+ mm-z3foldc-lock-z3fold-page-before-__setpagemovable.patch added to -mm tree - Linux-stable-mirror

2 Jul 2019

The patch titled
     Subject: mm/z3fold.c: lock z3fold page before __SetPageMovable()
has been added to the -mm tree.  Its filename is
     mm-z3foldc-lock-z3fold-page-before-__setpagemovable.patch
This patch should soon appear at
    http://ozlabs.org/~akpm/mmots/broken-out/mm-z3foldc-lock-z3fold-page-before-...
and later at
    http://ozlabs.org/~akpm/mmotm/broken-out/mm-z3foldc-lock-z3fold-page-before-...
Before you just go and hit "reply", please:
   a) Consider who else should be cc'ed
   b) Prefer to cc a suitable mailing list as well
   c) Ideally: find the original patch on the mailing list and do a
      reply-to-all to that, adding suitable additional cc's
*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***
The -mm tree is included into linux-next and is updated
there every 3-4 working days
------------------------------------------------------
From: Henry Burns henryburns@google.com
Subject: mm/z3fold.c: lock z3fold page before __SetPageMovable()
__SetPageMovable() expects its page to be locked, but z3fold.c doesn't
lock the page.  This triggers the VM_BUG_ON_PAGE(!PageLocked(page), page)
in __SetPageMovable().
Following zsmalloc.c's example we call trylock_page() and unlock_page(). 
Also make z3fold_page_migrate() assert that newpage is passed in locked,
as per the documentation.
Link: http://lkml.kernel.org/r/20190702005122.41036-1-henryburns@google.com
Signed-off-by: Henry Burns henryburns@google.com
Suggested-by: Vitaly Wool vitalywool@gmail.com
Acked-by: Vitaly Wool vitalywool@gmail.com
Acked-by: David Rientjes rientjes@google.com
Cc: Shakeel Butt shakeelb@google.com
Cc: Vitaly Vul vitaly.vul@sony.com
Cc: Mike Rapoport rppt@linux.vnet.ibm.com
Cc: Xidong Wang wangxidong_97@163.com
Cc: Jonathan Adams jwadams@google.com
Cc: stable@vger.kernel.org
Signed-off-by: Andrew Morton akpm@linux-foundation.org
---
mm/z3fold.c |    6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

--- a/mm/z3fold.c~mm-z3foldc-lock-z3fold-page-before-__setpagemovable
+++ a/mm/z3fold.c
@@ -919,7 +919,10 @@ retry:
    	set_bit(PAGE_HEADLESS, &page->private);
    	goto headless;
    }
-	__SetPageMovable(page, pool->inode->i_mapping);
+	if (!WARN_ON(!trylock_page(page))) {
+		__SetPageMovable(page, pool->inode->i_mapping);
+		unlock_page(page);
+	}
    z3fold_page_lock(zhdr);
found:
@@ -1326,6 +1329,7 @@ static int z3fold_page_migrate(struct ad
VM_BUG_ON_PAGE(!PageMovable(page), page);
    VM_BUG_ON_PAGE(!PageIsolated(page), page);
+	VM_BUG_ON_PAGE(!PageLocked(newpage), newpage);
zhdr = page_address(page);
    pool = zhdr_to_pool(zhdr);
_
Patches currently in -mm which might be from henryburns@google.com are
mm-z3fold-fix-z3fold_buddy_slots-use-after-free.patch
mm-z3foldc-lock-z3fold-page-before-__setpagemovable.patch

    