lk/linux-kernel-test
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

mm: pass mm to grab_swap_token

Browse Source 
If a kthread happens to use get_user_pages() on an mm (as KSM does),
there's a chance that it will end up trying to read in a swap page, then
oops in grab_swap_token() because the kthread has no mm: GUP passes down
the right mm, so grab_swap_token() ought to be using it.

We have not identified a stronger case than KSM's daemon (not yet in
mainline), but the issue must have come up before, since RHEL has included
a fix for this for years (though a different fix, they just back out of
grab_swap_token if current->mm is unset: which is what we first proposed,
but using the right mm here seems more correct).

Reported-by: Izik Eidus <ieidus@redhat.com>
Signed-off-by: Johannes Weiner <hannes@cmpxchg.org>
Signed-off-by: Hugh Dickins <hugh.dickins@tiscali.co.uk>
Acked-by: Rik van Riel <riel@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
Hugh Dickins
2009-06-23 12:36:58 -07:00
committed by Linus Torvalds
parent 626f380d0b
commit a5c9b696ec
3 changed files with 22 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
mm/thrash.c
View File

@@ -26,47 +26,45 @@ static DEFINE_SPINLOCK(swap_token_lock);
struct mm_struct *swap_token_mm;
static unsigned int global_faults;
void grab_swap_token(void)
void grab_swap_token(struct mm_struct *mm)
{
int current_interval;
global_faults++;
current_interval = global_faults - current->mm->faultstamp;
current_interval = global_faults - mm->faultstamp;
if (!spin_trylock(&swap_token_lock))
return;
/* First come first served */
if (swap_token_mm == NULL) {
current->mm->token_priority = current->mm->token_priority + 2;
swap_token_mm = current->mm;
mm->token_priority = mm->token_priority + 2;
swap_token_mm = mm;
goto out;
}
if (current->mm != swap_token_mm) {
if (current_interval < current->mm->last_interval)
current->mm->token_priority++;
if (mm != swap_token_mm) {
if (current_interval < mm->last_interval)
mm->token_priority++;
else {
if (likely(current->mm->token_priority > 0))
current->mm->token_priority--;
if (likely(mm->token_priority > 0))
mm->token_priority--;
}
/* Check if we deserve the token */
if (current->mm->token_priority >
swap_token_mm->token_priority) {
current->mm->token_priority += 2;
swap_token_mm = current->mm;
if (mm->token_priority > swap_token_mm->token_priority) {
mm->token_priority += 2;
swap_token_mm = mm;
}
} else {
/* Token holder came in again! */
current->mm->token_priority += 2;
mm->token_priority += 2;
}
out:
current->mm->faultstamp = global_faults;
current->mm->last_interval = current_interval;
mm->faultstamp = global_faults;
mm->last_interval = current_interval;
spin_unlock(&swap_token_lock);
return;
}
/* Called on process exit. */