Prev: sched: sched_getaffinity() allow less than NR_CPUS length
Next: [PATCH 11/11] Do not compact within a preferred zone after a compaction failure
From: Mel Gorman on 12 Mar 2010 11:50
rmap_walk_anon() was triggering errors in memory compaction that looks like
use-after-free errors in anon_vma. The problem appears to be that between
the page being isolated from the LRU and rcu_read_lock() being taken, the
mapcount of the page dropped to 0 and the anon_vma was freed. This patch
skips the migration of anon pages that are not mapped by anyone.

Signed-off-by: Mel Gorman <mel(a)csn.ul.ie>
Acked-by: Rik van Riel <riel(a)redhat.com>
---
mm/migrate.c | 10 ++++++++++
1 files changed, 10 insertions(+), 0 deletions(-)

diff --git a/mm/migrate.c b/mm/migrate.c
index 98eaaf2..3c491e3 100644
--- a/mm/migrate.c
+++ b/mm/migrate.c
@@ -602,6 +602,16 @@ static int unmap_and_move(new_page_t get_new_page, unsigned long private,
* just care Anon page here.
*/
if (PageAnon(page)) {
+ /*
+ * If the page has no mappings any more, just bail. An
+ * unmapped anon page is likely to be freed soon but worse,
+ * it's possible its anon_vma disappeared between when
+ * the page was isolated and when we reached here while
+ * the RCU lock was not held
+ */
+ if (!page_mapcount(page))
+ goto uncharge;
+
rcu_read_lock();
rcu_locked = 1;
anon_vma = page_anon_vma(page);
--
1.6.5

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo(a)vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
 | 
Pages: 1
Prev: sched: sched_getaffinity() allow less than NR_CPUS length
Next: [PATCH 11/11] Do not compact within a preferred zone after a compaction failure