On 10/07/2013 06:28 AM, Mel Gorman wrote: > The locking for migrating THP is unusual. While normal page migration > prevents parallel accesses using a migration PTE, THP migration relies on > a combination of the page_table_lock, the page lock and the existance of > the NUMA hinting PTE to guarantee safety but there is a bug in the scheme. > > If a THP page is currently being migrated and another thread traps a > fault on the same page it checks if the page is misplaced. If it is not, > then pmd_numa is cleared. The problem is that it checks if the page is > misplaced without holding the page lock meaning that the racing thread > can be migrating the THP when the second thread clears the NUMA bit > and faults a stale page. > > This patch checks if the page is potentially being migrated and stalls > using the lock_page if it is potentially being migrated before checking > if the page is misplaced or not. > > Cc: stable <stable@xxxxxxxxxxxxxxx> > Signed-off-by: Peter Zijlstra <peterz@xxxxxxxxxxxxx> > Signed-off-by: Mel Gorman <mgorman@xxxxxxx> Acked-by: Rik van Riel <riel@xxxxxxxxxx> -- All rights reversed -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxx. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>