mirror of
https://github.com/torvalds/linux
synced 2024-11-05 18:23:50 +00:00
c7b1850dfb
syzbot hit kernel BUG at fs/hugetlbfs/inode.c:532 as described in [1]. This BUG triggers if the HPageRestoreReserve flag is set on a page in the page cache. It should never be set, as the routine huge_add_to_page_cache explicitly clears the flag after adding a page to the cache. The only code other than huge page allocation which sets the flag is restore_reserve_on_error. It will potentially set the flag in rare out of memory conditions. syzbot was injecting errors to cause memory allocation errors which exercised this specific path. The code in restore_reserve_on_error is doing the right thing. However, there are instances where pages in the page cache were being passed to restore_reserve_on_error. This is incorrect, as once a page goes into the cache reservation information will not be modified for the page until it is removed from the cache. Error paths do not remove pages from the cache, so even in the case of error, the page will remain in the cache and no reservation adjustment is needed. Modify routines that potentially call restore_reserve_on_error with a page cache page to no longer do so. Note on fixes tag: Prior to commit |
||
|---|---|---|
| .. | ||
| kasan | ||
| kfence | ||
| backing-dev.c | ||
| balloon_compaction.c | ||
| bootmem_info.c | ||
| cleancache.c | ||
| cma.c | ||
| cma.h | ||
| cma_debug.c | ||
| cma_sysfs.c | ||
| compaction.c | ||
| debug.c | ||
| debug_page_ref.c | ||
| debug_vm_pgtable.c | ||
| dmapool.c | ||
| early_ioremap.c | ||
| fadvise.c | ||
| failslab.c | ||
| filemap.c | ||
| frontswap.c | ||
| gup.c | ||
| gup_test.c | ||
| gup_test.h | ||
| highmem.c | ||
| hmm.c | ||
| huge_memory.c | ||
| hugetlb.c | ||
| hugetlb_cgroup.c | ||
| hugetlb_vmemmap.c | ||
| hugetlb_vmemmap.h | ||
| hwpoison-inject.c | ||
| init-mm.c | ||
| internal.h | ||
| interval_tree.c | ||
| io-mapping.c | ||
| ioremap.c | ||
| Kconfig | ||
| Kconfig.debug | ||
| khugepaged.c | ||
| kmemleak.c | ||
| ksm.c | ||
| list_lru.c | ||
| maccess.c | ||
| madvise.c | ||
| Makefile | ||
| mapping_dirty_helpers.c | ||
| memblock.c | ||
| memcontrol.c | ||
| memfd.c | ||
| memory-failure.c | ||
| memory.c | ||
| memory_hotplug.c | ||
| mempolicy.c | ||
| mempool.c | ||
| memremap.c | ||
| memtest.c | ||
| migrate.c | ||
| mincore.c | ||
| mlock.c | ||
| mm_init.c | ||
| mmap.c | ||
| mmap_lock.c | ||
| mmu_gather.c | ||
| mmu_notifier.c | ||
| mmzone.c | ||
| mprotect.c | ||
| mremap.c | ||
| msync.c | ||
| nommu.c | ||
| oom_kill.c | ||
| page-writeback.c | ||
| page_alloc.c | ||
| page_counter.c | ||
| page_ext.c | ||
| page_idle.c | ||
| page_io.c | ||
| page_isolation.c | ||
| page_owner.c | ||
| page_poison.c | ||
| page_reporting.c | ||
| page_reporting.h | ||
| page_vma_mapped.c | ||
| pagewalk.c | ||
| percpu-internal.h | ||
| percpu-km.c | ||
| percpu-stats.c | ||
| percpu-vm.c | ||
| percpu.c | ||
| pgalloc-track.h | ||
| pgtable-generic.c | ||
| process_vm_access.c | ||
| ptdump.c | ||
| readahead.c | ||
| rmap.c | ||
| rodata_test.c | ||
| secretmem.c | ||
| shmem.c | ||
| shuffle.c | ||
| shuffle.h | ||
| slab.c | ||
| slab.h | ||
| slab_common.c | ||
| slob.c | ||
| slub.c | ||
| sparse-vmemmap.c | ||
| sparse.c | ||
| swap.c | ||
| swap_cgroup.c | ||
| swap_slots.c | ||
| swap_state.c | ||
| swapfile.c | ||
| truncate.c | ||
| usercopy.c | ||
| userfaultfd.c | ||
| util.c | ||
| vmacache.c | ||
| vmalloc.c | ||
| vmpressure.c | ||
| vmscan.c | ||
| vmstat.c | ||
| workingset.c | ||
| z3fold.c | ||
| zbud.c | ||
| zpool.c | ||
| zsmalloc.c | ||
| zswap.c | ||