Konstantin Khlebnikov f8fd8c2eec proc/pagemap: walk page tables under pte lock ... Lockless access to pte in pagemap_pte_range() might race with page migration and trigger BUG_ON(!PageLocked()) in migration_entry_to_page(): CPU A (pagemap) CPU B (migration) lock_page() try_to_unmap(page, TTU_MIGRATION...) make_migration_entry() set_pte_at() <read *pte> pte_to_pagemap_entry() remove_migration_ptes() unlock_page() if(is_migration_entry()) migration_entry_to_page() BUG_ON(!PageLocked(page)) Also lockless read might be non-atomic if pte is larger than wordsize. Other pte walkers (smaps, numa_maps, clear_refs) already lock ptes. Change-Id: Ie9a6e67d3d5aa707a5eaaf77ceae3c08710f9da8 Fixes: 052fb0d635 ("proc: report file/anon bit in /proc/pid/pagemap") Signed-off-by: Konstantin Khlebnikov <khlebnikov@yandex-team.ru> Reported-by: Andrey Ryabinin <a.ryabinin@samsung.com> Reviewed-by: Cyrill Gorcunov <gorcunov@openvz.org> Acked-by: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com> Acked-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com> Cc: <stable@vger.kernel.org> [3.5+] Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Git-commit: 05fbf357d94152171bc50f8a369390f1f16efd89 Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git [lmark@codeaurora.org: fix merge conflicts] Signed-off-by: Liam Mark <lmark@codeaurora.org>		2015-05-11 15:58:51 -07:00
..
9p
adfs
affs
afs
autofs4	autofs4 copy_dev_ioctl(): keep the value of ->size we'd used for allocation	2015-03-18 13:22:32 +01:00
befs
bfs
btrfs	This is the 3.10.73 stable release	2015-04-24 18:14:57 -07:00
cachefiles
ceph	ceph: allow sync_read/write return partial successed size of read/write.	2014-01-09 12:24:25 -08:00
cifs	This is the 3.10.67 stable release	2015-04-24 18:04:40 -07:00
coda
configfs	configfs: fix race between dentry put and lookup	2013-11-29 11:11:53 -08:00
cramfs
debugfs	This is the 3.10.73 stable release	2015-04-24 18:14:57 -07:00
devpts	devpts: plug the memory leak in kill_sb	2013-12-04 10:55:49 -08:00
dlm
ecryptfs	eCryptfs: Remove buggy and unnecessary write in file name decode routine	2015-01-08 09:58:17 -08:00
efivarfs
efs
exofs	ore: Fix wrong math in allocation of per device BIO	2014-02-13 13:48:00 -08:00
exportfs
ext2	ext2: Fix oops in ext2_get_block() called from ext2_quota_write()	2014-12-16 09:09:43 -08:00
ext3	This is the 3.10.67 stable release	2015-04-24 18:04:40 -07:00
ext4	This is the 3.10.73 stable release	2015-04-24 18:14:57 -07:00
f2fs
fat	Add compat_ioctl support for VFAT_IOCTL_GET_VOLUME_ID	2014-06-13 12:05:26 -07:00
freevxfs
fscache
fuse	This is the 3.10.73 stable release	2015-04-24 18:14:57 -07:00
gfs2	arch: Mass conversion of smp_mb__*()	2014-08-15 11:45:28 -07:00
hfs
hfsplus
hostfs
hpfs
hppfs
hugetlbfs	cope with potentially long ->d_dname() output for shmem/hugetlb	2014-01-09 16:35:41 -08:00
isofs	isofs: Fix unchecked printing of ER records	2015-01-08 09:58:15 -08:00
jbd
jbd2	This is the 3.10.67 stable release	2015-04-24 18:04:40 -07:00
jffs2	jffs2: fix handling of corrupted summary length	2015-03-06 14:40:53 -08:00
jfs	jfs: fix error path in ialloc	2013-11-13 12:05:31 +09:00
lockd	LOCKD: Fix a race when initialising nlmsvc_timeout	2015-01-27 07:52:33 -08:00
logfs
minix
ncpfs	ncpfs: return proper error from NCP_IOC_SETROOT ioctl	2015-01-08 09:58:17 -08:00
nfs	This is the 3.10.73 stable release	2015-04-24 18:14:57 -07:00
nfs_common
nfsd	nfsd4: fix xdr4 inclusion of escaped char	2015-01-16 06:59:02 -08:00
nilfs2	nilfs2: fix deadlock of segment constructor during recovery	2015-03-26 15:00:59 +01:00
nls
notify	fsnotify: next_i is freed during fsnotify_unmount_inodes.	2015-01-27 07:52:33 -08:00
ntfs
ocfs2	ocfs2: fix journal commit deadlock	2015-01-16 06:59:00 -08:00
omfs
openpromfs
proc	proc/pagemap: walk page tables under pte lock	2015-05-11 15:58:51 -07:00
pstore	This is the 3.10.73 stable release	2015-04-24 18:14:57 -07:00
qnx4
qnx6
quota	quota: provide interface for readding allocated space into reserved space	2015-01-29 17:40:57 -08:00
ramfs
reiserfs	reiserfs: call truncate_setsize under tailpack mutex	2014-07-06 18:54:15 -07:00
romfs
squashfs
sysfs
sysv	sysv: Add forgotten superblock lock init for v7 fs	2013-10-05 07:13:09 -07:00
ubifs	This is the 3.10.67 stable release	2015-04-24 18:04:40 -07:00
udf	udf: Verify symlink size before loading it	2015-01-08 09:58:17 -08:00
ufs
xfs	xfs: set superblock buffer type correctly	2015-03-06 14:40:47 -08:00
yaffs2	fs: yaffs2: initialize delayed workqueue before using it	2013-11-26 23:29:26 -08:00
aio.c	aio: fix kernel memory disclosure in io_getevents() introduced in v3.10	2014-06-30 20:09:45 -07:00
anon_inodes.c
attr.c	fs,userns: Change inode_capable to capable_wrt_inode_uidgid	2014-06-16 13:42:52 -07:00
bad_inode.c
binfmt_aout.c	mm: remove free_area_cache	2014-02-07 13:49:41 -08:00
binfmt_elf.c	This is the 3.10.73 stable release	2015-04-24 18:14:57 -07:00
binfmt_elf_fdpic.c
binfmt_em86.c
binfmt_flat.c
binfmt_misc.c
binfmt_script.c
binfmt_som.c
bio-integrity.c	bio-integrity: Fix bio_integrity_verify segment start bug	2014-03-23 21:38:21 -07:00
bio.c	platform: msm: fix PFT when using direct-io	2014-06-23 21:38:40 +03:00
block_dev.c	mm: vmscan: take page buffers dirty and locked state into account	2014-12-11 15:12:10 +05:30
buffer.c	This is the 3.10.67 stable release	2015-04-24 18:04:40 -07:00
char_dev.c
compat.c	compat: let architectures define __ARCH_WANT_COMPAT_SYS_GETDENTS64	2014-08-15 11:41:28 -07:00
compat_binfmt_elf.c	binfmt_elf: add ELF_HWCAP2 to compat auxv entries	2015-03-19 14:52:32 -07:00
compat_ioctl.c	fs: Add TTY PM IOCTLs to compat table	2014-07-30 10:25:00 -06:00
coredump.c	coredump: fix the setting of PF_DUMPCORE	2014-07-31 12:53:50 -07:00
coredump.h
dcache.c	vfs: fix bad hashing of dentries	2014-09-17 09:04:02 -07:00
dcookies.c	fs/compat: fix lookup_dcookie() parameter handling	2014-02-13 13:48:00 -08:00
direct-io.c	platform: msm: fix PFT when using direct-io	2014-06-23 21:38:40 +03:00
drop_caches.c
eventfd.c
eventpoll.c	Revert "epoll: use freezable blocking call"	2014-08-29 14:20:41 -07:00
exec.c	seccomp: implement SECCOMP_FILTER_FLAG_TSYNC	2015-03-19 14:52:56 -07:00
fcntl.c
fhandle.c
file.c	Merge upstream linux-stable v3.10.36 into msm-3.10	2014-04-23 16:23:49 -07:00
file_table.c	don't bother with {get,put}_write_access() on non-regular files	2014-05-30 21:52:12 -07:00
filesystems.c
fs-writeback.c	This is the 3.10.67 stable release	2015-04-24 18:04:40 -07:00
fs_struct.c
generic_acl.c
inode.c	fs,userns: Change inode_capable to capable_wrt_inode_uidgid	2014-06-16 13:42:52 -07:00
internal.h
ioctl.c
ioprio.c	block: Fix computation of merged request priority	2014-11-21 09:22:53 -08:00
Kconfig
Kconfig.binfmt
libfs.c
locks.c	locks: allow __break_lease to sleep even when break_time is 0	2014-05-13 13:59:44 +02:00
Makefile
mbcache.c
mount.h	vfs: Is mounted should be testing mnt_ns for NULL or error.	2014-02-06 11:08:16 -08:00
mpage.c
namei.c	This is the 3.10.67 stable release	2015-04-24 18:04:40 -07:00
namespace.c	umount: Disallow unprivileged mount force	2015-01-08 09:58:16 -08:00
no-block.c
open.c	Merge upstream tag 'v3.10.49' into msm-3.10	2014-08-20 13:23:09 -07:00
pipe.c	vfs: fix subtle use-after-free of pipe_inode_info	2013-12-11 22:36:26 -08:00
pnode.c
pnode.h
posix_acl.c	posix_acl: handle NULL ACL in posix_acl_equiv_mode	2014-06-07 13:25:33 -07:00
proc_namespace.c
read_write.c	Merge upstream linux-stable v3.10.36 into msm-3.10	2014-04-23 16:23:49 -07:00
readdir.c
select.c
seq_file.c	fs/seq_file: Use vmalloc by default for allocations > PAGE_SIZE	2014-09-23 10:37:58 -06:00
signalfd.c
splice.c	fuse: fix pipe_buf_operations	2014-02-13 13:47:59 -08:00
stack.c
stat.c	quota: provide interface for readding allocated space into reserved space	2015-01-29 17:40:57 -08:00
statfs.c	vfs: allow O_PATH file descriptors for fstatfs()	2013-10-18 07:45:44 -07:00
super.c	This is the 3.10.67 stable release	2015-04-24 18:04:40 -07:00
sync.c
timerfd.c	timerfd: support CLOCK_BOOTTIME clock	2014-06-13 12:06:03 -07:00
utimes.c
xattr.c
xattr_acl.c