)]}' { "commit": "d75450ff40df0199bf13dfb19f435519ff947138", "tree": "3eac1374291bf826d4af0c616e47f7ec4f7b4fe4", "parents": [ "81d4bab4ce87228c37ab14a885438544af5c9ce6" ], "author": { "name": "Hugh Dickins", "email": "hughd@google.com", "time": "Fri Apr 07 16:04:39 2017 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sat Apr 08 00:47:48 2017 -0700" }, "message": "mm: fix page_vma_mapped_walk() for ksm pages\n\nDoug Smythies reports oops with KSM in this backtrace, I\u0027ve been seeing\nthe same:\n\n page_vma_mapped_walk+0xe6/0x5b0\n page_referenced_one+0x91/0x1a0\n rmap_walk_ksm+0x100/0x190\n rmap_walk+0x4f/0x60\n page_referenced+0x149/0x170\n shrink_active_list+0x1c2/0x430\n shrink_node_memcg+0x67a/0x7a0\n shrink_node+0xe1/0x320\n kswapd+0x34b/0x720\n\nJust as observed in commit 4b0ece6fa016 (\"mm: migrate: fix\nremove_migration_pte() for ksm pages\"), you cannot use page-\u003eindex\ncalculations on ksm pages.\n\npage_vma_mapped_walk() is relying on __vma_address(), where a ksm page\ncan lead it off the end of the page table, and into whatever nonsense is\nin the next page, ending as an oops inside check_pte()\u0027s pte_page().\n\nKSM tells page_vma_mapped_walk() exactly where to look for the page, it\ndoes not need any page-\u003eindex calculation: and that\u0027s so also for all\nthe normal and file and anon pages - just not for THPs and their\nsubpages. Get out early in most cases: instead of a PageKsm test, move\ndown the earlier not-THP-page test, as suggested by Kirill.\n\nI\u0027m also slightly worried that this loop can stray into other vmas, so\nadded a vm_end test to prevent surprises; though I have not imagined\nanything worse than a very contrived case, in which a page mlocked in\nthe next vma might be reclaimed because it is not mlocked in this vma.\n\nFixes: ace71a19cec5 (\"mm: introduce page_vma_mapped_walk()\")\nLink: http://lkml.kernel.org/r/alpine.LSU.2.11.1704031104400.1118@eggly.anvils\nSigned-off-by: Hugh Dickins \u003chughd@google.com\u003e\nReported-by: Doug Smythies \u003cdsmythies@telus.net\u003e\nTested-by: Doug Smythies \u003cdsmythies@telus.net\u003e\nReviewed-by: Kirill A. Shutemov \u003ckirill.shutemov@linux.intel.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n", "tree_diff": [ { "type": "modify", "old_id": "c4c9def8ffea47b4838fc3095221ee90e0c0fae3", "old_mode": 33188, "old_path": "mm/page_vma_mapped.c", "new_id": "de9c40d7304aa0e714bdd32abe79517ec3d73038", "new_mode": 33188, "new_path": "mm/page_vma_mapped.c" } ] }