Re: [PATCH 12/16] mm/migration: fix potential page refcounts leak in migrate_pages

From: Miaohe Lin
Date: Mon Mar 07 2022 - 07:11:55 EST


On 2022/3/7 13:01, Huang, Ying wrote:
> Miaohe Lin <linmiaohe@xxxxxxxxxx> writes:
>
>> In -ENOMEM case, there might be some subpages of fail-to-migrate THPs
>> left in thp_split_pages list. We should move them back to migration
>> list so that they could be put back to the right list by the caller
>> otherwise the page refcnt will be leaked here. Also adjust nr_failed
>> and nr_thp_failed accordingly to make vm events account more accurate.
>>
>> Fixes: b5bade978e9b ("mm: migrate: fix the return value of migrate_pages()")
>> Signed-off-by: Miaohe Lin <linmiaohe@xxxxxxxxxx>
>> ---
>> mm/migrate.c | 9 +++++++++
>> 1 file changed, 9 insertions(+)
>>
>> diff --git a/mm/migrate.c b/mm/migrate.c
>> index e0db06927f02..6c2dfed2ddb8 100644
>> --- a/mm/migrate.c
>> +++ b/mm/migrate.c
>> @@ -1422,6 +1422,15 @@ int migrate_pages(struct list_head *from, new_page_t get_new_page,
>> }
>>
>> nr_failed_pages += nr_subpages;
>> + /*
>> + * There might be some subpages of fail-to-migrate THPs
>> + * left in thp_split_pages list. Move them back to migration
>> + * list so that they could be put back to the right list by
>> + * the caller otherwise the page refcnt will be leaked.
>> + */
>> + list_splice_init(&thp_split_pages, from);
>> + nr_failed += retry;
>
> It appears that we don't need to change nr_failed, because we don't use
> it for this situation. Otherwise looks good to me.
>

You're right. nr_failed is not used for this case.

> Reviewed-by: "Huang, Ying" <ying.huang@xxxxxxxxx>

Many thanks for your review.

>
> Best Regards,
> Huang, Ying
>
>> + nr_thp_failed += thp_retry;
>> goto out;
>> case -EAGAIN:
>> if (is_thp)
> .
>