The patch titled Subject: mm/balloon_compaction.c: avoid duplicate page removal has been added to the -mm tree. Its filename is mm-balloon_compaction-avoid-duplicate-page-removal.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/mm-balloon_compaction-avoid-duplicate-page-removal.patch and later at http://ozlabs.org/~akpm/mmotm/broken-out/mm-balloon_compaction-avoid-duplicate-page-removal.patch Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: Wei Wang <wei.w.wang@xxxxxxxxx> Subject: mm/balloon_compaction.c: avoid duplicate page removal A #GP is reported in the guest when requesting balloon inflation via virtio-balloon. The reason is that the virtio-balloon driver has removed the page from its internal page list (via balloon_page_pop), but balloon_page_enqueue_one also calls "list_del" to do the removal. This is necessary when it's used from balloon_page_enqueue_list, but not from balloon_page_enqueue_one. So remove the list_del() from balloon_page_enqueue_one, and update some comments as a reminder. Link: http://lkml.kernel.org/r/1563442040-13510-1-git-send-email-wei.w.wang@xxxxxxxxx Fixes: 418a3ab1e778 (mm/balloon_compaction: List interfaces) Signed-off-by: Wei Wang <wei.w.wang@xxxxxxxxx> Acked-by: Nadav Amit <namit@xxxxxxxxxx> Cc: Michael S. Tsirkin <mst@xxxxxxxxxx> Cc: Xavier Deguillard <xdeguillard@xxxxxxxxxx> Cc: Pankaj Gupta <pagupta@xxxxxxxxxx> Cc: Rik van Riel <riel@xxxxxxxxxxx> Cc: Dave Hansen <dave.hansen@xxxxxxxxx> Cc: David Hildenbrand <david@xxxxxxxxxx> Cc: Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx> Cc: Yang Zhang <yang.zhang.wz@xxxxxxxxx> Cc: Luiz Capitulino <lcapitulino@xxxxxxxxxx> Cc: Andrea Arcangeli <aarcange@xxxxxxxxxx> Cc: Paolo Bonzini <pbonzini@xxxxxxxxxx> Cc: Alexander Duyck <alexander.h.duyck@xxxxxxxxxxxxxxx> Cc: Dan Williams <dan.j.williams@xxxxxxxxx> Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> --- mm/balloon_compaction.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) --- a/mm/balloon_compaction.c~mm-balloon_compaction-avoid-duplicate-page-removal +++ a/mm/balloon_compaction.c @@ -21,7 +21,6 @@ static void balloon_page_enqueue_one(str * memory corruption is possible and we should stop execution. */ BUG_ON(!trylock_page(page)); - list_del(&page->lru); balloon_page_insert(b_dev_info, page); unlock_page(page); __count_vm_event(BALLOON_INFLATE); @@ -33,7 +32,7 @@ static void balloon_page_enqueue_one(str * @b_dev_info: balloon device descriptor where we will insert a new page to * @pages: pages to enqueue - allocated using balloon_page_alloc. * - * Driver must call it to properly enqueue a balloon pages before definitively + * Driver must call it to properly enqueue balloon pages before definitively * removing it from the guest system. * * Return: number of pages that were enqueued. @@ -47,6 +46,7 @@ size_t balloon_page_list_enqueue(struct spin_lock_irqsave(&b_dev_info->pages_lock, flags); list_for_each_entry_safe(page, tmp, pages, lru) { + list_del(&page->lru); balloon_page_enqueue_one(b_dev_info, page); n_pages++; } @@ -128,13 +128,19 @@ struct page *balloon_page_alloc(void) EXPORT_SYMBOL_GPL(balloon_page_alloc); /* - * balloon_page_enqueue - allocates a new page and inserts it into the balloon - * page list. + * balloon_page_enqueue - inserts a new page into the balloon page list. + * * @b_dev_info: balloon device descriptor where we will insert a new page to * @page: new page to enqueue - allocated using balloon_page_alloc. * * Driver must call it to properly enqueue a new allocated balloon page * before definitively removing it from the guest system. + * + * Drivers must not call balloon_page_enqueue on pages that have been + * pushed to a list with balloon_page_push before removing them with + * balloon_page_pop. To all pages on a list, use balloon_page_list_enqueue + * instead. + * * This function returns the page address for the recently enqueued page or * NULL in the case we fail to allocate a new page this turn. */ _ Patches currently in -mm which might be from wei.w.wang@xxxxxxxxx are mm-balloon_compaction-avoid-duplicate-page-removal.patch