From: Andrea Arcangeli <aarca...@redhat.com>
commit: d179e84ba5da1d0024087d1759a2938817a00f3f
It is unsafe to run page_count during the physical pfn scan because
compound_head could trip on a dangling pointer when reading
page->first_page if the compound page is being freed by another CPU.
[mgor...@suse.de: split out patch]
Signed-off-by: Andrea Arcangeli <aarca...@redhat.com>
Signed-off-by: Mel Gorman <mgor...@suse.de>
Reviewed-by: Michal Hocko <mho...@suse.cz>
Reviewed-by: Minchan Kim <minchan....@gmail.com>
Signed-off-by: Andrew Morton <a...@linux-foundation.org>
Signed-off-by: Linus Torvalds <torva...@linux-foundation.org>
---
mm/vmscan.c | 16 ++++++++++++++--
1 files changed, 14 insertions(+), 2 deletions(-)
diff --git a/mm/vmscan.c b/mm/vmscan.c
index cc1470b..37c5038 100644
--- a/mm/vmscan.c
+++ b/mm/vmscan.c
@@ -1114,8 +1114,20 @@ static unsigned long isolate_lru_pages(unsigned long
nr_to_scan,
nr_lumpy_dirty++;
scan++;
} else {
- /* the page is freed already. */
- if (!page_count(cursor_page))
+ /*
+ * Check if the page is freed already.
+ *
+ * We can't use page_count() as that
+ * requires compound_head and we don't
+ * have a pin on the page here. If a
+ * page is tail, we may or may not
+ * have isolated the head, so assume
+ * it's not free, it'd be tricky to
+ * track the head status without a
+ * page pin.
+ */
+ if (!PageTail(cursor_page) &&
+ !atomic_read(&cursor_page->_count))
continue;
break;
}
--
1.7.3.4
_______________________________________________
stable mailing list
stable@linux.kernel.org
http://linux.kernel.org/mailman/listinfo/stable
