On Thu, 9 Jan 2020, Wei Yang wrote:
> As all the other places, we grab the lock before manipulate the defer list.
> Current implementation may face a race condition.
>
> For example, the potential race would be:
>
> CPU1 CPU2
> mem_cgroup_move_account split_huge_page_to_list
> !list_empty
> lock
> !list_empty
> list_del
> unlock
> lock
> # !list_empty might not hold anymore
> list_del_init
> unlock
>
> When this sequence happens, the list_del_init() in
> mem_cgroup_move_account() would crash if CONFIG_DEBUG_LIST since the
> page is already been removed by list_del in split_huge_page_to_list().
>
> Fixes: 87eaceb3faa5 ("mm: thp: make deferred split shrinker memcg aware")
>
> Signed-off-by: Wei Yang <richardw.yang@xxxxxxxxxxxxxxx>
> Acked-by: David Rientjes <rientjes@xxxxxxxxxx>
Thanks Wei!
Andrew, I'd also suggest:
Cc: stable@xxxxxxxxxxxxxxx # 5.4+
