The quilt patch titled Subject: mm/gup: fix memfd_pin_folios alloc race panic has been removed from the -mm tree. Its filename was mm-gup-fix-memfd_pin_folios-alloc-race-panic.patch
This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
------------------------------------------------------ From: Steve Sistare steven.sistare@oracle.com Subject: mm/gup: fix memfd_pin_folios alloc race panic Date: Tue, 3 Sep 2024 07:25:21 -0700
If memfd_pin_folios tries to create a hugetlb page, but someone else already did, then folio gets the value -EEXIST here:
folio = memfd_alloc_folio(memfd, start_idx); if (IS_ERR(folio)) { ret = PTR_ERR(folio); if (ret != -EEXIST) goto err;
then on the next trip through the "while start_idx" loop we panic here:
if (folio) { folio_put(folio);
To fix, set the folio to NULL on error.
Link: https://lkml.kernel.org/r/1725373521-451395-6-git-send-email-steven.sistare@... Fixes: 89c1905d9c14 ("mm/gup: introduce memfd_pin_folios() for pinning memfd folios") Signed-off-by: Steve Sistare steven.sistare@oracle.com Acked-by: Vivek Kasireddy vivek.kasireddy@intel.com Cc: David Hildenbrand david@redhat.com Cc: Jason Gunthorpe jgg@nvidia.com Cc: Matthew Wilcox willy@infradead.org Cc: Muchun Song muchun.song@linux.dev Cc: Peter Xu peterx@redhat.com Cc: stable@vger.kernel.org Signed-off-by: Andrew Morton akpm@linux-foundation.org ---
mm/gup.c | 1 + 1 file changed, 1 insertion(+)
--- a/mm/gup.c~mm-gup-fix-memfd_pin_folios-alloc-race-panic +++ a/mm/gup.c @@ -3702,6 +3702,7 @@ long memfd_pin_folios(struct file *memfd ret = PTR_ERR(folio); if (ret != -EEXIST) goto err; + folio = NULL; } } } _
Patches currently in -mm which might be from steven.sistare@oracle.com are
linux-stable-mirror@lists.linaro.org