Commit 6ea8d958 authored by chenjie's avatar chenjie Committed by Linus Torvalds

mm/madvise.c: fix madvise() infinite loop under special circumstances

MADVISE_WILLNEED has always been a noop for DAX (formerly XIP) mappings.
Unfortunately madvise_willneed() doesn't communicate this information
properly to the generic madvise syscall implementation.  The calling
convention is quite subtle there.  madvise_vma() is supposed to either
return an error or update &prev otherwise the main loop will never
advance to the next vma and it will keep looping for ever without a way
to get out of the kernel.

It seems this has been broken since introduction.  Nobody has noticed
because nobody seems to be using MADVISE_WILLNEED on these DAX mappings.

[ rewrite changelog]
Fixes: fe77ba6f ("[PATCH] xip: madvice/fadvice: execute in place")
Signed-off-by: default avatarchenjie <>
Signed-off-by: default avatarguoxuenan <>
Acked-by: default avatarMichal Hocko <>
Cc: Minchan Kim <>
Cc: zhangyi (F) <>
Cc: Miao Xie <>
Cc: Mike Rapoport <>
Cc: Shaohua Li <>
Cc: Andrea Arcangeli <>
Cc: Mel Gorman <>
Cc: Kirill A. Shutemov <>
Cc: David Rientjes <>
Cc: Anshuman Khandual <>
Cc: Rik van Riel <>
Cc: Carsten Otte <>
Cc: Dan Williams <>
Cc: <>
Signed-off-by: default avatarAndrew Morton <>
Signed-off-by: default avatarLinus Torvalds <>
parent 04e35f44
......@@ -276,15 +276,14 @@ static long madvise_willneed(struct vm_area_struct *vma,
struct file *file = vma->vm_file;
*prev = vma;
if (!file) {
*prev = vma;
force_swapin_readahead(vma, start, end);
return 0;
if (shmem_mapping(file->f_mapping)) {
*prev = vma;
force_shm_swapin_readahead(vma, start, end,
return 0;
......@@ -299,7 +298,6 @@ static long madvise_willneed(struct vm_area_struct *vma,
return 0;
*prev = vma;
start = ((start - vma->vm_start) >> PAGE_SHIFT) + vma->vm_pgoff;
if (end > vma->vm_end)
end = vma->vm_end;
Markdown is supported
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment