Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp8111497imu; Tue, 4 Dec 2018 03:11:52 -0800 (PST) X-Google-Smtp-Source: AFSGD/UouNtGlAayRVVaNWZzdI4EE67pWDFKsjEe+A6x1SfEUYVpjlsCWUnHwNZU6x+sgrutw1Of X-Received: by 2002:a17:902:7e0d:: with SMTP id b13mr19921904plm.154.1543921912403; Tue, 04 Dec 2018 03:11:52 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1543921912; cv=none; d=google.com; s=arc-20160816; b=E3mf9MEl8UQ5+sFG/U2AJGnUHv6vxXqiA7E4xcU+pPhWBsfkCxA3rdljBVlQYIRoYm rqP2Cfout9+oGouyebZVLJsZdVd7ZqmSFslzVHpefjrZlIn5iqXE55uh5lvQUTobbbvc atigZ7Dy6r10LW9l9XvODFz9HLwKaIiVatabU9i7zO1a2l1a43EhsWnvdXvEQTj1+5tZ dLuDYkkXp7Gnk9CsHtTe+jg7WdqchUkS8By83yl81Jf7w0yihTDZ/nqLgcST8CLYuuB0 DQk1J8qBbPszfkfIA8iDaDn6sKVKRiBHSlMNL2KktlvRsbYi9UrPmawExlC/Y/32x/SD 3Isw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=OSuvlQiKLhqmSMs6bCj7Tzd81BigfpO8T5duLqQ3ByM=; b=pJSo7tO2TfiNIVJsOF2EKvamdlKkMwZPM5CZzrRqJmF94Ev0nEfAPL1YPnBL9qyea+ Mm/DDzxIqptZPljBG4cLhQYkiimiQxTGOtaFp6ZrhNtTQCIXSmdP4i3v9tZtA6xY54M3 KeB/kYn3H66fU2C6FPf9JVzexPpZsnhVijnkSm0zJKaTh+Lx+49VEDiidb9SmiLoKBLS 58We+nX6KlExy/KUvUykRkICKGk/Nh/4WAYR+ULkZU55A5oMaWt0W6C3dHLgMnUdUS9p MyxJEGdtOPF1HhJta2dybshrLFyTcqNLvMAEpSw8gFR4IKVySJyrYXpOU+e3zdaQP6/8 ug2Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=LfgQmMVd; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id c3si16537259plr.178.2018.12.04.03.11.37; Tue, 04 Dec 2018 03:11:52 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=LfgQmMVd; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728176AbeLDLLE (ORCPT + 99 others); Tue, 4 Dec 2018 06:11:04 -0500 Received: from mail.kernel.org ([198.145.29.99]:58838 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728189AbeLDLJH (ORCPT ); Tue, 4 Dec 2018 06:09:07 -0500 Received: from localhost (5356596B.cm-6-7b.dynamic.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id C75E52146D; Tue, 4 Dec 2018 11:09:05 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1543921746; bh=OuWQf6jkyalr3p8H3NoxMh/DeDbpi2JCxAf+NN3rZzY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=LfgQmMVdz4KP9dKtTXrSCSpl34X3jKXslCf+5R80x7P725t094fLWdMOceRl75BpP gXbfbHJaojGpQHT/Gs0r8wnmJ6INE7O0EzRD/vxPThspNizzXfdMmw4/gGzSWoE756 wGR8ONOxKavZPLDQ/t1juX8MYZV4hJvlDcOVvHig= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Hugh Dickins , "Kirill A. Shutemov" , Jerome Glisse , Konstantin Khlebnikov , Matthew Wilcox , Andrew Morton , Linus Torvalds , Sasha Levin Subject: [PATCH 4.9 08/50] mm/khugepaged: fix crashes due to misaccounted holes Date: Tue, 4 Dec 2018 11:50:03 +0100 Message-Id: <20181204103714.929244939@linuxfoundation.org> X-Mailer: git-send-email 2.19.2 In-Reply-To: <20181204103714.485546262@linuxfoundation.org> References: <20181204103714.485546262@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review X-Patchwork-Hint: ignore MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.9-stable review patch. If anyone has any objections, please let me know. ------------------ commit aaa52e340073b7f4593b3c4ddafcafa70cf838b5 upstream. Huge tmpfs testing on a shortish file mapped into a pmd-rounded extent hit shmem_evict_inode()'s WARN_ON(inode->i_blocks) followed by clear_inode()'s BUG_ON(inode->i_data.nrpages) when the file was later closed and unlinked. khugepaged's collapse_shmem() was forgetting to update mapping->nrpages on the rollback path, after it had added but then needs to undo some holes. There is indeed an irritating asymmetry between shmem_charge(), whose callers want it to increment nrpages after successfully accounting blocks, and shmem_uncharge(), when __delete_from_page_cache() already decremented nrpages itself: oh well, just add a comment on that to them both. And shmem_recalc_inode() is supposed to be called when the accounting is expected to be in balance (so it can deduce from imbalance that reclaim discarded some pages): so change shmem_charge() to update nrpages earlier (though it's rare for the difference to matter at all). Link: http://lkml.kernel.org/r/alpine.LSU.2.11.1811261523450.2275@eggly.anvils Fixes: 800d8c63b2e98 ("shmem: add huge pages support") Fixes: f3f0e1d2150b2 ("khugepaged: add support of collapse for tmpfs/shmem pages") Signed-off-by: Hugh Dickins Acked-by: Kirill A. Shutemov Cc: Jerome Glisse Cc: Konstantin Khlebnikov Cc: Matthew Wilcox Cc: [4.8+] Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Sasha Levin --- mm/khugepaged.c | 4 +++- mm/shmem.c | 6 +++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/mm/khugepaged.c b/mm/khugepaged.c index 62de24194f24..3f7bfd98b0e6 100644 --- a/mm/khugepaged.c +++ b/mm/khugepaged.c @@ -1538,8 +1538,10 @@ static void collapse_shmem(struct mm_struct *mm, *hpage = NULL; } else { /* Something went wrong: rollback changes to the radix-tree */ - shmem_uncharge(mapping->host, nr_none); spin_lock_irq(&mapping->tree_lock); + mapping->nrpages -= nr_none; + shmem_uncharge(mapping->host, nr_none); + radix_tree_for_each_slot(slot, &mapping->page_tree, &iter, start) { if (iter.index >= end) diff --git a/mm/shmem.c b/mm/shmem.c index e30ffaa065a4..54911bbc74d6 100644 --- a/mm/shmem.c +++ b/mm/shmem.c @@ -283,12 +283,14 @@ bool shmem_charge(struct inode *inode, long pages) if (!shmem_inode_acct_block(inode, pages)) return false; + /* nrpages adjustment first, then shmem_recalc_inode() when balanced */ + inode->i_mapping->nrpages += pages; + spin_lock_irqsave(&info->lock, flags); info->alloced += pages; inode->i_blocks += pages * BLOCKS_PER_PAGE; shmem_recalc_inode(inode); spin_unlock_irqrestore(&info->lock, flags); - inode->i_mapping->nrpages += pages; return true; } @@ -298,6 +300,8 @@ void shmem_uncharge(struct inode *inode, long pages) struct shmem_inode_info *info = SHMEM_I(inode); unsigned long flags; + /* nrpages adjustment done by __delete_from_page_cache() or caller */ + spin_lock_irqsave(&info->lock, flags); info->alloced -= pages; inode->i_blocks -= pages * BLOCKS_PER_PAGE; -- 2.17.1