commit efdb6720b44b2f016d2a04b2c84e577e57ed84bd · tjh.dev/kernel

tjh.dev / kernel

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

mm/rmap: fix munlocking Anon THP with mlocked ptes

Many thanks to Kirill for reminding that PageDoubleMap cannot be relied on
to warn of pte mappings in the Anon THP case; and a scan of subpages does
not seem appropriate here. Note how follow_trans_huge_pmd() does not even
mark an Anon THP as mlocked when compound_mapcount != 1: multiple mlocking
of Anon THP is avoided, so simply return from page_mlock() in this case.

Link: https://lore.kernel.org/lkml/cfa154c-d595-406-eb7d-eb9df730f944@google.com/
Fixes: d9770fcc1c0c ("mm/rmap: fix old bug: munlocking THP missed other mlocks")
Reported-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Signed-off-by: Hugh Dickins <hughd@google.com>
Acked-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Alistair Popple <apopple@nvidia.com>
Cc: Jason Gunthorpe <jgg@nvidia.com>
Cc: Ralph Campbell <rcampbell@nvidia.com>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Yang Shi <shy828301@gmail.com>
Cc: Shakeel Butt <shakeelb@google.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

authored by Hugh Dickins and committed by Linus Torvalds 4 years ago efdb6720 e73f0f0e

+22 -17

1 changed file

expand all

unified split

rmap.c

+22 -17

mm/rmap.c

··· 1440 1440 /* 1441 1441 * If the page is mlock()d, we cannot swap it out. 1442 1442 */ 1443 - if (!(flags & TTU_IGNORE_MLOCK)) { 1444 - if (vma->vm_flags & VM_LOCKED) { 1445 - /* PTE-mapped THP are never marked as mlocked */ 1446 - if (!PageTransCompound(page) || 1447 - (PageHead(page) && !PageDoubleMap(page))) { 1448 - /* 1449 - * Holding pte lock, we do *not* need 1450 - * mmap_lock here 1451 - */ 1452 - mlock_vma_page(page); 1453 - } 1454 - ret = false; 1455 - page_vma_mapped_walk_done(&pvmw); 1456 - break; 1457 - } 1443 + if (!(flags & TTU_IGNORE_MLOCK) && 1444 + (vma->vm_flags & VM_LOCKED)) { 1445 + /* 1446 + * PTE-mapped THP are never marked as mlocked: so do 1447 + * not set it on a DoubleMap THP, nor on an Anon THP 1448 + * (which may still be PTE-mapped after DoubleMap was 1449 + * cleared). But stop unmapping even in those cases. 1450 + */ 1451 + if (!PageTransCompound(page) || (PageHead(page) && 1452 + !PageDoubleMap(page) && !PageAnon(page))) 1453 + mlock_vma_page(page); 1454 + page_vma_mapped_walk_done(&pvmw); 1455 + ret = false; 1456 + break; 1458 1457 } 1459 1458 1460 1459 /* Unexpected PMD-mapped THP? */ ··· 1985 1986 */ 1986 1987 if (vma->vm_flags & VM_LOCKED) { 1987 1988 /* 1988 - * PTE-mapped THP are never marked as mlocked, but 1989 - * this function is never called when PageDoubleMap(). 1989 + * PTE-mapped THP are never marked as mlocked; but 1990 + * this function is never called on a DoubleMap THP, 1991 + * nor on an Anon THP (which may still be PTE-mapped 1992 + * after DoubleMap was cleared). 1990 1993 */ 1991 1994 mlock_vma_page(page); 1992 1995 /* ··· 2022 2021 2023 2022 VM_BUG_ON_PAGE(!PageLocked(page) || PageLRU(page), page); 2024 2023 VM_BUG_ON_PAGE(PageCompound(page) && PageDoubleMap(page), page); 2024 + 2025 + /* Anon THP are only marked as mlocked when singly mapped */ 2026 + if (PageTransCompound(page) && PageAnon(page)) 2027 + return; 2025 2028 2026 2029 rmap_walk(page, &rwc); 2027 2030 }