struct page *follow_trans_huge_pmd(struct vm_area_struct *vma, { struct mm_struct *mm = vma->vm_mm; struct page *page = NULL; + int ret; assert_spin_locked(pmd_lockptr(mm, pmd)); @@ -1288,6 +1315,13 @@ struct page *follow_trans_huge_pmd(struct vm_area_struct *vma, if ((flags & FOLL_NUMA) && pmd_protnone(*pmd)) goto out; + /* pfn map does not have a struct page */ + if (vma->vm_flags & (VM_PFNMAP | VM_MIXEDMAP)) { + ret = follow_pfn_pmd(vma, addr, pmd, flags); + page = ERR_PTR(ret); + goto out; + } + page = pmd_page(*pmd); VM_BUG_ON_PAGE(!PageHead(page), page); if (flags & FOLL_TOUCH) {