On Mon, Apr 03, 2017 at 11:08:41AM -0700, Hugh Dickins wrote:
> On Mon, 3 Apr 2017, Kirill A. Shutemov wrote:
> > On Sun, Apr 02, 2017 at 05:03:00PM -0700, Hugh Dickins wrote:
> > > return true;
> > > -next_pte: do {
> > > +next_pte:
> > > + if (!PageTransHuge(pvmw->page) || PageHuge(pvmw->page))
> > > + return not_found(pvmw);
> >
> > I guess it makes sense to drop the same check from the beginning of the
> > function and move the comment here.
> >
> > Otherwise looks good. Thanks for tracking this down.
>
> Oh that's much better, thanks, it would have annoyed me to notice that
> duplication later on. Replacement patch...
>
>
> [PATCH] mm: fix page_vma_mapped_walk() for ksm pages
>
> Doug Smythies reports oops with KSM in this backtrace,
> I've been seeing the same:
>
> page_vma_mapped_walk+0xe6/0x5b0
> page_referenced_one+0x91/0x1a0
> rmap_walk_ksm+0x100/0x190
> rmap_walk+0x4f/0x60
> page_referenced+0x149/0x170
> shrink_active_list+0x1c2/0x430
> shrink_node_memcg+0x67a/0x7a0
> shrink_node+0xe1/0x320
> kswapd+0x34b/0x720
>
> Just as 4b0ece6fa016 ("mm: migrate: fix remove_migration_pte() for ksm
> pages") observed, you cannot use page->index calculations on ksm pages.
> page_vma_mapped_walk() is relying on __vma_address(), where a ksm page
> can lead it off the end of the page table, and into whatever nonsense
> is in the next page, ending as an oops inside check_pte()'s pte_page().
>
> KSM tells page_vma_mapped_walk() exactly where to look for the page,
> it does not need any page->index calculation: and that's so also for
> all the normal and file and anon pages - just not for THPs and their
> subpages. Get out early in most cases: instead of a PageKsm test,
> move down the earlier not-THP-page test, as suggested by Kirill.
>
> I'm also slightly worried that this loop can stray into other vmas,
> so added a vm_end test to prevent surprises; though I have not imagined
> anything worse than a very contrived case, in which a page mlocked in
> the next vma might be reclaimed because it is not mlocked in this vma.
>
> Fixes: ace71a19cec5 ("mm: introduce page_vma_mapped_walk()")
> Reported-by: Doug Smythies <dsmythies@xxxxxxxxx>
> Signed-off-by: Hugh Dickins <hughd@xxxxxxxxxx>
Reviewed-by: Kirill A. Shutemov <kirill.shutemov@xxxxxxxxxxxxxxx>
--
Kirill A. Shutemov
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@xxxxxxxxx. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>
