diff options
| author | Luiz Capitulino <[email protected]> | 2025-07-14 13:16:54 +0000 |
|---|---|---|
| committer | Andrew Morton <[email protected]> | 2025-07-25 02:12:35 +0000 |
| commit | 476d87d6a06146125e8f16edbe845a7bcf6a2e57 (patch) | |
| tree | be724be0d25924f20a9aed5642d957bd78740f74 /mm/cma_debug.c | |
| parent | proc: kpagecount: use snapshot_page() (diff) | |
| download | kernel-476d87d6a06146125e8f16edbe845a7bcf6a2e57.tar.gz kernel-476d87d6a06146125e8f16edbe845a7bcf6a2e57.zip | |
fs: stable_page_flags(): use snapshot_page()
A race condition is possible in stable_page_flags() where user-space is
reading /proc/kpageflags concurrently to a folio split. This may lead to
oopses or BUG_ON()s being triggered.
To fix this, this commit uses snapshot_page() in stable_page_flags() so
that stable_page_flags() works with a stable page and folio snapshots
instead.
Note that stable_page_flags() makes use of some functions that require the
original page or folio pointer to work properly (eg. is_free_budy_page()
and folio_test_idle()). Since those functions can't be used on the page
snapshot, we replace their usage with flags that were set by
snapshot_page() for this purpose.
Link: https://lkml.kernel.org/r/52c16c0f00995a812a55980c2f26848a999a34ab.1752499009.git.luizcap@redhat.com
Signed-off-by: Luiz Capitulino <[email protected]>
Reviewed-by: Shivank Garg <[email protected]>
Tested-by: Harry Yoo <[email protected]>
Acked-by: David Hildenbrand <[email protected]>
Cc: Matthew Wilcox (Oracle) <[email protected]>
Cc: Oscar Salvador <[email protected]>
Cc: SeongJae Park <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Diffstat (limited to 'mm/cma_debug.c')
0 files changed, 0 insertions, 0 deletions