From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from out3-smtp.messagingengine.com ([66.111.4.27]:60829 "EHLO out3-smtp.messagingengine.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S965880AbbKFA3u (ORCPT ); Thu, 5 Nov 2015 19:29:50 -0500 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id 0B7E1201AE for ; Thu, 5 Nov 2015 19:29:50 -0500 (EST) Subject: FAILED: patch "[PATCH] thp: use is_zero_pfn() only after pte_present() check" failed to apply to 4.2-stable tree To: minchan@kernel.org, aarcange@redhat.com, akpm@linux-foundation.org, hughd@google.com, kirill.shutemov@linux.intel.com, mgorman@suse.de, riel@redhat.com, stable@vger.kernel.org, torvalds@linux-foundation.org, vbabka@suse.cz Cc: From: Date: Thu, 05 Nov 2015 16:29:48 -0800 Message-ID: <1446769788222250@kroah.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ANSI_X3.4-1968 Content-Transfer-Encoding: 8bit Sender: stable-owner@vger.kernel.org List-ID: The patch below does not apply to the 4.2-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to . thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >>From 47aee4d8e314384807e98b67ade07f6da476aa75 Mon Sep 17 00:00:00 2001 From: Minchan Kim Date: Thu, 22 Oct 2015 13:32:19 -0700 Subject: [PATCH] thp: use is_zero_pfn() only after pte_present() check Use is_zero_pfn() on pteval only after pte_present() check on pteval (It might be better idea to introduce is_zero_pte() which checks pte_present() first). Otherwise when working on a swap or migration entry and if pte_pfn's result is equal to zero_pfn by chance, we lose user's data in __collapse_huge_page_copy(). So if you're unlucky, the application segfaults and finally you could see below message on exit: BUG: Bad rss-counter state mm:ffff88007f099300 idx:2 val:3 Fixes: ca0984caa823 ("mm: incorporate zero pages into transparent huge pages") Signed-off-by: Minchan Kim Reviewed-by: Andrea Arcangeli Acked-by: Kirill A. Shutemov Cc: Mel Gorman Acked-by: Vlastimil Babka Cc: Hugh Dickins Cc: Rik van Riel Cc: [4.1+] Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds diff --git a/mm/huge_memory.c b/mm/huge_memory.c index 4b06b8db9df2..bbac913f96bc 100644 --- a/mm/huge_memory.c +++ b/mm/huge_memory.c @@ -2206,7 +2206,8 @@ static int __collapse_huge_page_isolate(struct vm_area_struct *vma, for (_pte = pte; _pte < pte+HPAGE_PMD_NR; _pte++, address += PAGE_SIZE) { pte_t pteval = *_pte; - if (pte_none(pteval) || is_zero_pfn(pte_pfn(pteval))) { + if (pte_none(pteval) || (pte_present(pteval) && + is_zero_pfn(pte_pfn(pteval)))) { if (!userfaultfd_armed(vma) && ++none_or_zero <= khugepaged_max_ptes_none) continue;