thp+memcg-numa: fix BUG at include/linux/mm.h:370! (2fbfac4e) · Commits · e / devices / android_kernel_teracube_emerald

THP's collapse_huge_page() has an understandable but ugly difference in when its huge page is allocated: inside if NUMA but outside if not. It's hardly surprising that the memcg failure path forgot that, freeing the page in the non-NUMA case, then hitting a VM_BUG_ON in get_page() (or even worse, using the freed page). Signed-off-by:

Hugh Dickins <hughd@google.com> Reviewed-by:

Minchan Kim <minchan.kim@gmail.com> Signed-off-by:

Linus Torvalds <torvalds@linux-foundation.org>

mm/huge_memory.c

+5 −1

Original line number	Diff line number	Diff line
		@@ -1762,6 +1762,10 @@ static void collapse_huge_page(struct mm_struct *mm,
		#ifndef CONFIG_NUMA
		VM_BUG_ON(!*hpage);
		new_page = *hpage;
		if (unlikely(mem_cgroup_newpage_charge(new_page, mm, GFP_KERNEL))) {
		up_read(&mm->mmap_sem);
		return;
		}
		#else
		VM_BUG_ON(*hpage);
		/*
		@@ -1781,12 +1785,12 @@ static void collapse_huge_page(struct mm_struct *mm,
		*hpage = ERR_PTR(-ENOMEM);
		return;
		}
		#endif
		if (unlikely(mem_cgroup_newpage_charge(new_page, mm, GFP_KERNEL))) {
		up_read(&mm->mmap_sem);
		put_page(new_page);
		return;
		}
		#endif

		/* after allocating the hugepage upgrade to mmap_sem write mode */
		up_read(&mm->mmap_sem);