From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Hugh Dickins <hughd@google.com>,
"Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
Jerome Glisse <jglisse@redhat.com>,
Konstantin Khlebnikov <khlebnikov@yandex-team.ru>,
Matthew Wilcox <willy@infradead.org>,
Andrew Morton <akpm@linux-foundation.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
Sasha Levin <sashal@kernel.org>
Subject: [PATCH 4.9 08/50] mm/khugepaged: fix crashes due to misaccounted holes
Date: Tue, 4 Dec 2018 11:50:03 +0100 [thread overview]
Message-ID: <20181204103714.929244939@linuxfoundation.org> (raw)
In-Reply-To: <20181204103714.485546262@linuxfoundation.org>
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
commit aaa52e340073b7f4593b3c4ddafcafa70cf838b5 upstream.
Huge tmpfs testing on a shortish file mapped into a pmd-rounded extent
hit shmem_evict_inode()'s WARN_ON(inode->i_blocks) followed by
clear_inode()'s BUG_ON(inode->i_data.nrpages) when the file was later
closed and unlinked.
khugepaged's collapse_shmem() was forgetting to update mapping->nrpages
on the rollback path, after it had added but then needs to undo some
holes.
There is indeed an irritating asymmetry between shmem_charge(), whose
callers want it to increment nrpages after successfully accounting
blocks, and shmem_uncharge(), when __delete_from_page_cache() already
decremented nrpages itself: oh well, just add a comment on that to them
both.
And shmem_recalc_inode() is supposed to be called when the accounting is
expected to be in balance (so it can deduce from imbalance that reclaim
discarded some pages): so change shmem_charge() to update nrpages
earlier (though it's rare for the difference to matter at all).
Link: http://lkml.kernel.org/r/alpine.LSU.2.11.1811261523450.2275@eggly.anvils
Fixes: 800d8c63b2e98 ("shmem: add huge pages support")
Fixes: f3f0e1d2150b2 ("khugepaged: add support of collapse for tmpfs/shmem pages")
Signed-off-by: Hugh Dickins <hughd@google.com>
Acked-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Cc: Jerome Glisse <jglisse@redhat.com>
Cc: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
Cc: Matthew Wilcox <willy@infradead.org>
Cc: <stable@vger.kernel.org> [4.8+]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
mm/khugepaged.c | 4 +++-
mm/shmem.c | 6 +++++-
2 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/mm/khugepaged.c b/mm/khugepaged.c
index 62de24194f24..3f7bfd98b0e6 100644
--- a/mm/khugepaged.c
+++ b/mm/khugepaged.c
@@ -1538,8 +1538,10 @@ static void collapse_shmem(struct mm_struct *mm,
*hpage = NULL;
} else {
/* Something went wrong: rollback changes to the radix-tree */
- shmem_uncharge(mapping->host, nr_none);
spin_lock_irq(&mapping->tree_lock);
+ mapping->nrpages -= nr_none;
+ shmem_uncharge(mapping->host, nr_none);
+
radix_tree_for_each_slot(slot, &mapping->page_tree, &iter,
start) {
if (iter.index >= end)
diff --git a/mm/shmem.c b/mm/shmem.c
index e30ffaa065a4..54911bbc74d6 100644
--- a/mm/shmem.c
+++ b/mm/shmem.c
@@ -283,12 +283,14 @@ bool shmem_charge(struct inode *inode, long pages)
if (!shmem_inode_acct_block(inode, pages))
return false;
+ /* nrpages adjustment first, then shmem_recalc_inode() when balanced */
+ inode->i_mapping->nrpages += pages;
+
spin_lock_irqsave(&info->lock, flags);
info->alloced += pages;
inode->i_blocks += pages * BLOCKS_PER_PAGE;
shmem_recalc_inode(inode);
spin_unlock_irqrestore(&info->lock, flags);
- inode->i_mapping->nrpages += pages;
return true;
}
@@ -298,6 +300,8 @@ void shmem_uncharge(struct inode *inode, long pages)
struct shmem_inode_info *info = SHMEM_I(inode);
unsigned long flags;
+ /* nrpages adjustment done by __delete_from_page_cache() or caller */
+
spin_lock_irqsave(&info->lock, flags);
info->alloced -= pages;
inode->i_blocks -= pages * BLOCKS_PER_PAGE;
--
2.17.1
next prev parent reply other threads:[~2018-12-04 10:50 UTC|newest]
Thread overview: 56+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-12-04 10:49 [PATCH 4.9 00/50] 4.9.143-stable review Greg Kroah-Hartman
2018-12-04 10:49 ` [PATCH 4.9 01/50] mm/huge_memory: rename freeze_page() to unmap_page() Greg Kroah-Hartman
2018-12-04 10:49 ` [PATCH 4.9 02/50] mm/huge_memory.c: reorder operations in __split_huge_page_tail() Greg Kroah-Hartman
2018-12-04 10:49 ` [PATCH 4.9 03/50] mm/huge_memory: splitting set mapping+index before unfreeze Greg Kroah-Hartman
2018-12-04 10:49 ` [PATCH 4.9 04/50] mm/huge_memory: fix lockdep complaint on 32-bit i_size_read() Greg Kroah-Hartman
2018-12-04 10:50 ` [PATCH 4.9 05/50] mm/khugepaged: collapse_shmem() stop if punched or truncated Greg Kroah-Hartman
2018-12-04 10:50 ` [PATCH 4.9 06/50] shmem: shmem_charge: verify max_block is not exceeded before inode update Greg Kroah-Hartman
2018-12-04 10:50 ` [PATCH 4.9 07/50] shmem: introduce shmem_inode_acct_block Greg Kroah-Hartman
2018-12-04 10:50 ` Greg Kroah-Hartman [this message]
2018-12-04 10:50 ` [PATCH 4.9 09/50] mm/khugepaged: collapse_shmem() remember to clear holes Greg Kroah-Hartman
2018-12-04 10:50 ` [PATCH 4.9 10/50] mm/khugepaged: minor reorderings in collapse_shmem() Greg Kroah-Hartman
2018-12-04 10:50 ` [PATCH 4.9 11/50] mm/khugepaged: collapse_shmem() without freezing new_page Greg Kroah-Hartman
2018-12-04 10:50 ` [PATCH 4.9 12/50] mm/khugepaged: collapse_shmem() do not crash on Compound Greg Kroah-Hartman
2018-12-04 10:50 ` [PATCH 4.9 13/50] media: em28xx: Fix use-after-free when disconnecting Greg Kroah-Hartman
2018-12-04 10:50 ` [PATCH 4.9 14/50] Revert "wlcore: Add missing PM call for wlcore_cmd_wait_for_event_or_timeout()" Greg Kroah-Hartman
2018-12-04 10:50 ` [PATCH 4.9 15/50] net: skb_scrub_packet(): Scrub offload_fwd_mark Greg Kroah-Hartman
2018-12-04 10:50 ` [PATCH 4.9 16/50] rapidio/rionet: do not free skb before reading its length Greg Kroah-Hartman
2018-12-04 10:50 ` [PATCH 4.9 17/50] s390/qeth: fix length check in SNMP processing Greg Kroah-Hartman
2018-12-04 10:50 ` [PATCH 4.9 18/50] usbnet: ipheth: fix potential recvmsg bug and recvmsg bug 2 Greg Kroah-Hartman
2018-12-04 10:50 ` [PATCH 4.9 19/50] kvm: mmu: Fix race in emulated page table writes Greg Kroah-Hartman
2018-12-04 10:50 ` [PATCH 4.9 20/50] kvm: svm: Ensure an IBPB on all affected CPUs when freeing a vmcb Greg Kroah-Hartman
2018-12-04 10:50 ` [PATCH 4.9 21/50] KVM: X86: Fix scan ioapic use-before-initialization Greg Kroah-Hartman
2018-12-04 10:50 ` [PATCH 4.9 22/50] xtensa: enable coprocessors that are being flushed Greg Kroah-Hartman
2018-12-04 10:50 ` [PATCH 4.9 23/50] xtensa: fix coprocessor context offset definitions Greg Kroah-Hartman
2018-12-04 10:50 ` [PATCH 4.9 24/50] Btrfs: ensure path name is null terminated at btrfs_control_ioctl Greg Kroah-Hartman
2018-12-04 10:50 ` [PATCH 4.9 25/50] perf/x86/intel: Move branch tracing setup to the Intel-specific source file Greg Kroah-Hartman
2018-12-04 10:50 ` [PATCH 4.9 26/50] perf/x86/intel: Add generic branch tracing check to intel_pmu_has_bts() Greg Kroah-Hartman
2018-12-04 10:50 ` [PATCH 4.9 27/50] fs: fix lost error code in dio_complete Greg Kroah-Hartman
2018-12-04 10:50 ` [PATCH 4.9 28/50] ALSA: wss: Fix invalid snd_free_pages() at error path Greg Kroah-Hartman
2018-12-04 10:50 ` [PATCH 4.9 29/50] ALSA: ac97: Fix incorrect bit shift at AC97-SPSA control write Greg Kroah-Hartman
2018-12-04 10:50 ` [PATCH 4.9 30/50] ALSA: control: Fix race between adding and removing a user element Greg Kroah-Hartman
2018-12-04 10:50 ` [PATCH 4.9 31/50] ALSA: sparc: Fix invalid snd_free_pages() at error path Greg Kroah-Hartman
2018-12-04 10:50 ` [PATCH 4.9 32/50] ext2: fix potential use after free Greg Kroah-Hartman
2018-12-04 10:50 ` [PATCH 4.9 33/50] dmaengine: at_hdmac: fix memory leak in at_dma_xlate() Greg Kroah-Hartman
2018-12-04 10:50 ` [PATCH 4.9 34/50] dmaengine: at_hdmac: fix module unloading Greg Kroah-Hartman
2018-12-04 10:50 ` [PATCH 4.9 35/50] btrfs: release metadata before running delayed refs Greg Kroah-Hartman
2018-12-04 10:50 ` [PATCH 4.9 36/50] USB: usb-storage: Add new IDs to ums-realtek Greg Kroah-Hartman
2018-12-04 10:50 ` [PATCH 4.9 37/50] usb: core: quirks: add RESET_RESUME quirk for Cherry G230 Stream series Greg Kroah-Hartman
2018-12-04 10:50 ` [PATCH 4.9 38/50] Revert "usb: dwc3: gadget: skip Set/Clear Halt when invalid" Greg Kroah-Hartman
2018-12-04 10:50 ` [PATCH 4.9 39/50] iio:st_magn: Fix enable device after trigger Greg Kroah-Hartman
2018-12-04 10:50 ` [PATCH 4.9 40/50] mm: use swp_offset as key in shmem_replace_page() Greg Kroah-Hartman
2018-12-04 10:50 ` [PATCH 4.9 41/50] Drivers: hv: vmbus: check the creation_status in vmbus_establish_gpadl() Greg Kroah-Hartman
2018-12-04 10:50 ` [PATCH 4.9 42/50] misc: mic/scif: fix copy-paste error in scif_create_remote_lookup Greg Kroah-Hartman
2018-12-04 10:50 ` [PATCH 4.9 43/50] efi/libstub: arm: support building with clang Greg Kroah-Hartman
2018-12-04 10:50 ` [PATCH 4.9 44/50] ARM: 8766/1: drop no-thumb-interwork in EABI mode Greg Kroah-Hartman
2018-12-04 10:50 ` [PATCH 4.9 45/50] ARM: 8767/1: add support for building ARM kernel with clang Greg Kroah-Hartman
2018-12-04 10:50 ` [PATCH 4.9 46/50] bus: arm-cci: remove unnecessary unreachable() Greg Kroah-Hartman
2018-12-04 10:50 ` [PATCH 4.9 47/50] ARM: trusted_foundations: do not use naked function Greg Kroah-Hartman
2018-12-04 10:50 ` [PATCH 4.9 48/50] workqueue: avoid clang warning Greg Kroah-Hartman
2018-12-04 10:50 ` [PATCH 4.9 49/50] efi/libstub: Make file I/O chunking x86-specific Greg Kroah-Hartman
2018-12-04 10:50 ` [PATCH 4.9 50/50] kbuild: Set KBUILD_CFLAGS before incl. arch Makefile Greg Kroah-Hartman
2018-12-04 15:52 ` [PATCH 4.9 00/50] 4.9.143-stable review kernelci.org bot
2018-12-04 21:40 ` Guenter Roeck
2018-12-05 5:12 ` Naresh Kamboju
2018-12-05 9:30 ` Jon Hunter
2018-12-05 23:54 ` shuah
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181204103714.929244939@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=akpm@linux-foundation.org \
--cc=hughd@google.com \
--cc=jglisse@redhat.com \
--cc=khlebnikov@yandex-team.ru \
--cc=kirill.shutemov@linux.intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=willy@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).