From: Ben Hutchings <ben@decadent.org.uk>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: akpm@linux-foundation.org,
"Wanpeng Li" <liwanp@linux.vnet.ibm.com>,
"Bob Liu" <bob.liu@oracle.com>,
"Sasha Levin" <sasha.levin@oracle.com>,
"Vlastimil Babka" <vbabka@suse.cz>,
"Mel Gorman" <mgorman@suse.de>, "Rik van Riel" <riel@redhat.com>,
"Joonsoo Kim" <iamjoonsoo.kim@lge.com>,
"Hugh Dickins" <hughd@google.com>,
"Michel Lespinasse" <walken@google.com>,
"Linus Torvalds" <torvalds@linux-foundation.org>,
"KOSAKI Motohiro" <kosaki.motohiro@jp.fujitsu.com>,
"David Rientjes" <rientjes@google.com>
Subject: [PATCH 3.2 80/94] mm: try_to_unmap_cluster() should lock_page() before mlocking
Date: Mon, 28 Apr 2014 02:11:22 +0100 [thread overview]
Message-ID: <lsq.1398647482.469240383@decadent.org.uk> (raw)
In-Reply-To: <lsq.1398647481.453080089@decadent.org.uk>
3.2.58-rc1 review patch. If anyone has any objections, please let me know.
------------------
From: Vlastimil Babka <vbabka@suse.cz>
commit 57e68e9cd65b4b8eb4045a1e0d0746458502554c upstream.
A BUG_ON(!PageLocked) was triggered in mlock_vma_page() by Sasha Levin
fuzzing with trinity. The call site try_to_unmap_cluster() does not lock
the pages other than its check_page parameter (which is already locked).
The BUG_ON in mlock_vma_page() is not documented and its purpose is
somewhat unclear, but apparently it serializes against page migration,
which could otherwise fail to transfer the PG_mlocked flag. This would
not be fatal, as the page would be eventually encountered again, but
NR_MLOCK accounting would become distorted nevertheless. This patch adds
a comment to the BUG_ON in mlock_vma_page() and munlock_vma_page() to that
effect.
The call site try_to_unmap_cluster() is fixed so that for page !=
check_page, trylock_page() is attempted (to avoid possible deadlocks as we
already have check_page locked) and mlock_vma_page() is performed only
upon success. If the page lock cannot be obtained, the page is left
without PG_mlocked, which is again not a problem in the whole unevictable
memory design.
Signed-off-by: Vlastimil Babka <vbabka@suse.cz>
Signed-off-by: Bob Liu <bob.liu@oracle.com>
Reported-by: Sasha Levin <sasha.levin@oracle.com>
Cc: Wanpeng Li <liwanp@linux.vnet.ibm.com>
Cc: Michel Lespinasse <walken@google.com>
Cc: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Acked-by: Rik van Riel <riel@redhat.com>
Cc: David Rientjes <rientjes@google.com>
Cc: Mel Gorman <mgorman@suse.de>
Cc: Hugh Dickins <hughd@google.com>
Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
[bwh: Backported to 3.2: adjust context]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
---
mm/mlock.c | 2 ++
mm/rmap.c | 14 ++++++++++++--
2 files changed, 14 insertions(+), 2 deletions(-)
--- a/mm/mlock.c
+++ b/mm/mlock.c
@@ -78,6 +78,7 @@ void __clear_page_mlock(struct page *pag
*/
void mlock_vma_page(struct page *page)
{
+ /* Serialize with page migration */
BUG_ON(!PageLocked(page));
if (!TestSetPageMlocked(page)) {
@@ -105,6 +106,7 @@ void mlock_vma_page(struct page *page)
*/
void munlock_vma_page(struct page *page)
{
+ /* For try_to_munlock() and to serialize with page migration */
BUG_ON(!PageLocked(page));
if (TestClearPageMlocked(page)) {
--- a/mm/rmap.c
+++ b/mm/rmap.c
@@ -1385,9 +1385,19 @@ static int try_to_unmap_cluster(unsigned
BUG_ON(!page || PageAnon(page));
if (locked_vma) {
- mlock_vma_page(page); /* no-op if already mlocked */
- if (page == check_page)
+ if (page == check_page) {
+ /* we know we have check_page locked */
+ mlock_vma_page(page);
ret = SWAP_MLOCK;
+ } else if (trylock_page(page)) {
+ /*
+ * If we can lock the page, perform mlock.
+ * Otherwise leave the page alone, it will be
+ * eventually encountered again later.
+ */
+ mlock_vma_page(page);
+ unlock_page(page);
+ }
continue; /* don't unmap */
}
next prev parent reply other threads:[~2014-04-28 1:11 UTC|newest]
Thread overview: 98+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-04-28 1:11 [PATCH 3.2 00/94] 3.2.58-rc1 review Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 05/94] net: socket: error on a negative msg_namelen Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 12/94] netlink: don't compare the nul-termination in nla_strcmp Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 23/94] w1: fix w1_send_slave dropping a slave id Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 20/94] ipv6: don't set DST_NOCOUNT for remotely added routes Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 11/94] ipv6: some ipv6 statistic counters failed to disable bh Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 09/94] vhost: validate vhost_get_vq_desc return value Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 25/94] ARM: 7954/1: mm: remove remaining domain support from ARMv6 Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 21/94] drm/i915: inverted brightness quirk for Acer Aspire 4736Z Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 24/94] ARM: mm: introduce present, faulting entries for PAGE_NONE Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 17/94] Revert "sparc64: Fix __copy_{to,from}_user_inatomic defines." Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 14/94] isdnloop: several buffer overflows Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 16/94] sparc: PCI: Fix incorrect address calculation of PCI Bridge windows on Simba-bridges Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 01/94] net: sctp: fix skb leakage in COOKIE ECHO path of chunk->auth_chunk Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 10/94] xen-netback: remove pointless clause from if statement Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 06/94] ipv6: Avoid unnecessary temporary addresses being generated Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 04/94] vlan: Set correct source MAC address with TX VLAN offload enabled Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 15/94] rds: prevent dereference of a NULL device in rds_iw_laddr_check Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 18/94] sparc32: fix build failure for arch_jump_label_transform Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 07/94] ipv6: ip6_append_data_mtu do not handle the mtu of the second fragment properly Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 02/94] bridge: multicast: add sanity check for query source addresses Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 22/94] drm/i915: quirk invert brightness for Acer Aspire 5336 Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 08/94] vhost: fix total length when packets are too short Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 03/94] net: unix: non blocking recvmsg() should not return -EINTR Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 27/94] framebuffer: fix cfb_copyarea Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 13/94] isdnloop: Validate NUL-terminated strings from user Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 19/94] sparc64: don't treat 64-bit syscall return codes as 32-bit Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 26/94] matroxfb: restore the registers M_ACCESS and M_PITCH Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 92/94] powernow-k6: correctly initialize default parameters Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 30/94] tgafb: fix data copying Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 87/94] target/tcm_fc: Fix use-after-free of ft_tpg Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 40/94] Btrfs: skip submitting barrier for missing device Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 66/94] dm thin: fix dangling bio in process_deferred_bios error path Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 72/94] reiserfs: fix race in readdir Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 68/94] MIPS: Hibernate: Flush TLB entries in swsusp_arch_resume() Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 67/94] nfsd4: fix setclientid encode size Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 56/94] pid: get pid_t ppid of task in init_pid_ns Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 58/94] Btrfs: fix deadlock with nested trans handles Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 60/94] x86, hyperv: Bypass the timer_irq_works() check Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 57/94] audit: convert PPIDs to the inital PID namespace Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 88/94] drivers: hv: additional switch to use mb() instead of smp_mb() Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 78/94] ocfs2: do not put bh when buffer_uptodate failed Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 39/94] staging:serqt_usb2: Fix sparse warning restricted __le16 degrades to integer Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 41/94] jffs2: remove from wait queue after schedule() Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 35/94] [media] uvcvideo: Do not use usb_set_interface on bulk EP Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 31/94] hvc: ensure hvc_init is only ever called once in hvc_console.c Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 77/94] ocfs2: dlm: fix recovery hung Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 55/94] mfd: 88pm860x: Fix possible NULL pointer dereference on i2c_new_dummy error Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 48/94] ath9k: fix ready time of the multicast buffer queue Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 63/94] nfsd: Add fh_{want,drop}_write() Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 51/94] mfd: Include all drivers in subsystem menu Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 69/94] ALSA: hda - Enable beep for ASUS 1015E Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 32/94] usb: dwc3: fix wrong bit mask in dwc3_event_devt Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 82/94] wait: fix reparent_leader() vs EXIT_DEAD->EXIT_ZOMBIE race Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 76/94] ocfs2: dlm: fix lock migration crash Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 89/94] Char: ipmi_bt_sm, fix infinite loop Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 42/94] jffs2: avoid soft-lockup in jffs2_reserve_space_gc() Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 59/94] gpio: mxs: Allow for recursive enable_irq_wake() call Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 43/94] jffs2: Fix segmentation fault found in stress test Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 44/94] jffs2: Fix crash due to truncation of csize Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 52/94] mfd: max8997: Fix possible NULL pointer dereference on i2c_new_dummy error Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 34/94] tty: Set correct tty name in 'active' sysfs attribute Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 28/94] mach64: use unaligned access Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 65/94] drm/i915/tv: fix gen4 composite s-video tv-out Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 83/94] ALSA: ice1712: Fix boundary checks in PCM pointer ops Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 64/94] nfsd: notify_change needs elevated write count Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 93/94] powernow-k6: reorder frequencies Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 47/94] ext4: fix partial cluster handling for bigalloc file systems Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 29/94] mach64: fix cursor when character width is not a multiple of 8 pixels Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 61/94] nfsd4: buffer-length check for SUPPATTR_EXCLCREAT Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 75/94] sh: fix format string bug in stack tracer Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 86/94] x86-64, modify_ldt: Ban 16-bit segments on 64-bit kernels Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 85/94] b43: Fix machine check error due to improper access of B43_MMIO_PSM_PHY_HDR Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 50/94] IB/nes: Return an error on ib_copy_from_udata() failure instead of NULL Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 38/94] rtlwifi: rtl8192se: Fix too long disable of IRQs Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 84/94] lib/percpu_counter.c: fix bad percpu counter state during suspend Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 73/94] drm/vmwgfx: correct fb_fix_screeninfo.line_length Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 74/94] drm/radeon: call drm_edid_to_eld when we update the edid Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 70/94] IB/mthca: Return an error on ib_copy_to_udata() failure Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 37/94] blktrace: fix accounting of partially completed requests Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 49/94] IB/ipath: Fix potential buffer overrun in sending diag packet routine Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 54/94] mfd: max8925: Fix possible NULL pointer dereference on i2c_new_dummy error Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 45/94] iwlwifi: dvm: take mutex when sending SYNC BT config command Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 53/94] mfd: max8998: Fix possible NULL pointer dereference on i2c_new_dummy error Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 79/94] iscsi-target: Fix ERL=2 ASYNC_EVENT connection pointer bug Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 71/94] IB/ehca: Returns an error on ib_copy_to_udata() failure Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 91/94] powernow-k6: disable cache when changing frequency Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 94/94] Revert "alpha: fix broken network checksum" Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 90/94] selinux: correctly label /proc inodes in use before the policy is loaded Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 62/94] nfsd4: session needs room for following op to error out Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 46/94] virtio_balloon: don't softlockup on huge balloon changes Ben Hutchings
2014-04-28 1:11 ` Ben Hutchings [this message]
2014-04-28 1:11 ` [PATCH 3.2 81/94] mm: hugetlb: fix softlockup when a large number of hugepages are freed Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 36/94] usb: gadget: atmel_usba: fix crashed during stopping when DEBUG is enabled Ben Hutchings
2014-04-28 1:11 ` [PATCH 3.2 33/94] [media] media: gspca: sn9c20x: add ID for Genius Look 1320 V2 Ben Hutchings
2014-04-28 15:05 ` [PATCH 3.2 00/94] 3.2.58-rc1 review Ben Hutchings
2014-04-29 4:01 ` Guenter Roeck
2014-04-30 12:21 ` Ben Hutchings
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=lsq.1398647482.469240383@decadent.org.uk \
--to=ben@decadent.org.uk \
--cc=akpm@linux-foundation.org \
--cc=bob.liu@oracle.com \
--cc=hughd@google.com \
--cc=iamjoonsoo.kim@lge.com \
--cc=kosaki.motohiro@jp.fujitsu.com \
--cc=linux-kernel@vger.kernel.org \
--cc=liwanp@linux.vnet.ibm.com \
--cc=mgorman@suse.de \
--cc=riel@redhat.com \
--cc=rientjes@google.com \
--cc=sasha.levin@oracle.com \
--cc=stable@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=vbabka@suse.cz \
--cc=walken@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox