• Hugh Dickins's avatar
    ksm: fix page_address_in_vma anon_vma oops · 4829b906
    Hugh Dickins authored
    2.6.36-rc1 commit 21d0d443 "rmap:
    resurrect page_address_in_vma anon_vma check" was right to resurrect
    that check; but now that it's comparing anon_vma->roots instead of
    just anon_vmas, there's a danger of oopsing on a NULL anon_vma.
    
    In most cases no NULL anon_vma ever gets here; but it turns out that
    occasionally KSM, when enabled on a forked or forking process, will
    itself call page_address_in_vma() on a "half-KSM" page left over from
    an earlier failed attempt to merge - whose page_anon_vma() is NULL.
    
    It's my bug that those should be getting here at all: I thought they
    were already dealt with, this oops proves me wrong, I'll fix it in
    the next release - such pages are effectively pinned until their
    process exits, since rmap cannot find their ptes (though swapoff can).
    
    For now just work around it by making page_address_in_vma() safe (and
    add a comment on why that check is wanted anyway).  A similar check
    in __page_check_anon_rmap() is safe because do_page_add_anon_rmap()
    already excluded KSM pages.
    Signed-off-by: default avatarHugh Dickins <hughd@google.com>
    Cc: Andrew Morton <akpm@linux-foundation.org>
    Cc: Andrea Arcangeli <aarcange@redhat.com>
    Cc: Rik van Riel <riel@redhat.com>
    Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    4829b906
rmap.c 45.6 KB