On Sat, May 22, 2021 at 7:40 AM Mike Kravetz mike.kravetz@oracle.com wrote:
In commit d6995da31122 ("hugetlb: use page.private for hugetlb specific page flags") the use of PagePrivate to indicate a reservation count should be restored at free time was changed to the hugetlb specific flag HPageRestoreReserve. Changes to a userfaultfd error path as well as a VM_BUG_ON() in remove_inode_hugepages() were overlooked.
Users could see incorrect hugetlb reserve counts if they experience an error with a UFFDIO_COPY operation. Specifically, this would be the result of an unlikely copy_huge_page_from_user error. There is not an increased chance of hitting the VM_BUG_ON.
Fixes: d6995da31122 ("hugetlb: use page.private for hugetlb specific page flags") Cc: stable@vger.kernel.org Signed-off-by: Mike Kravetz mike.kravetz@oracle.com
Reviewed-by: Muchun Song songmuchun@bytedance.com
Thanks Mike.