iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/mm
History
Naoya Horiguchi 4b0ece6fa0 mm: migrate: fix remove_migration_pte() for ksm pages 
I found that calling page migration for ksm pages causes the following
bug:

    page:ffffea0004d51180 count:2 mapcount:2 mapping:ffff88013c785141 index:0x913
    flags: 0x57ffffc0040068(uptodate|lru|active|swapbacked)
    raw: 0057ffffc0040068 ffff88013c785141 0000000000000913 0000000200000001
    raw: ffffea0004d5f9e0 ffffea0004d53f60 0000000000000000 ffff88007d81b800
    page dumped because: VM_BUG_ON_PAGE(!PageLocked(page))
    page->mem_cgroup:ffff88007d81b800
    ------------[ cut here ]------------
    kernel BUG at /src/linux-dev/mm/rmap.c:1086!
    invalid opcode: 0000 [#1] SMP
    Modules linked in: ppdev parport_pc virtio_balloon i2c_piix4 pcspkr parport i2c_core acpi_cpufreq ip_tables xfs libcrc32c ata_generic pata_acpi ata_piix 8139too libata virtio_blk 8139cp crc32c_intel mii virtio_pci virtio_ring serio_raw virtio floppy dm_mirror dm_region_hash dm_log dm_mod
    CPU: 0 PID: 3162 Comm: bash Not tainted 4.11.0-rc2-mm1+ #1
    Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
    RIP: 0010:do_page_add_anon_rmap+0x1ba/0x260
    RSP: 0018:ffffc90002473b30 EFLAGS: 00010282
    RAX: 0000000000000021 RBX: ffffea0004d51180 RCX: 0000000000000006
    RDX: 0000000000000000 RSI: 0000000000000082 RDI: ffff88007dc0dfe0
    RBP: ffffc90002473b58 R08: 00000000fffffffe R09: 00000000000001c1
    R10: 0000000000000005 R11: 00000000000001c0 R12: ffff880139ab3d80
    R13: 0000000000000000 R14: 0000700000000200 R15: 0000160000000000
    FS:  00007f5195f50740(0000) GS:ffff88007dc00000(0000) knlGS:0000000000000000
    CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
    CR2: 00007fd450287000 CR3: 000000007a08e000 CR4: 00000000001406f0
    Call Trace:
     page_add_anon_rmap+0x18/0x20
     remove_migration_pte+0x220/0x2c0
     rmap_walk_ksm+0x143/0x220
     rmap_walk+0x55/0x60
     remove_migration_ptes+0x53/0x80
     migrate_pages+0x8ed/0xb60
     soft_offline_page+0x309/0x8d0
     store_soft_offline_page+0xaf/0xf0
     dev_attr_store+0x18/0x30
     sysfs_kf_write+0x3a/0x50
     kernfs_fop_write+0xff/0x180
     __vfs_write+0x37/0x160
     vfs_write+0xb2/0x1b0
     SyS_write+0x55/0xc0
     do_syscall_64+0x67/0x180
     entry_SYSCALL64_slow_path+0x25/0x25
    RIP: 0033:0x7f51956339e0
    RSP: 002b:00007ffcfa0dffc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
    RAX: ffffffffffffffda RBX: 000000000000000c RCX: 00007f51956339e0
    RDX: 000000000000000c RSI: 00007f5195f53000 RDI: 0000000000000001
    RBP: 00007f5195f53000 R08: 000000000000000a R09: 00007f5195f50740
    R10: 000000000000000b R11: 0000000000000246 R12: 00007f5195907400
    R13: 000000000000000c R14: 0000000000000001 R15: 0000000000000000
    Code: fe ff ff 48 81 c2 00 02 00 00 48 89 55 d8 e8 2e c3 fd ff 48 8b 55 d8 e9 42 ff ff ff 48 c7 c6 e0 52 a1 81 48 89 df e8 46 ad fe ff <0f> 0b 48 83 e8 01 e9 7f fe ff ff 48 83 e8 01 e9 96 fe ff ff 48
    RIP: do_page_add_anon_rmap+0x1ba/0x260 RSP: ffffc90002473b30
    ---[ end trace a679d00f4af2df48 ]---
    Kernel panic - not syncing: Fatal exception
    Kernel Offset: disabled
    ---[ end Kernel panic - not syncing: Fatal exception

The problem is in the following lines:

    new = page - pvmw.page->index +
        linear_page_index(vma, pvmw.address);

The 'new' is calculated with 'page' which is given by the caller as a
destination page and some offset adjustment for thp.  But this doesn't
properly work for ksm pages because pvmw.page->index doesn't change for
each address but linear_page_index() changes, which means that 'new'
points to different pages for each addresses backed by the ksm page.  As
a result, we try to set totally unrelated pages as destination pages,
and that causes kernel crash.

This patch fixes the miscalculation and makes ksm page migration work
fine.

Fixes: 3fe87967c536 ("mm: convert remove_migration_pte() to use page_vma_mapped_walk()")
Link: http://lkml.kernel.org/r/1489717683-29905-1-git-send-email-n-horiguchi@ah.jp.nec.com
Signed-off-by: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com>
Cc: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Cc: Michal Hocko <mhocko@kernel.org>
Cc: Mel Gorman <mgorman@suse.de>
Cc: Hillf Danton <hillf.zj@alibaba-inc.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2017-03-31 17:13:30 -07:00
..
kasan
Merge branch 'prep-for-5level'
2017-03-10 08:59:07 -08:00
backing-dev.c
bdi: Fix use-after-free in wb_congested_put()
2017-03-08 10:55:17 -07:00
balloon_compaction.c
mm: balloon: use general non-lru movable page feature
2016-07-26 16:19:19 -07:00
bootmem.c
mm/bootmem.c: cosmetic improvement of code readability
2017-02-22 16:41:29 -08:00
cleancache.c
cleancache: constify cleancache_ops structure
2016-01-27 09:09:57 -05:00
cma_debug.c
mm: cma_alloc: allow to specify GFP mask
2017-02-24 17:46:55 -08:00
cma.c
mm: cma: print allocation failure reason and bitmap status
2017-02-24 17:46:55 -08:00
cma.h
mm: cma: mark cma_bitmap_maxno() inline in header
2015-08-14 15:56:32 -07:00
compaction.c
sched/headers: Prepare to move signal wakeup & sigpending methods from <linux/sched.h> into <linux/sched/signal.h>
2017-03-02 08:42:32 +01:00
debug_page_ref.c
mm/page_ref: add tracepoint to track down page reference manipulation
2016-03-17 15:09:34 -07:00
debug.c
mm, debug: print raw struct page data in __dump_page()
2016-12-12 18:55:08 -08:00
dmapool.c
lib/vsprintf.c: remove %Z support
2017-02-27 18:43:47 -08:00
early_ioremap.c
mm/early_ioremap: use offset_in_page macro
2015-11-05 19:34:48 -08:00
fadvise.c
mm: fadvise: avoid expensive remote LRU cache draining after FADV_DONTNEED
2016-12-20 09:48:46 -08:00
failslab.c
mm: fault-inject take over bootstrap kmem_cache check
2016-03-15 16:55:16 -07:00
filemap.c
sched/headers: Prepare for new header dependencies before moving code to <linux/sched/signal.h>
2017-03-02 08:42:29 +01:00
frame_vector.c
mm: replace get_vaddr_frames() write/force parameters with gup_flags
2016-10-19 08:11:24 -07:00
frontswap.c
mm, frontswap: convert frontswap_enabled to static key
2016-07-26 16:19:19 -07:00
gup.c
mm, gup: fix typo in gup_p4d_range()
2017-03-13 08:58:09 -07:00
highmem.c
mm/highmem: make nr_free_highpages() handles all highmem zones by itself
2016-05-19 19:12:14 -07:00
huge_memory.c
Merge branch 'prep-for-5level'
2017-03-10 08:59:07 -08:00
hugetlb_cgroup.c
mm, hugetlb_cgroup: round limit_in_bytes down to hugepage size
2016-05-20 17:58:30 -07:00
hugetlb.c
mm: convert generic code to 5-level paging
2017-03-09 11:48:47 -08:00
hwpoison-inject.c
hwpoison: use page_cgroup_ino for filtering by memcg
2015-09-10 13:29:01 -07:00
init-mm.c
mm: Add a user_ns owner to mm_struct and fix ptrace permission checks
2016-11-22 11:49:48 -06:00
internal.h
mm, rmap: check all VMAs that PTE-mapped THP can be part of
2017-02-24 17:46:55 -08:00
interval_tree.c
mm: replace vma->sharead.linear with vma->shared
2015-02-10 14:30:31 -08:00
Kconfig
mm: THP page cache support for ppc64
2016-12-12 18:55:08 -08:00
Kconfig.debug
mm: add arch-independent testcases for RODATA
2017-02-27 18:43:48 -08:00
khugepaged.c
sched/headers: Prepare for new header dependencies before moving code to <linux/sched/coredump.h>
2017-03-02 08:42:28 +01:00
kmemcheck.c
mm: convert printk(KERN_<LEVEL> to pr_<level>
2016-03-17 15:09:34 -07:00
kmemleak-test.c
mm: convert printk(KERN_<LEVEL> to pr_<level>
2016-03-17 15:09:34 -07:00
kmemleak.c
sched/headers: Prepare for new header dependencies before moving code to <linux/sched/task_stack.h>
2017-03-02 08:42:36 +01:00
ksm.c
sched/headers: Prepare for new header dependencies before moving code to <linux/sched/coredump.h>
2017-03-02 08:42:28 +01:00
list_lru.c
mm/list_lru.c: avoid error-path NULL pointer deref
2016-10-27 18:43:42 -07:00
maccess.c
x86: remove more uaccess_32.h complexity
2016-05-22 17:21:27 -07:00
madvise.c
userfaultfd: non-cooperative: userfaultfd_remove revalidate vma in MADV_DONTNEED
2017-03-09 17:01:10 -08:00
Makefile
mm: add arch-independent testcases for RODATA
2017-02-27 18:43:48 -08:00
memblock.c
mm/memblock.c: fix memblock_next_valid_pfn()
2017-03-09 17:01:10 -08:00
memcontrol.c
mm: do not call mem_cgroup_free() from within mem_cgroup_alloc()
2017-03-09 17:01:10 -08:00
memory_hotplug.c
mm: add private lock to serialize memory hotplug operations
2017-03-16 16:56:18 -07:00
memory-failure.c
sched/headers: Prepare for new header dependencies before moving code to <linux/sched/task.h>
2017-03-02 08:42:35 +01:00
memory.c
mm: introduce __p4d_alloc()
2017-03-09 11:48:48 -08:00
mempolicy.c
sched/headers: Prepare to move the task_lock()/unlock() APIs to <linux/sched/task.h>
2017-03-02 08:42:38 +01:00
mempool.c
Revert "mm, mempool: only set __GFP_NOMEMALLOC if there are free elements"
2016-07-28 16:07:41 -07:00
memtest.c
memtest: remove unused header files
2015-09-08 15:35:28 -07:00
migrate.c
mm: migrate: fix remove_migration_pte() for ksm pages
2017-03-31 17:13:30 -07:00
mincore.c
mm: remove shmem_mapping() shmem_zero_setup() duplicates
2017-02-24 17:46:56 -08:00
mlock.c
Merge branch 'prep-for-5level'
2017-03-10 08:59:07 -08:00
mm_init.c
mm: convert printk(KERN_<LEVEL> to pr_<level>
2016-03-17 15:09:34 -07:00
mmap.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2017-03-02 15:20:00 -08:00
mmu_context.c
sched/headers: Prepare to move the task_lock()/unlock() APIs to <linux/sched/task.h>
2017-03-02 08:42:38 +01:00
mmu_notifier.c
sched/headers: Prepare for new header dependencies before moving code to <linux/sched/mm.h>
2017-03-02 08:42:28 +01:00
mmzone.c
mm/mmzone.c: swap likely to unlikely as code logic is different for next_zones_zonelist()
2017-02-22 16:41:29 -08:00
mprotect.c
mm: convert generic code to 5-level paging
2017-03-09 11:48:47 -08:00
mremap.c
mm: convert generic code to 5-level paging
2017-03-09 11:48:47 -08:00
msync.c
mm/msync: use offset_in_page macro
2015-11-05 19:34:48 -08:00
nobootmem.c
mm: kmemleak: avoid using __va() on addresses that don't have a lowmem mapping
2016-10-11 15:06:33 -07:00
nommu.c
Merge branch 'WIP.sched-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2017-03-03 10:16:38 -08:00
oom_kill.c
sched/headers: Prepare for new header dependencies before moving code to <linux/sched/task.h>
2017-03-02 08:42:35 +01:00
page_alloc.c
mm, page_alloc: Add missing check for memory holes
2017-03-08 11:10:10 -08:00
page_counter.c
mm: page_counter: let page_counter_try_charge() return bool
2015-11-05 19:34:48 -08:00
page_ext.c
mm/page_ext: support extra space allocation by page_ext user
2016-10-07 18:46:27 -07:00
page_idle.c
mm: fix handling PTE-mapped THPs in page_idle_clear_pte_refs()
2017-02-24 17:46:55 -08:00
page_io.c
writeback: add wbc_to_write_flags()
2016-11-02 10:24:03 -06:00
page_isolation.c
mm, page_alloc: avoid page_to_pfn() when merging buddies
2017-02-22 16:41:27 -08:00
page_owner.c
mm/page_owner: don't define fields on struct page_ext by hard-coding
2016-10-07 18:46:27 -07:00
page_poison.c
mm: check the return value of lookup_page_ext for all call sites
2016-06-03 15:06:22 -07:00
page_vma_mapped.c
mm: convert generic code to 5-level paging
2017-03-09 11:48:47 -08:00
page-writeback.c
sched/headers: Prepare for the reduction of <linux/sched.h>'s signal API dependency
2017-03-02 08:42:37 +01:00
pagewalk.c
mm: convert generic code to 5-level paging
2017-03-09 11:48:47 -08:00
percpu-km.c
mm: percpu: use pr_fmt to prefix output
2016-03-17 15:09:34 -07:00
percpu-vm.c
percpu: remove unused chunk_alloc parameter from pcpu_get_pages()
2017-03-06 15:56:55 -05:00
percpu.c
percpu: acquire pcpu_lock when updating pcpu_nr_empty_pop_pages
2017-03-06 15:55:39 -05:00
pgtable-generic.c
mm: convert generic code to 5-level paging
2017-03-09 11:48:47 -08:00
process_vm_access.c
sched/headers: Prepare for new header dependencies before moving code to <linux/sched/mm.h>
2017-03-02 08:42:28 +01:00
quicklist.c
fix Christoph's email addresses
2016-03-17 15:09:34 -07:00
readahead.c
mm: don't cap request size based on read-ahead setting
2016-12-12 18:55:08 -08:00
rmap.c
Merge branch 'prep-for-5level'
2017-03-10 08:59:07 -08:00
rodata_test.c
mm: add arch-independent testcases for RODATA
2017-02-27 18:43:48 -08:00
shmem.c
Merge branch 'rebased-statx' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2017-03-03 11:38:56 -08:00
slab_common.c
kasan: drain quarantine of memcg slab objects
2017-02-24 17:46:56 -08:00
slab.c
sched/headers: Prepare to move kstack_end() from <linux/sched.h> to <linux/sched/task_stack.h>
2017-03-02 08:42:39 +01:00
slab.h
slab: remove synchronous synchronize_sched() from memcg cache deactivation path
2017-02-22 16:41:27 -08:00
slob.c
slab: introduce __kmemcg_cache_deactivate()
2017-02-22 16:41:27 -08:00
slub.c
slub: make sysfs directories for memcg sub-caches optional
2017-02-22 16:41:27 -08:00
sparse-vmemmap.c
mm: convert generic code to 5-level paging
2017-03-09 11:48:47 -08:00
sparse.c
mm/memory_hotplug: set magic number to page->freelist instead of page->lru.next
2017-02-22 16:41:29 -08:00
swap_cgroup.c
mm: convert printk(KERN_<LEVEL> to pr_<level>
2016-03-17 15:09:34 -07:00
swap_slots.c
mm, swap: Remove WARN_ON_ONCE() in free_swap_slot()
2017-03-21 14:13:19 -07:00
swap_state.c
mm/swap: skip readahead only when swap slot cache is enabled
2017-02-22 16:41:30 -08:00
swap.c
mm: vmscan: move dirty pages out of the way until they're flushed
2017-02-24 17:46:54 -08:00
swapfile.c
mm: convert generic code to 5-level paging
2017-03-09 11:48:47 -08:00
truncate.c
fs: add i_blocksize()
2017-02-27 18:43:46 -08:00
usercopy.c
sched/headers: Prepare for new header dependencies before moving code to <linux/sched/task.h>
2017-03-02 08:42:35 +01:00
userfaultfd.c
mm: convert generic code to 5-level paging
2017-03-09 11:48:47 -08:00
util.c
sched/headers: Prepare for new header dependencies before moving code to <linux/sched/task_stack.h>
2017-03-02 08:42:36 +01:00
vmacache.c
sched/headers: Prepare to move 'init_task' and 'init_thread_union' from <linux/sched.h> to <linux/sched/task.h>
2017-03-02 08:42:38 +01:00
vmalloc.c
mm: don't warn when vmalloc() fails due to a fatal signal
2017-03-16 16:56:18 -07:00
vmpressure.c
mm: vmpressure: fix sending wrong events on underflow
2017-02-24 17:46:56 -08:00
vmscan.c
sched/headers: Prepare to move the memalloc_noio_*() APIs to <linux/sched/mm.h>
2017-03-02 08:42:33 +01:00
vmstat.c
mm/vmstats: add thp_split_pud event for clarity
2017-03-09 17:01:10 -08:00
workingset.c
Merge branch 'idr-4.11' of git://git.infradead.org/users/willy/linux-dax
2017-02-28 20:29:41 -08:00
z3fold.c
z3fold: fix spinlock unlocking in page reclaim
2017-03-16 16:56:18 -07:00
zbud.c
mm/zbud.c: use list_last_entry() instead of list_tail_entry()
2016-01-15 11:40:52 -08:00
zpool.c
mm: zsmalloc: constify struct zs_pool name
2015-11-06 17:50:42 -08:00
zsmalloc.c
sched/headers: Prepare to remove the <linux/magic.h> include from <linux/sched/task_stack.h>
2017-03-02 08:42:40 +01:00
zswap.c
zswap: don't param_set_charp while holding spinlock
2017-02-27 18:43:45 -08:00