On Mon, 22 Jun 2026 23:57:17 +0200 "Christian A. Ehrhardt" <[email protected]> wrote:
> In the ->huge_fault handler do not install a PMD huge page > mapping if the huge page exceeds the boundaries of the VMA. > > All other ->huge_fault handlers have similar checks and the > resulting mapping will trigger a VM_BUG_ON_VMA() if it ever > reaches copy_pmd_range(). > > Cc: Pedro Demarchi Gomes <[email protected]> > Cc: Boris Brezillon <[email protected]> > Cc: [email protected] > Fixes: fc3bbf34e643 ("drm/shmem-helper: Fix huge page mapping in fault > handler") > Signed-off-by: Christian A. Ehrhardt <[email protected]> Reviewed-by: Boris Brezillon <[email protected]> > --- > drivers/gpu/drm/drm_gem_shmem_helper.c | 6 +++++- > 1 file changed, 5 insertions(+), 1 deletion(-) > > diff --git a/drivers/gpu/drm/drm_gem_shmem_helper.c > b/drivers/gpu/drm/drm_gem_shmem_helper.c > index c989459eb215..00807039f8d7 100644 > --- a/drivers/gpu/drm/drm_gem_shmem_helper.c > +++ b/drivers/gpu/drm/drm_gem_shmem_helper.c > @@ -597,9 +597,13 @@ static vm_fault_t try_insert_pfn(struct vm_fault *vmf, > unsigned int order, > #ifdef CONFIG_ARCH_SUPPORTS_PMD_PFNMAP > } else if (order == PMD_ORDER) { > unsigned long paddr = pfn << PAGE_SHIFT; > + struct vm_area_struct *vma = vmf->vma; > + unsigned long start = ALIGN_DOWN(vmf->address, PMD_SIZE); > + unsigned long end = start + PMD_SIZE; > + bool in_range = vma->vm_start <= start && end <= vma->vm_end; > bool aligned = (vmf->address & ~PMD_MASK) == (paddr & > ~PMD_MASK); > > - if (aligned && > + if (aligned && in_range && > folio_test_pmd_mappable(page_folio(pfn_to_page(pfn)))) { > vm_fault_t ret; >
