Commit b5e4158b authored Oct 25, 2024 by Liu Shixin

mm/swapfile: skip HugeTLB pages for unuse_vma

mainline inclusion
from mainline-v6.12-rc4
commit 7528c4fb1237512ee18049f852f014eba80bbe8d
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/IAXWWM
CVE: NA

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7528c4fb1237512ee18049f852f014eba80bbe8d

--------------------------------

I got a bad pud error and lost a 1GB HugeTLB when calling swapoff.  The
problem can be reproduced by the following steps:

 1. Allocate an anonymous 1GB HugeTLB and some other anonymous memory.
 2. Swapout the above anonymous memory.
 3. run swapoff and we will get a bad pud error in kernel message:

  mm/pgtable-generic.c:42: bad pud 00000000743d215d(84000001400000e7)

We can tell that pud_clear_bad is called by pud_none_or_clear_bad in
unuse_pud_range() by ftrace.  And therefore the HugeTLB pages will never
be freed because we lost it from page table.  We can skip HugeTLB pages
for unuse_vma to fix it.

Link: https://lkml.kernel.org/r/20241015014521.570237-1-liushixin2@huawei.com


Fixes: 0fe6e20b ("hugetlb, rmap: add reverse mapping for hugepage")
Signed-off-by: Liu Shixin <liushixin2@huawei.com>
Acked-by: Muchun Song <muchun.song@linux.dev>
Cc: Naoya Horiguchi <nao.horiguchi@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Conflicts:
	mm/swapfile.c
[ Context conflict. ]
Signed-off-by: Liu Shixin <liushixin2@huawei.com>

parent d2a40c79

mm/swapfile.c

+2 −1

Original line number	Diff line number	Diff line
		@@ -2047,7 +2047,8 @@ static int unuse_mm(struct mm_struct *mm,
		lock_page(page);
		}
		for (vma = mm->mmap; vma; vma = vma->vm_next) {
		if (vma->anon_vma && (ret = unuse_vma(vma, entry, page)))
		if (vma->anon_vma && !is_vm_hugetlb_page(vma)
		&& (ret = unuse_vma(vma, entry, page)))
		break;
		cond_resched();
		}