mm/ksm: get mm_slot by mm_slot_entry() when slot is !NULL

Patch series "mm_slot: fix the usage of mm_slot_entry", v2.

When using mm_slot in ksm, there is code like:

     slot = mm_slot_lookup(mm_slots_hash, mm);
     mm_slot = mm_slot_entry(slot, struct ksm_mm_slot, slot);
     if (mm_slot && ..) {
     }

The mm_slot_entry() won't return a valid value if slot is NULL generally.
But currently it works since slot is the first element of struct
ksm_mm_slot.

To reduce the ambiguity and make it robust, access mm_slot_entry() when
slot is !NULL.

Link: https://lkml.kernel.org/r/20250919071244.17020-1-richard.weiyang@gmail.com
Link: https://lkml.kernel.org/r/20250919071244.17020-2-richard.weiyang@gmail.com
Signed-off-by: Wei Yang <richard.weiyang@gmail.com>
Acked-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Dev Jain <dev.jain@arm.com>
Reviewed-by: Lance Yang <lance.yang@linux.dev>
Cc: Kiryl Shutsemau <kirill@shutemov.name>
Cc: xu xin <xu.xin16@zte.com.cn>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>

diff --git a/mm/ksm.c b/mm/ksm.c
index 2dbe92e3dd52a1d91726e8ce722ec74dc882fe8a..04019a15b25d0105e2b4c076b4b4918ad6c6e6de 100644 (file)
--- a/mm/ksm.c
+++ b/mm/ksm.c
@@ -2936,15 +2936,17 @@ void __ksm_exit(struct mm_struct *mm)
 
        spin_lock(&ksm_mmlist_lock);
        slot = mm_slot_lookup(mm_slots_hash, mm);
-       mm_slot = mm_slot_entry(slot, struct ksm_mm_slot, slot);
-       if (mm_slot && ksm_scan.mm_slot != mm_slot) {
-               if (!mm_slot->rmap_list) {
-                       hash_del(&slot->hash);
-                       list_del(&slot->mm_node);
-                       easy_to_free = 1;
-               } else {
-                       list_move(&slot->mm_node,
-                                 &ksm_scan.mm_slot->slot.mm_node);
+       if (slot) {
+               mm_slot = mm_slot_entry(slot, struct ksm_mm_slot, slot);
+               if (ksm_scan.mm_slot != mm_slot) {
+                       if (!mm_slot->rmap_list) {
+                               hash_del(&slot->hash);
+                               list_del(&slot->mm_node);
+                               easy_to_free = 1;
+                       } else {
+                               list_move(&slot->mm_node,
+                                         &ksm_scan.mm_slot->slot.mm_node);
+                       }
                }
        }
        spin_unlock(&ksm_mmlist_lock);