mainline inclusion from mainline-v6.12-rc4 commit 4d939780b70592e0f4bc6c397e52e518f8fb7916 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/IAXWWM CVE: NA
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i...
--------------------------------
I got a bad pud error and lost a 1GB HugeTLB when calling swapoff. The problem can be reproduced by the following steps:
1. Allocate an anonymous 1GB HugeTLB and some other anonymous memory. 2. Swapout the above anonymous memory. 3. run swapoff and we will get a bad pud error in kernel message:
mm/pgtable-generic.c:42: bad pud 00000000743d215d(84000001400000e7)
We can tell that pud_clear_bad is called by pud_none_or_clear_bad in unuse_pud_range() by ftrace. And therefore the HugeTLB pages will never be freed because we lost it from page table. We can skip HugeTLB pages for unuse_vma to fix it.
Link: https://lkml.kernel.org/r/20241015014521.570237-1-liushixin2@huawei.com Fixes: 0fe6e20b9c4c ("hugetlb, rmap: add reverse mapping for hugepage") Signed-off-by: Liu Shixin liushixin2@huawei.com Acked-by: Muchun Song muchun.song@linux.dev Cc: Naoya Horiguchi nao.horiguchi@gmail.com Cc: stable@vger.kernel.org Signed-off-by: Andrew Morton akpm@linux-foundation.org Conflicts: mm/swapfile.c [ Context conflict. ] Signed-off-by: Liu Shixin liushixin2@huawei.com --- mm/swapfile.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/mm/swapfile.c b/mm/swapfile.c index 1d98be001d3d8..b505a827e5897 100644 --- a/mm/swapfile.c +++ b/mm/swapfile.c @@ -2047,7 +2047,8 @@ static int unuse_mm(struct mm_struct *mm, lock_page(page); } for (vma = mm->mmap; vma; vma = vma->vm_next) { - if (vma->anon_vma && (ret = unuse_vma(vma, entry, page))) + if (vma->anon_vma && !is_vm_hugetlb_page(vma) + && (ret = unuse_vma(vma, entry, page))) break; cond_resched(); }