From d963565ba19c38f97e47e34cbcd0e03024e412c9 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Mon, 1 Jun 2020 16:41:04 +0200 Subject: [PATCH] 4.4-stable patches added patches: mm-remove-vm_bug_on-pageslab-from-page_mapcount.patch --- ...m_bug_on-pageslab-from-page_mapcount.patch | 72 +++++++++++++++++++ queue-4.4/series | 1 + 2 files changed, 73 insertions(+) create mode 100644 queue-4.4/mm-remove-vm_bug_on-pageslab-from-page_mapcount.patch diff --git a/queue-4.4/mm-remove-vm_bug_on-pageslab-from-page_mapcount.patch b/queue-4.4/mm-remove-vm_bug_on-pageslab-from-page_mapcount.patch new file mode 100644 index 00000000000..e1ae397da61 --- /dev/null +++ b/queue-4.4/mm-remove-vm_bug_on-pageslab-from-page_mapcount.patch @@ -0,0 +1,72 @@ +From 6988f31d558aa8c744464a7f6d91d34ada48ad12 Mon Sep 17 00:00:00 2001 +From: Konstantin Khlebnikov +Date: Wed, 27 May 2020 22:20:47 -0700 +Subject: mm: remove VM_BUG_ON(PageSlab()) from page_mapcount() + +From: Konstantin Khlebnikov + +commit 6988f31d558aa8c744464a7f6d91d34ada48ad12 upstream. + +Replace superfluous VM_BUG_ON() with comment about correct usage. + +Technically reverts commit 1d148e218a0d ("mm: add VM_BUG_ON_PAGE() to +page_mapcount()"), but context lines have changed. + +Function isolate_migratepages_block() runs some checks out of lru_lock +when choose pages for migration. After checking PageLRU() it checks +extra page references by comparing page_count() and page_mapcount(). +Between these two checks page could be removed from lru, freed and taken +by slab. + +As a result this race triggers VM_BUG_ON(PageSlab()) in page_mapcount(). +Race window is tiny. For certain workload this happens around once a +year. + + page:ffffea0105ca9380 count:1 mapcount:0 mapping:ffff88ff7712c180 index:0x0 compound_mapcount: 0 + flags: 0x500000000008100(slab|head) + raw: 0500000000008100 dead000000000100 dead000000000200 ffff88ff7712c180 + raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000 + page dumped because: VM_BUG_ON_PAGE(PageSlab(page)) + ------------[ cut here ]------------ + kernel BUG at ./include/linux/mm.h:628! + invalid opcode: 0000 [#1] SMP NOPTI + CPU: 77 PID: 504 Comm: kcompactd1 Tainted: G W 4.19.109-27 #1 + Hardware name: Yandex T175-N41-Y3N/MY81-EX0-Y3N, BIOS R05 06/20/2019 + RIP: 0010:isolate_migratepages_block+0x986/0x9b0 + +The code in isolate_migratepages_block() was added in commit +119d6d59dcc0 ("mm, compaction: avoid isolating pinned pages") before +adding VM_BUG_ON into page_mapcount(). + +This race has been predicted in 2015 by Vlastimil Babka (see link +below). + +[akpm@linux-foundation.org: comment tweaks, per Hugh] +Fixes: 1d148e218a0d ("mm: add VM_BUG_ON_PAGE() to page_mapcount()") +Signed-off-by: Konstantin Khlebnikov +Signed-off-by: Andrew Morton +Acked-by: Hugh Dickins +Acked-by: Kirill A. Shutemov +Acked-by: Vlastimil Babka +Cc: David Rientjes +Cc: +Link: http://lkml.kernel.org/r/159032779896.957378.7852761411265662220.stgit@buzz +Link: https://lore.kernel.org/lkml/557710E1.6060103@suse.cz/ +Link: https://lore.kernel.org/linux-mm/158937872515.474360.5066096871639561424.stgit@buzz/T/ (v1) +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + include/linux/mm.h | 1 - + 1 file changed, 1 deletion(-) + +--- a/include/linux/mm.h ++++ b/include/linux/mm.h +@@ -446,7 +446,6 @@ static inline void page_mapcount_reset(s + + static inline int page_mapcount(struct page *page) + { +- VM_BUG_ON_PAGE(PageSlab(page), page); + return atomic_read(&page->_mapcount) + 1; + } + diff --git a/queue-4.4/series b/queue-4.4/series index 6bb82402958..5f8df05362b 100644 --- a/queue-4.4/series +++ b/queue-4.4/series @@ -36,3 +36,4 @@ qlcnic-fix-missing-release-in-qlcnic_83xx_interrupt_test.patch bonding-fix-reference-count-leak-in-bond_sysfs_slave_add.patch revert-input-i8042-add-thinkpad-s230u-to-i8042-nomux-list.patch netfilter-nf_conntrack_pptp-fix-compilation-warning-with-w-1-build.patch +mm-remove-vm_bug_on-pageslab-from-page_mapcount.patch -- 2.47.3