commit 569f48b85813f053aeab35429ba1657cb7f426db
author Hillf Danton <hillf.zj@alibaba-inc.com> Wed Dec 10 15:44:41 2014 -0800
committer Linus Torvalds <torvalds@linux-foundation.org> Wed Dec 10 17:41:08 2014 -0800
tree c69c7657aa770c2d7789bcc7f7f5b7e96fb3a9bf
parent e4bd6a0248b2a026e07c19995c41a4cb5a49d797

mm: hugetlb: fix __unmap_hugepage_range()

First, after flushing TLB, we have no need to scan pte from start again.
Second, before bail out loop, the address is forwarded one step.

Signed-off-by: Hillf Danton <hillf.zj@alibaba-inc.com>
Reviewed-by: Michal Hocko <mhocko@suse.cz>
Acked-by: David Rientjes <rientjes@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

mm/hugetlb.c

diff --git a/mm/hugetlb.c b/mm/hugetlb.c
index 9fd7227..30cd968 100644
--- a/mm/hugetlb.c
+++ b/mm/hugetlb.c
@@ -2638,8 +2638,9 @@
 
 	tlb_start_vma(tlb, vma);
 	mmu_notifier_invalidate_range_start(mm, mmun_start, mmun_end);
+	address = start;
 again:
-	for (address = start; address < end; address += sz) {
+	for (; address < end; address += sz) {
 		ptep = huge_pte_offset(mm, address);
 		if (!ptep)
 			continue;
@@ -2686,6 +2687,7 @@
 		page_remove_rmap(page);
 		force_flush = !__tlb_remove_page(tlb, page);
 		if (force_flush) {
+			address += sz;
 			spin_unlock(ptl);
 			break;
 		}