On 2014/1/22 17:30, Luis Henriques wrote:
> Hi Jianguo,
>
> On Wed, Jan 22, 2014 at 10:47:22AM +0800, Jianguo Wu wrote:
>> Hi Greg,
>>
>> Please queue this for 3.10 stable kernel. I adjust context and can be applied
>> to 3.10 stable clean.
>>
>> ----
>> From: Jianguo Wu <wujianguo@xxxxxxxxxx>
>> Date: Wed, 18 Dec 2013 17:08:54 -0800
>> Subject: [PATCH] mm/memory-failure.c: recheck PageHuge() after hugetlb page migrate successfully
>>
>> commit a49ecbcd7b0d5a1cda7d60e03df402dd0ef76ac8 upstream.
>>
>> After a successful hugetlb page migration by soft offline, the source
>> page will either be freed into hugepage_freelists or buddy(over-commit
>> page). If page is in buddy, page_hstate(page) will be NULL. It will
>> hit a NULL pointer dereference in dequeue_hwpoisoned_huge_page().
>>
>> BUG: unable to handle kernel NULL pointer dereference at 0000000000000058
>> IP: [<ffffffff81163761>] dequeue_hwpoisoned_huge_page+0x131/0x1d0
>> PGD c23762067 PUD c24be2067 PMD 0
>> Oops: 0000 [#1] SMP
>>
>> So check PageHuge(page) after call migrate_pages() successfully.
>>
>> Signed-off-by: Jianguo Wu <wujianguo@xxxxxxxxxx>
>> Tested-by: Naoya Horiguchi <n-horiguchi@xxxxxxxxxxxxx>
>> Reviewed-by: Naoya Horiguchi <n-horiguchi@xxxxxxxxxxxxx>
>> Cc: <stable@xxxxxxxxxxxxxxx>
>> Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
>> Signed-off-by: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>
>> [wujg: backport to 3.10:
>> - adjust context]
>> ---
>> mm/memory-failure.c | 14 ++++++++++----
>> 1 files changed, 10 insertions(+), 4 deletions(-)
>>
>> diff --git a/mm/memory-failure.c b/mm/memory-failure.c
>> index 6a7f9ca..7e3601c 100644
>> --- a/mm/memory-failure.c
>> +++ b/mm/memory-failure.c
>> @@ -1499,10 +1499,16 @@ static int soft_offline_huge_page(struct page *page, int flags)
>> pr_info("soft offline: %#lx: migration failed %d, type %lx\n",
>> pfn, ret, page->flags);
>> } else {
>> - set_page_hwpoison_huge_page(hpage);
>> - dequeue_hwpoisoned_huge_page(hpage);
>> - atomic_long_add(1 << compound_trans_order(hpage),
>> - &num_poisoned_pages);
>> + /* overcommit hugetlb page will be freed to buddy */
>> + if (PageHuge(page)) {
>> + set_page_hwpoison_huge_page(hpage);
>> + dequeue_hwpoisoned_huge_page(hpage);
>> + atomic_long_add(1 << compound_order(hpage),
>
> Are you sure it's safe to change compound_trans_order() by
> compound_order()? In my backport to the 3.11 kernel I've kept it.
>
Upstream is using compound_order(), compound_trans_order() is for THP, so it's safe.
Please refer to:
commit f9121153fdfbfaa930bf65077a5597e20d3ac608
mm/hwpoison: don't need to hold compound lock for hugetlbfs page
But actually I should not touch this for backport.
Thanks.
> Cheers,
> --
> Luis
>
>> + &num_poisoned_pages);
>> + } else {
>> + SetPageHWPoison(page);
>> + atomic_long_inc(&num_poisoned_pages);
>> + }
>> }
>> /* keep elevated page count for bad page */
>> return ret;
>> -- 1.7.7
>>
>>
>>
>> --
>> To unsubscribe from this list: send the line "unsubscribe stable" in
>> the body of a message to majordomo@xxxxxxxxxxxxxxx
>> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
> .
>
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html