linux-sg2042/drivers
David Rientjes 668f9abbd4 mm: close PageTail race
Commit bf6bddf192 ("mm: introduce compaction and migration for
ballooned pages") introduces page_count(page) into memory compaction
which dereferences page->first_page if PageTail(page).

This results in a very rare NULL pointer dereference on the
aforementioned page_count(page).  Indeed, anything that does
compound_head(), including page_count() is susceptible to racing with
prep_compound_page() and seeing a NULL or dangling page->first_page
pointer.

This patch uses Andrea's implementation of compound_trans_head() that
deals with such a race and makes it the default compound_head()
implementation.  This includes a read memory barrier that ensures that
if PageTail(head) is true that we return a head page that is neither
NULL nor dangling.  The patch then adds a store memory barrier to
prep_compound_page() to ensure page->first_page is set.

This is the safest way to ensure we see the head page that we are
expecting, PageTail(page) is already in the unlikely() path and the
memory barriers are unfortunately required.

Hugetlbfs is the exception, we don't enforce a store memory barrier
during init since no race is possible.

Signed-off-by: David Rientjes <rientjes@google.com>
Cc: Holger Kiehl <Holger.Kiehl@dwd.de>
Cc: Christoph Lameter <cl@linux.com>
Cc: Rafael Aquini <aquini@redhat.com>
Cc: Vlastimil Babka <vbabka@suse.cz>
Cc: Michal Hocko <mhocko@suse.cz>
Cc: Mel Gorman <mgorman@suse.de>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: Rik van Riel <riel@redhat.com>
Cc: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2014-03-04 07:55:47 -08:00
..
accessibility
acpi ACPI / processor: Rework processor throttling with work_on_cpu() 2014-02-27 00:21:05 +01:00
amba
ata PCI updates for v3.14: 2014-02-20 12:46:24 -08:00
atm
auxdisplay
base PM / hibernate: Fix restore hang in freeze_processes() 2014-02-26 01:13:15 +01:00
bcma Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus 2014-01-30 17:20:32 -08:00
block mm: close PageTail race 2014-03-04 07:55:47 -08:00
bluetooth
bus drivers: bus: fix CCI driver kcalloc call parameters swap 2014-01-31 15:15:13 -08:00
cdrom Merge branch 'for-3.14/drivers' of git://git.kernel.dk/linux-block 2014-01-30 11:40:10 -08:00
char Char/Misc fixes for 3.14-rc3 2014-02-14 16:13:00 -08:00
clk The second half of the clock framework pull requeust for 3.14 is 2014-01-28 18:44:53 -08:00
clocksource clocksource: Kona: Print warning rather than panic 2014-02-06 16:01:40 +01:00
connector
cpufreq intel_pstate: Change busy calculation to use fixed point math. 2014-02-26 00:56:49 +01:00
cpuidle powerpc/powernv/cpuidle: Back-end cpuidle driver for powernv platform. 2014-01-29 17:02:24 +11:00
crypto crypto/nx/nx-842: Fix handling of vmalloc addresses 2014-02-11 11:24:49 +11:00
dca
devfreq Merge branches 'pm-cpufreq' and 'pm-devfreq' 2014-01-29 11:48:23 +01:00
dio
dma Merge branch 'fixes' of git://git.infradead.org/users/vkoul/slave-dma 2014-03-01 21:30:43 -06:00
edac i7300_edac: Fix device reference count 2014-02-25 09:43:13 +01:00
eisa Revert "EISA: Initialize device before its resources" 2014-01-17 14:57:29 -07:00
extcon ASoC: dapm: Add locking to snd_soc_dapm_xxxx_pin functions 2014-02-20 18:40:07 +09:00
firewire firewire: Enable remote DMA above 4 GB 2014-01-20 01:11:13 +01:00
firmware firmware/google: drop 'select EFI' to avoid recursive dependency 2014-01-27 21:02:40 -08:00
fmc drivers/fmc/fmc-write-eeprom.c: fix decimal permissions 2014-02-25 15:25:43 -08:00
gpio gpio: tb10x: GPIO_TB10X needs to select GENERIC_IRQ_CHIP 2014-02-05 11:13:59 +01:00
gpu Merge branch 'drm-fixes' of git://people.freedesktop.org/~airlied/linux 2014-03-02 15:25:45 -08:00
hid Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid 2014-02-18 16:29:46 -08:00
hsi
hv Drivers: hv: vmbus: Don't timeout during the initial connection with host 2014-02-07 08:27:34 -08:00
hwmon hwmon: (max1668) Fix writing the minimum temperature 2014-02-18 15:53:49 -08:00
hwspinlock
i2c i2c: mv64xxx: refactor message start to ensure proper initialization 2014-02-15 15:42:31 +01:00
ide drivers: ide: Include appropriate header file in ide-pio-blacklist.c 2014-01-28 23:35:09 -08:00
idle ACPI and power management updates for 3.14-rc1 2014-01-24 15:51:02 -08:00
iio iio:gyro: bug on L3GD20H gyroscope support 2014-02-18 10:24:49 +00:00
infiniband Merge git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending 2014-02-15 16:18:47 -08:00
input ASoC: dapm: Add locking to snd_soc_dapm_xxxx_pin functions 2014-02-20 18:40:07 +09:00
iommu drivers/iommu/omap-iommu-debug.c: fix decimal permissions 2014-02-25 15:25:42 -08:00
ipack
irqchip irq-metag*: stop set_affinity vectoring to offline cpus 2014-02-25 22:35:06 +00:00
isdn isdn/hisax: hex vs decimal typo in prfeatureind() 2014-02-06 21:18:06 -08:00
leds Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/cooloney/linux-leds 2014-01-28 18:53:01 -08:00
lguest
macintosh Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc 2014-01-27 21:11:26 -08:00
mailbox drivers/mailbox/omap: make mbox->irq signed for error handling 2014-01-23 16:36:53 -08:00
md dm cache: fix truncation bug when mapping I/O to >2TB fast device 2014-02-28 09:23:02 -05:00
media [media] adv7842: Composite free-run platfrom-data fix 2014-02-04 06:46:10 -02:00
memory
memstick drivers/memstick/host/rtsx_pci_ms.c: fix ms card data transfer bug 2014-01-23 16:37:04 -08:00
message drivers/message/i2o/i2o_config.c: fix deadlock in compat_ioctl(I2OGETIOPS) 2014-02-10 16:01:40 -08:00
mfd sound fixes for 3.14-rc4 2014-02-21 09:55:32 -08:00
misc mei: set client's read_cb to NULL when flow control fails 2014-02-18 10:07:36 -08:00
mmc Fix uses of dma_max_pfn() when converting to a limiting address 2014-02-17 23:08:41 +00:00
mtd Just a single fix for the UBI module unload path which makes sure we do not 2014-02-27 10:36:50 -08:00
net Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2014-02-18 15:52:43 -08:00
nfc
ntb
nubus
of Device tree compatible match order bug fix 2014-02-21 14:35:05 -08:00
oprofile
parisc
parport TTY/Serial driver patches for 3.14-rc1 2014-01-20 16:05:23 -08:00
pci PCI updates for v3.14: 2014-02-20 12:46:24 -08:00
pcmcia PCI changes for the v3.14 merge window: 2014-01-22 16:39:28 -08:00
phy phy: let phy_provider_register be the last step in registering PHY 2014-02-18 12:13:16 -08:00
pinctrl pinctrl: tegra: return correct error type 2014-02-06 14:21:19 +01:00
platform platform/chrome: Cleanups and improvements 2014-01-29 20:06:01 -08:00
pnp
power Few fixes: 2014-02-14 10:32:28 -08:00
powercap
pps
ps3
ptp ptp_pch: Add dependency on HAS_IOMEM 2014-01-15 14:51:22 -08:00
pwm pwm: lp3943: Fix potential memory leak during request 2014-02-26 15:45:12 +01:00
rapidio
regulator Merge remote-tracking branches 'regulator/fix/da9063', 'regulator/fix/max14577' and 'regulator/fix/s5m8767' into regulator-linus 2014-02-23 12:22:18 +09:00
remoteproc
reset
rpmsg
rtc Merge branch 'akpm' (incoming from Andrew) 2014-01-23 19:11:50 -08:00
s390 s390/cio: Fix missing subchannels after CHPID configure on 2014-02-21 08:48:33 +01:00
sbus Sparc: sparc_cpu_model isn't in asm/system.h any more [ver #2] 2014-02-20 13:34:11 -05:00
scsi Merge git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending 2014-03-01 21:33:09 -06:00
sfi
sh
sn
spi Merge remote-tracking branches 'spi/fix/doc', 'spi/fix/nuc900' and 'spi/fix/rspi' into spi-linus 2014-02-11 12:08:27 +00:00
ssb Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus 2014-01-30 17:20:32 -08:00
staging Fourth set of IIO fixes for the 3.14 kernel. 2014-02-28 17:08:03 -08:00
target Target/sbc: Don't use sg as iterator in sbc_verify_read 2014-02-23 16:35:32 -08:00
tc
thermal Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/rzhang/linux 2014-01-24 17:13:49 -08:00
tty Revert "tty: Set correct tty name in 'active' sysfs attribute" 2014-02-22 14:31:04 -08:00
uio
usb usb: ehci: fix deadlock when threadirqs option is used 2014-02-26 15:46:42 -08:00
uwb
vfio mm: close PageTail race 2014-03-04 07:55:47 -08:00
vhost Merge git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending 2014-03-01 21:33:09 -06:00
video video: Kconfig: Allow more broad selection of the imxfb framebuffer driver. 2014-02-14 10:44:52 +02:00
virt
virtio A few simple fixes. Quiet cycle. 2014-01-22 22:24:35 -08:00
vlynq drivers/vlynq/vlynq.c: fix another resource size off by 1 error 2014-01-23 16:36:55 -08:00
vme VME: Correct read/write alignment algorithm 2014-02-07 08:16:14 -08:00
w1 drivers/w1/masters/w1-gpio.c: add strong pullup emulation 2014-01-23 16:37:04 -08:00
watchdog watchdog: w83697hf_wdt: return ENODEV if no device was found 2014-02-21 20:36:46 +01:00
xen Bug-fix: 2014-02-12 12:28:05 -08:00
zorro
Kconfig
Makefile