• Vlastimil Babka's avatar
    mm: try_to_unmap_cluster() should lock_page() before mlocking · 57e68e9c
    Vlastimil Babka authored
    A BUG_ON(!PageLocked) was triggered in mlock_vma_page() by Sasha Levin
    fuzzing with trinity.  The call site try_to_unmap_cluster() does not lock
    the pages other than its check_page parameter (which is already locked).
    
    The BUG_ON in mlock_vma_page() is not documented and its purpose is
    somewhat unclear, but apparently it serializes against page migration,
    which could otherwise fail to transfer the PG_mlocked flag.  This would
    not be fatal, as the page would be eventually encountered again, but
    NR_MLOCK accounting would become distorted nevertheless.  This patch adds
    a comment to the BUG_ON in mlock_vma_page() and munlock_vma_page() to that
    effect.
    
    The call site try_to_unmap_cluster() is fixed so that for page !=
    check_page, trylock_page() is attempted (to avoid possible deadlocks as we
    already have check_page locked) and mlock_vma_page() is performed only
    upon success.  If the page lock cannot be obtained, the page is left
    without PG_mlocked, which is again not a problem in the whole unevictable
    memory design.
    Signed-off-by: default avatarVlastimil Babka <vbabka@suse.cz>
    Signed-off-by: default avatarBob Liu <bob.liu@oracle.com>
    Reported-by: default avatarSasha Levin <sasha.levin@oracle.com>
    Cc: Wanpeng Li <liwanp@linux.vnet.ibm.com>
    Cc: Michel Lespinasse <walken@google.com>
    Cc: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
    Acked-by: default avatarRik van Riel <riel@redhat.com>
    Cc: David Rientjes <rientjes@google.com>
    Cc: Mel Gorman <mgorman@suse.de>
    Cc: Hugh Dickins <hughd@google.com>
    Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
    Cc: <stable@vger.kernel.org>
    Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
    Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    57e68e9c
mlock.c 22.6 KB