diff options
| author | Miaohe Lin <linmiaohe@huawei.com> | 2023-07-11 13:50:15 +0800 |
|---|---|---|
| committer | Andrew Morton <akpm@linux-foundation.org> | 2023-08-18 10:12:20 -0700 |
| commit | a363d1224b5add67a7cafab9fdb9f19d569fbe98 (patch) | |
| tree | 00a830b85aebed85d2916d1d9ec9259def94ec57 | |
| parent | 5885c6a62533cbda19e9eceab619bde317de0c0d (diff) | |
| download | linux-stable-a363d1224b5add67a7cafab9fdb9f19d569fbe98.tar.gz linux-stable-a363d1224b5add67a7cafab9fdb9f19d569fbe98.tar.bz2 linux-stable-a363d1224b5add67a7cafab9fdb9f19d569fbe98.zip | |
mm: memory-failure: fetch compound head after extra page refcnt is held
Page might become thp, huge page or being splited after compound head is
fetched but before page refcnt is bumped. So hpage might be a tail page
leading to VM_BUG_ON_PAGE(PageTail(page)) in PageTransHuge().
Link: https://lkml.kernel.org/r/20230711055016.2286677-8-linmiaohe@huawei.com
Fixes: 415c64c1453a ("mm/memory-failure: split thp earlier in memory error handling")
Signed-off-by: Miaohe Lin <linmiaohe@huawei.com>
Acked-by: Naoya Horiguchi <naoya.horiguchi@nec.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
| -rw-r--r-- | mm/memory-failure.c | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/mm/memory-failure.c b/mm/memory-failure.c index 36529f3c6554..133737580a7e 100644 --- a/mm/memory-failure.c +++ b/mm/memory-failure.c @@ -2175,8 +2175,6 @@ try_again: goto unlock_mutex; } - hpage = compound_head(p); - /* * We need/can do nothing about count=0 pages. * 1) it's a free page, and therefore in safe hand: @@ -2215,6 +2213,7 @@ try_again: } } + hpage = compound_head(p); if (PageTransHuge(hpage)) { /* * The flag must be set after the refcount is bumped |