mm: fix swapops.h:131 bug if remap_file_pages raced migration
authorHugh Dickins <hughd@google.com>
Fri, 21 Mar 2014 04:52:17 +0000 (21:52 -0700)
committerLinus Torvalds <torvalds@linux-foundation.org>
Fri, 21 Mar 2014 05:09:09 +0000 (22:09 -0700)
commit7e09e738afd21ef99f047425fc0b0c9be8b03254
tree423cb848a7d6875509b99720d4afcfa208bac078
parent3fb725c48b93c0a152174b6dbbc1029b5e734c7b
mm: fix swapops.h:131 bug if remap_file_pages raced migration

Add remove_linear_migration_ptes_from_nonlinear(), to fix an interesting
little include/linux/swapops.h:131 BUG_ON(!PageLocked) found by trinity:
indicating that remove_migration_ptes() failed to find one of the
migration entries that was temporarily inserted.

The problem comes from remap_file_pages()'s switch from vma_interval_tree
(good for inserting the migration entry) to i_mmap_nonlinear list (no good
for locating it again); but can only be a problem if the remap_file_pages()
range does not cover the whole of the vma (zap_pte() clears the range).

remove_migration_ptes() needs a file_nonlinear method to go down the
i_mmap_nonlinear list, applying linear location to look for migration
entries in those vmas too, just in case there was this race.

The file_nonlinear method does need rmap_walk_control.arg to do this;
but it never needed vma passed in - vma comes from its own iteration.

Reported-and-tested-by: Dave Jones <davej@redhat.com>
Reported-and-tested-by: Sasha Levin <sasha.levin@oracle.com>
Signed-off-by: Hugh Dickins <hughd@google.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
include/linux/rmap.h
mm/migrate.c
mm/rmap.c