• Nadav Amit's avatar
    fs/hugetlbfs/inode.c: change put_page/unlock_page order in hugetlbfs_fallocate() · 72639e6d
    Nadav Amit authored
    hugetlfs_fallocate() currently performs put_page() before unlock_page().
    This scenario opens a small time window, from the time the page is added
    to the page cache, until it is unlocked, in which the page might be
    removed from the page-cache by another core.  If the page is removed
    during this time windows, it might cause a memory corruption, as the
    wrong page will be unlocked.
    
    It is arguable whether this scenario can happen in a real system, and
    there are several mitigating factors.  The issue was found by code
    inspection (actually grep), and not by actually triggering the flow.
    Yet, since putting the page before unlocking is incorrect it should be
    fixed, if only to prevent future breakage or someone copy-pasting this
    code.
    
    Mike said:
     "I am of the opinion that this does not need to be sent to stable.
      Although the ordering is current code is incorrect, there is no way
      for this to be a problem with current locking. In addition, I verified
      that the perhaps bigger issue with sys_fadvise64(POSIX_FADV_DONTNEED)
      for hugetlbfs and other filesystems is addressed in 3a77d214 ("mm:
      fadvise: avoid fadvise for fs without backing device")"
    
    Link: http://lkml.kernel.org/r/20170826191124.51642-1-namit@vmware.com
    Fixes: 70c3547e ("hugetlbfs: add hugetlbfs_fallocate()")
    Signed-off-by: 's avatarNadav Amit <namit@vmware.com>
    Reviewed-by: 's avatarMike Kravetz <mike.kravetz@oracle.com>
    Acked-by: 's avatarMichal Hocko <mhocko@suse.com>
    Cc: Eric Biggers <ebiggers3@gmail.com>
    Cc: Mike Kravetz <mike.kravetz@oracle.com>
    Signed-off-by: 's avatarAndrew Morton <akpm@linux-foundation.org>
    Signed-off-by: 's avatarLinus Torvalds <torvalds@linux-foundation.org>
    72639e6d
Name
Last commit
Last update
..
Makefile Loading commit data...
inode.c Loading commit data...