[PATCH 4.14 005/146] mm/khugepaged: collapse_shmem() stop if punched or truncated
From: Greg Kroah-Hartman
Date: Tue Dec 04 2018 - 06:02:07 EST
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
commit 701270fa193aadf00bdcf607738f64997275d4c7 upstream.
Huge tmpfs testing showed that although collapse_shmem() recognizes a
concurrently truncated or hole-punched page correctly, its handling of
holes was liable to refill an emptied extent. Add check to stop that.
Link: http://lkml.kernel.org/r/alpine.LSU.2.11.1811261522040.2275@xxxxxxxxxxxx
Fixes: f3f0e1d2150b2 ("khugepaged: add support of collapse for tmpfs/shmem pages")
Signed-off-by: Hugh Dickins <hughd@xxxxxxxxxx>
Reviewed-by: Matthew Wilcox <willy@xxxxxxxxxxxxx>
Cc: Kirill A. Shutemov <kirill.shutemov@xxxxxxxxxxxxxxx>
Cc: Jerome Glisse <jglisse@xxxxxxxxxx>
Cc: Konstantin Khlebnikov <khlebnikov@xxxxxxxxxxxxxx>
Cc: <stable@xxxxxxxxxxxxxxx> [4.8+]
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
Signed-off-by: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
---
mm/khugepaged.c | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/mm/khugepaged.c b/mm/khugepaged.c
index 0a5bb3e8a8a3..d4a06afbeda4 100644
--- a/mm/khugepaged.c
+++ b/mm/khugepaged.c
@@ -1352,6 +1352,16 @@ static void collapse_shmem(struct mm_struct *mm,
radix_tree_for_each_slot(slot, &mapping->page_tree, &iter, start) {
int n = min(iter.index, end) - index;
+ /*
+ * Stop if extent has been hole-punched, and is now completely
+ * empty (the more obvious i_size_read() check would take an
+ * irq-unsafe seqlock on 32-bit).
+ */
+ if (n >= HPAGE_PMD_NR) {
+ result = SCAN_TRUNCATED;
+ goto tree_locked;
+ }
+
/*
* Handle holes in the radix tree: charge it from shmem and
* insert relevant subpage of new_page into the radix-tree.
@@ -1463,6 +1473,11 @@ static void collapse_shmem(struct mm_struct *mm,
if (result == SCAN_SUCCEED && index < end) {
int n = end - index;
+ /* Stop if extent has been truncated, and is now empty */
+ if (n >= HPAGE_PMD_NR) {
+ result = SCAN_TRUNCATED;
+ goto tree_locked;
+ }
if (!shmem_charge(mapping->host, n)) {
result = SCAN_FAIL;
goto tree_locked;
--
2.17.1