diff for duplicates of <20151012145746.GA11396@bbox> diff --git a/a/1.txt b/N1/1.txt index 8a3a026..a9c2430 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -73,3 +73,53 @@ but I changed khugepaged_scan_pmd by mistake at last modification since that part is almost same. :( Fortunately my testing kernel is doing right version. Here it goes. + +>From 2a2e4b247e132d823af30655dbc0b57738e9d6ee Mon Sep 17 00:00:00 2001 +From: Minchan Kim <minchan@kernel.org> +Date: Mon, 12 Oct 2015 09:52:46 +0900 +Subject: [PATCH] thp: use is_zero_pfn only after pte_present check + +Use is_zero_pfn on pteval only after pte_present check on pteval +(It might be better idea to introduce is_zero_pte where checks +pte_present first). Otherwise, it could work with swap or +migration entry and if pte_pfn's result is equal to zero_pfn +by chance, we lose user's data in __collapse_huge_page_copy. +So if you're luck, the application is segfaulted and finally you +could see below message when the application is exit. + +BUG: Bad rss-counter state mm:ffff88007f099300 idx:2 val:3 + +Signed-off-by: Minchan Kim <minchan@kernel.org> +--- + mm/huge_memory.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/mm/huge_memory.c b/mm/huge_memory.c +index 4b06b8db9df2..bbac913f96bc 100644 +--- a/mm/huge_memory.c ++++ b/mm/huge_memory.c +@@ -2206,7 +2206,8 @@ static int __collapse_huge_page_isolate(struct vm_area_struct *vma, + for (_pte = pte; _pte < pte+HPAGE_PMD_NR; + _pte++, address += PAGE_SIZE) { + pte_t pteval = *_pte; +- if (pte_none(pteval) || is_zero_pfn(pte_pfn(pteval))) { ++ if (pte_none(pteval) || (pte_present(pteval) && ++ is_zero_pfn(pte_pfn(pteval)))) { + if (!userfaultfd_armed(vma) && + ++none_or_zero <= khugepaged_max_ptes_none) + continue; +-- +1.9.1 + + +In khugepaged_scan_pmd, although there is no is_swap_pte check in +v4.2, we don't need to check pte_present check right before is_zero_pfn +because that part is just scanning operation so even if something wrong +happens rarely, it should filter out in __collapse_huge_page_isolate +with this patch. + +In __collapse_huge_page_copy, we don't need the check, either. +Because every ptes in the vma's 2M area point out isolated LRU pages +and zero page so any pages couldn't be swap-out. + +Thanks for the review. diff --git a/a/content_digest b/N1/content_digest index 4ddd706..4487f70 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -88,6 +88,56 @@ "but I changed khugepaged_scan_pmd by mistake at last modification\n" "since that part is almost same. :(\n" "Fortunately my testing kernel is doing right version.\n" - Here it goes. + "Here it goes.\n" + "\n" + ">From 2a2e4b247e132d823af30655dbc0b57738e9d6ee Mon Sep 17 00:00:00 2001\n" + "From: Minchan Kim <minchan@kernel.org>\n" + "Date: Mon, 12 Oct 2015 09:52:46 +0900\n" + "Subject: [PATCH] thp: use is_zero_pfn only after pte_present check\n" + "\n" + "Use is_zero_pfn on pteval only after pte_present check on pteval\n" + "(It might be better idea to introduce is_zero_pte where checks\n" + "pte_present first). Otherwise, it could work with swap or\n" + "migration entry and if pte_pfn's result is equal to zero_pfn\n" + "by chance, we lose user's data in __collapse_huge_page_copy.\n" + "So if you're luck, the application is segfaulted and finally you\n" + "could see below message when the application is exit.\n" + "\n" + "BUG: Bad rss-counter state mm:ffff88007f099300 idx:2 val:3\n" + "\n" + "Signed-off-by: Minchan Kim <minchan@kernel.org>\n" + "---\n" + " mm/huge_memory.c | 3 ++-\n" + " 1 file changed, 2 insertions(+), 1 deletion(-)\n" + "\n" + "diff --git a/mm/huge_memory.c b/mm/huge_memory.c\n" + "index 4b06b8db9df2..bbac913f96bc 100644\n" + "--- a/mm/huge_memory.c\n" + "+++ b/mm/huge_memory.c\n" + "@@ -2206,7 +2206,8 @@ static int __collapse_huge_page_isolate(struct vm_area_struct *vma,\n" + " \tfor (_pte = pte; _pte < pte+HPAGE_PMD_NR;\n" + " \t _pte++, address += PAGE_SIZE) {\n" + " \t\tpte_t pteval = *_pte;\n" + "-\t\tif (pte_none(pteval) || is_zero_pfn(pte_pfn(pteval))) {\n" + "+\t\tif (pte_none(pteval) || (pte_present(pteval) &&\n" + "+\t\t\t\tis_zero_pfn(pte_pfn(pteval)))) {\n" + " \t\t\tif (!userfaultfd_armed(vma) &&\n" + " \t\t\t ++none_or_zero <= khugepaged_max_ptes_none)\n" + " \t\t\t\tcontinue;\n" + "-- \n" + "1.9.1\n" + "\n" + "\n" + "In khugepaged_scan_pmd, although there is no is_swap_pte check in\n" + "v4.2, we don't need to check pte_present check right before is_zero_pfn\n" + "because that part is just scanning operation so even if something wrong\n" + "happens rarely, it should filter out in __collapse_huge_page_isolate\n" + "with this patch.\n" + "\n" + "In __collapse_huge_page_copy, we don't need the check, either.\n" + "Because every ptes in the vma's 2M area point out isolated LRU pages\n" + "and zero page so any pages couldn't be swap-out.\n" + "\n" + Thanks for the review. -66a9b86e5e33ce9f802f4995c357c86c6eda15de34c309440348295d9d537899 +122fb67d24874fbcada7fc61d0803dcc6e989001128bbdb6119ae06ac7750b6e
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.