From: Andrea Arcangeli Date: Thu, 13 Jan 2011 23:47:16 +0000 (-0800) Subject: thp: fix memory-failure hugetlbfs vs THP collision X-Git-Tag: firefly_0821_release~7613^2~2751 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=91600e9e592e48736e630851c83da2ad6bf0e91f;p=firefly-linux-kernel-4.4.55.git thp: fix memory-failure hugetlbfs vs THP collision hugetlbfs was changed to allow memory failure to migrate the hugetlbfs pages and that broke THP as split_huge_page was then called on hugetlbfs pages too. compound_head/order was also run unsafe on THP pages that can be splitted at any time. All compound_head() invocations in memory-failure.c that are run on pages that aren't pinned and that can be freed and reused from under us (while compound_head is running) are buggy because compound_head can return a dangling pointer, but I'm not fixing this as this is a generic memory-failure bug not specific to THP but it applies to hugetlbfs too, so I can fix it later after THP is merged upstream. Signed-off-by: Andrea Arcangeli Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- diff --git a/mm/memory-failure.c b/mm/memory-failure.c index 6a283cc9317c..1b43d0ffff65 100644 --- a/mm/memory-failure.c +++ b/mm/memory-failure.c @@ -386,7 +386,7 @@ static void collect_procs_anon(struct page *page, struct list_head *to_kill, struct task_struct *tsk; struct anon_vma *av; - if (unlikely(split_huge_page(page))) + if (!PageHuge(page) && unlikely(split_huge_page(page))) return; read_lock(&tasklist_lock); av = page_lock_anon_vma(page); diff --git a/mm/rmap.c b/mm/rmap.c index 3825ae4bc32f..c30f33854f97 100644 --- a/mm/rmap.c +++ b/mm/rmap.c @@ -1430,7 +1430,7 @@ int try_to_unmap(struct page *page, enum ttu_flags flags) int ret; BUG_ON(!PageLocked(page)); - BUG_ON(PageTransHuge(page)); + VM_BUG_ON(!PageHuge(page) && PageTransHuge(page)); if (unlikely(PageKsm(page))) ret = try_to_unmap_ksm(page, flags);