From patchwork Mon Feb 28 14:02:45 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Miaohe Lin X-Patchwork-Id: 12763342 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id D07B1C433F5 for ; Mon, 28 Feb 2022 14:03:37 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 3EF458D0002; Mon, 28 Feb 2022 09:03:37 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 39E7C8D0001; Mon, 28 Feb 2022 09:03:37 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 28EDA8D0002; Mon, 28 Feb 2022 09:03:37 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (relay.hostedemail.com [64.99.140.26]) by kanga.kvack.org (Postfix) with ESMTP id 1B22A8D0001 for ; Mon, 28 Feb 2022 09:03:37 -0500 (EST) Received: from smtpin14.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id C61C1614CC for ; Mon, 28 Feb 2022 14:03:36 +0000 (UTC) X-FDA: 79192356432.14.3D08BEC Received: from szxga02-in.huawei.com (szxga02-in.huawei.com [45.249.212.188]) by imf12.hostedemail.com (Postfix) with ESMTP id BD3AB40005 for ; Mon, 28 Feb 2022 14:03:35 +0000 (UTC) Received: from canpemm500002.china.huawei.com (unknown [172.30.72.56]) by szxga02-in.huawei.com (SkyGuard) with ESMTP id 4K6hs526PWzdfkJ; Mon, 28 Feb 2022 22:02:17 +0800 (CST) Received: from huawei.com (10.175.124.27) by canpemm500002.china.huawei.com (7.192.104.244) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.21; Mon, 28 Feb 2022 22:03:32 +0800 From: Miaohe Lin To: , CC: , , Subject: [PATCH 4/4] mm/memory-failure.c: fix potential VM_BUG_ON_PAGE in split_huge_page_to_list Date: Mon, 28 Feb 2022 22:02:45 +0800 Message-ID: <20220228140245.24552-5-linmiaohe@huawei.com> X-Mailer: git-send-email 2.23.0 In-Reply-To: <20220228140245.24552-1-linmiaohe@huawei.com> References: <20220228140245.24552-1-linmiaohe@huawei.com> MIME-Version: 1.0 X-Originating-IP: [10.175.124.27] X-ClientProxiedBy: dggems704-chm.china.huawei.com (10.3.19.181) To canpemm500002.china.huawei.com (7.192.104.244) X-CFilter-Loop: Reflected X-Rspamd-Queue-Id: BD3AB40005 X-Stat-Signature: rorjn76jn99ubxx6knq1g8f4sfcb8bmb X-Rspam-User: Authentication-Results: imf12.hostedemail.com; dkim=none; spf=pass (imf12.hostedemail.com: domain of linmiaohe@huawei.com designates 45.249.212.188 as permitted sender) smtp.mailfrom=linmiaohe@huawei.com; dmarc=pass (policy=quarantine) header.from=huawei.com X-Rspamd-Server: rspam07 X-HE-Tag: 1646057015-885239 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: The huge zero page could reach here and if we ever try to split it, the VM_BUG_ON_PAGE will be triggered in split_huge_page_to_list(). Also the non-lru compound movable pages could be taken for transhuge pages. Skip these pages by checking PageLRU because huge zero page isn't lru page as non-lru compound movable pages. Signed-off-by: Miaohe Lin --- mm/memory-failure.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/mm/memory-failure.c b/mm/memory-failure.c index 23bfd809dc8c..ac6492e36978 100644 --- a/mm/memory-failure.c +++ b/mm/memory-failure.c @@ -1792,6 +1792,20 @@ int memory_failure(unsigned long pfn, int flags) } if (PageTransHuge(hpage)) { + /* + * The non-lru compound movable pages could be taken for + * transhuge pages. Also huge zero page could reach here + * and if we ever try to split it, the VM_BUG_ON_PAGE will + * be triggered in split_huge_page_to_list(). Skip these + * pages by checking PageLRU because huge zero page isn't + * lru page as non-lru compound movable pages. + */ + if (!PageLRU(hpage)) { + put_page(p); + action_result(pfn, MF_MSG_UNSPLIT_THP, MF_IGNORED); + res = -EBUSY; + goto unlock_mutex; + } /* * The flag must be set after the refcount is bumped * otherwise it may race with THP split.