summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNaoya Horiguchi <n-horiguchi@ah.jp.nec.com>2016-07-14 12:07:35 -0700
committerLinus Torvalds <torvalds@linux-foundation.org>2016-07-15 14:54:27 +0900
commit55bda43bb26d2c11eeedac742eff87a8ac34c106 (patch)
tree7b351dcf9347f16e819f93b35fb31654533fcb47
parent33f4751e99601b7bfd1d66aedabd3ee9140922de (diff)
downloadlinux-55bda43bb26d2c11eeedac742eff87a8ac34c106.tar.gz
mm: rmap: call page_check_address() with sync enabled to avoid racy check
The previous patch addresses the race between split_huge_pmd_address() and someone changing the pmd. The fix is only for splitting of normal thp (i.e. pmd-mapped thp,) and for splitting of pte-mapped thp there still is the similar race. For splitting pte-mapped thp, the pte's conversion is done by try_to_unmap_one(TTU_MIGRATION). This function checks page_check_address() to get the target pte, but it can return NULL under some race, leading to VM_BUG_ON() in freeze_page(). Fortunately, page_check_address() already has an argument to decide whether we do a quick/racy check or not, so let's flip it when called from freeze_page(). Link: http://lkml.kernel.org/r/1466990929-7452-2-git-send-email-n-horiguchi@ah.jp.nec.com Signed-off-by: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com> Cc: Kirill A. Shutemov <kirill.shutemov@linux.intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-rw-r--r--mm/rmap.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/mm/rmap.c b/mm/rmap.c
index 0ea5d9071b32..e4b713a6ed7e 100644
--- a/mm/rmap.c
+++ b/mm/rmap.c
@@ -1427,7 +1427,8 @@ static int try_to_unmap_one(struct page *page, struct vm_area_struct *vma,
goto out;
}
- pte = page_check_address(page, mm, address, &ptl, 0);
+ pte = page_check_address(page, mm, address, &ptl,
+ PageTransCompound(page));
if (!pte)
goto out;