On Tue, Sep 26, 2017 at 10:26:25AM -0700, Shaohua Li wrote: > From: Shaohua Li <shli@xxxxxx> > > MADV_FREE clears pte dirty bit and then marks the page lazyfree (clear > SwapBacked). There is no lock to prevent the page is added to swap cache > between these two steps by page reclaim. Page reclaim could add the page > to swap cache and unmap the page. After page reclaim, the page is added > back to lru. At that time, we probably start draining per-cpu pagevec > and mark the page lazyfree. So the page could be in a state with > SwapBacked cleared and PG_swapcache set. Next time there is a refault in > the virtual address, do_swap_page can find the page from swap cache but > the page has PageSwapCache false because SwapBacked isn't set, so > do_swap_page will bail out and do nothing. The task will keep running > into fault handler. The patch lgtm, but for the changelog it probably makes sense to start with the user-visible behavior, i.e. the endlessly looping swap fault handler because it thinks it's racing with the swap slot being freed. Makes it easier for other distro/vendor people to identify this for backporting. On that note, I think this should go into 4.13 and be tagged for 4.12 stable. > Reported-and-tested-by: Artem Savkov <asavkov@xxxxxxxxxx> > Fix: 802a3a92ad7a(mm: reclaim MADV_FREE pages) > Signed-off-by: Shaohua Li <shli@xxxxxx> > Cc: stable@xxxxxxxxxxxxxxx > Cc: Johannes Weiner <hannes@xxxxxxxxxxx> > Cc: Michal Hocko <mhocko@xxxxxxxx> > Cc: Hillf Danton <hillf.zj@xxxxxxxxxxxxxxx> > Cc: Minchan Kim <minchan@xxxxxxxxxx> > Cc: Hugh Dickins <hughd@xxxxxxxxxx> > Cc: Mel Gorman <mgorman@xxxxxxxxxxxxxxxxxxx> > Cc: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> > Reviewed-by: Rik van Riel <riel@xxxxxxxxxx> Acked-by: Johannes Weiner <hannes@xxxxxxxxxxx>