Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a5c9b696 authored by Hugh Dickins's avatar Hugh Dickins Committed by Linus Torvalds
Browse files

mm: pass mm to grab_swap_token 



If a kthread happens to use get_user_pages() on an mm (as KSM does),
there's a chance that it will end up trying to read in a swap page, then
oops in grab_swap_token() because the kthread has no mm: GUP passes down
the right mm, so grab_swap_token() ought to be using it.

We have not identified a stronger case than KSM's daemon (not yet in
mainline), but the issue must have come up before, since RHEL has included
a fix for this for years (though a different fix, they just back out of
grab_swap_token if current->mm is unset: which is what we first proposed,
but using the right mm here seems more correct).

Reported-by: default avatarIzik Eidus <ieidus@redhat.com>
Signed-off-by: default avatarJohannes Weiner <hannes@cmpxchg.org>
Signed-off-by: default avatarHugh Dickins <hugh.dickins@tiscali.co.uk>
Acked-by: default avatarRik van Riel <riel@redhat.com>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent 626f380d

include/linux/swap.h

+6 −6
Original line number Diff line number Diff line
@@ -299,7 +299,7 @@ struct backing_dev_info; 


/* linux/mm/thrash.c */

extern struct mm_struct *swap_token_mm;

extern void grab_swap_token(void);

extern void grab_swap_token(struct mm_struct *);

extern void __put_swap_token(struct mm_struct *);



static inline int has_swap_token(struct mm_struct *mm)
@@ -419,9 +419,9 @@ static inline swp_entry_t get_swap_page(void) 
}



/* linux/mm/thrash.c */

#define put_swap_token(x) do { } while(0)

#define grab_swap_token()  do { } while(0)

#define has_swap_token(x) 0

#define put_swap_token(mm)	do { } while (0)

#define grab_swap_token(mm)	do { } while (0)

#define has_swap_token(mm)	0

#define disable_swap_token()	do { } while (0)



static inline void

mm/memory.c

+1 −1
Original line number Diff line number Diff line
@@ -2519,7 +2519,7 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma, 
	delayacct_set_flag(DELAYACCT_PF_SWAPIN);

	page = lookup_swap_cache(entry);

	if (!page) {

		grab_swap_token(); /* Contend for token _before_ read-in */

		grab_swap_token(mm); /* Contend for token _before_ read-in */

		page = swapin_readahead(entry,

					GFP_HIGHUSER_MOVABLE, vma, address);

		if (!page) {

mm/thrash.c

+15 −17
Original line number Diff line number Diff line
@@ -26,47 +26,45 @@ static DEFINE_SPINLOCK(swap_token_lock); 
struct mm_struct *swap_token_mm;

static unsigned int global_faults;



void grab_swap_token(void)

void grab_swap_token(struct mm_struct *mm)

{

	int current_interval;



	global_faults++;



	current_interval = global_faults - current->mm->faultstamp;

	current_interval = global_faults - mm->faultstamp;



	if (!spin_trylock(&swap_token_lock))

		return;



	/* First come first served */

	if (swap_token_mm == NULL) {

		current->mm->token_priority = current->mm->token_priority + 2;

		swap_token_mm = current->mm;

		mm->token_priority = mm->token_priority + 2;

		swap_token_mm = mm;

		goto out;

	}



	if (current->mm != swap_token_mm) {

		if (current_interval < current->mm->last_interval)

			current->mm->token_priority++;

	if (mm != swap_token_mm) {

		if (current_interval < mm->last_interval)

			mm->token_priority++;

		else {

			if (likely(current->mm->token_priority > 0))

				current->mm->token_priority--;

			if (likely(mm->token_priority > 0))

				mm->token_priority--;

		}

		/* Check if we deserve the token */

		if (current->mm->token_priority >

				swap_token_mm->token_priority) {

			current->mm->token_priority += 2;

			swap_token_mm = current->mm;

		if (mm->token_priority > swap_token_mm->token_priority) {

			mm->token_priority += 2;

			swap_token_mm = mm;

		}

	} else {

		/* Token holder came in again! */

		current->mm->token_priority += 2;

		mm->token_priority += 2;

	}



out:

	current->mm->faultstamp = global_faults;

	current->mm->last_interval = current_interval;

	mm->faultstamp = global_faults;

	mm->last_interval = current_interval;

	spin_unlock(&swap_token_lock);

return;

}



/* Called on process exit. */