Changing PTEs and PMDs to pte_numa & pmd_numa is done with the mmap_sem held for reading, which means a pmd can be instantiated and/or turned into a numa one while __handle_mm_fault is examining the value of orig_pmd.
If that happens, __handle_mm_fault should just return and let the page fault retry, instead of throwing an oops. Signed-off-by: Rik van Riel <[email protected]> Reported-by: Sunil Pandey <[email protected]> --- mm/memory.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/mm/memory.c b/mm/memory.c index d0f0bef..9edccb2 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -3900,8 +3900,9 @@ static int __handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma, } } - /* THP should already have been handled */ - BUG_ON(pmd_numa(*pmd)); + /* The PMD became NUMA while we examined orig_pmd. Return & retry */ + if (pmd_numa(*pmd)) + return 0; /* * Use __pte_alloc instead of pte_alloc_map, because we can't -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
