• Mel Gorman's avatar
    mm: migrate: check page_count of THP before migrating · 04fa5d6a
    Mel Gorman authored
    Hugh Dickins pointed out that migrate_misplaced_transhuge_page() does
    not check page_count before migrating like base page migration and
    khugepage.  He could not see why this was safe and he is right.
    
    The potential impact of the bug is avoided due to the limitations of
    NUMA balancing.  The page_mapcount() check ensures that only a single
    address space is using this page and as THPs are typically private it
    should not be possible for another address space to fault it in
    parallel.  If the address space has one associated task then it's
    difficult to have both a GUP pin and be referencing the page at the same
    time.  If there are multiple tasks then a buggy scenario requires that
    another thread be accessing the page while the direct IO is in flight.
    This is dodgy behaviour as there is a possibility of corruption with or
    without THP migration.  It would be
    
    While we happen to be safe for the most part it is shoddy to depend on
    such "safety" so this patch checks the page count similar to anonymous
    pages.  Note that this does not mean that the page_mapcount() check can
    go away.  If we were to remove the page_mapcount() check the the THP
    would have to be unmapped from all referencing PTEs, replaced with
    migration PTEs and restored properly afterwards.
    Signed-off-by: default avatarMel Gorman <mgorman@suse.de>
    Reported-by: default avatarHugh Dickins <hughd@google.com>
    Cc: Ingo Molnar <mingo@kernel.org>
    Cc: Andrea Arcangeli <aarcange@redhat.com>
    Acked-by: default avatarHugh Dickins <hughd@google.com>
    Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
    Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    04fa5d6a
migrate.c 44.3 KB