On Wed, Oct 18, 2023 at 01:32:13PM -0700, Vishal Moola (Oracle) wrote:
> This removes 2 calls to compound_head() and helps convert khugepaged to
> use folios throughout.
>
> Previously, if the address passed to collapse_pte_mapped_thp()
> corresponded to a tail page, the scan would fail immediately. Using
> filemap_lock_folio() we can get the corresponding folio back and try to
> operate on the folio instead.
>
> Signed-off-by: Vishal Moola (Oracle) <vishal.moola@xxxxxxxxx>
Hi Andrew, I've attached a fix patch addressing the syzbot issue.
It can be squashed into this patch, syzbot tested it on v2 already as
well.
>From 34d60af8cb66d6f582c1aeade01689e94e8a0092 Mon Sep 17 00:00:00 2001
From: "Vishal Moola (Oracle)" <vishal.moola@xxxxxxxxx>
Date: Wed, 18 Oct 2023 14:24:47 -0700
Subject: [PATCH] collapse_pte_mapped_thp() folio conversion fix
filemap_lock_folio() can return an ERR_PTR on failure.
find_lock_page()/pagecache_get_page() handles this internally, while
filemap_lock_folio() does not. Ensure this is checked for in the caller
after converting find_lock_page() to filemap_lock_folio().
Reported-and-tested-by: syzbot+1e2648076cadf48ad9a1@xxxxxxxxxxxxxxxxxxxxxxxxx
Signed-off-by: Vishal Moola (Oracle) <vishal.moola@xxxxxxxxx>
---
mm/khugepaged.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/mm/khugepaged.c b/mm/khugepaged.c
index 94c1dd09a8a6..b944ed231792 100644
--- a/mm/khugepaged.c
+++ b/mm/khugepaged.c
@@ -1510,7 +1510,7 @@ int collapse_pte_mapped_thp(struct mm_struct *mm, unsigned long addr,
folio = filemap_lock_folio(vma->vm_file->f_mapping,
linear_page_index(vma, haddr));
- if (!folio)
+ if (!folio || IS_ERR(folio))
return SCAN_PAGE_NULL;
if (folio_order(folio) != HPAGE_PMD_ORDER) {
--
2.40.1
