On Mon, Dec 12, 2022 at 06:32:35PM +0100, Jann Horn wrote:
> Since commit 70cbc3cc78a99 ("mm: gup: fix the fast GUP race against THP
> collapse"), the lockless_pages_from_mm() fastpath rechecks the pmd_t to
> ensure that the page table was not removed by khugepaged in between.
>
> However, lockless_pages_from_mm() still requires that the page table is
> not concurrently freed. Fix it by sending IPIs (if the architecture uses
> semi-RCU-style page table freeing) before freeing/reusing page tables.
>
> Link: https://lkml.kernel.org/r/20221129154730.2274278-2-jannh@xxxxxxxxxx
> Link: https://lkml.kernel.org/r/20221128180252.1684965-2-jannh@xxxxxxxxxx
> Link: https://lkml.kernel.org/r/20221125213714.4115729-2-jannh@xxxxxxxxxx
> Fixes: ba76149f47d8 ("thp: khugepaged")
> Signed-off-by: Jann Horn <jannh@xxxxxxxxxx>
> Reviewed-by: Yang Shi <shy828301@xxxxxxxxx>
> Acked-by: David Hildenbrand <david@xxxxxxxxxx>
> Cc: John Hubbard <jhubbard@xxxxxxxxxx>
> Cc: Peter Xu <peterx@xxxxxxxxxx>
> Cc: <stable@xxxxxxxxxxxxxxx>
> Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
> [manual backport: two of the three places in khugepaged that can free
> ptes were refactored into a common helper between 5.15 and 6.0;
> TLB flushing was refactored between 5.4 and 5.10;
> TLB flushing was refactored between 4.19 and 5.4;
> pmd collapse for PTE-mapped THP was only added in 5.4;
> ugly hack needed in <=4.19 for s390]
> Signed-off-by: Jann Horn <jannh@xxxxxxxxxx>
All now queued up, thanks for the backports!
greg k-h
