• M
    mm: mempolicy: Convert shared_policy mutex to spinlock · 42288fe3
    Mel Gorman 提交于
    Sasha was fuzzing with trinity and reported the following problem:
    
      BUG: sleeping function called from invalid context at kernel/mutex.c:269
      in_atomic(): 1, irqs_disabled(): 0, pid: 6361, name: trinity-main
      2 locks held by trinity-main/6361:
       #0:  (&mm->mmap_sem){++++++}, at: [<ffffffff810aa314>] __do_page_fault+0x1e4/0x4f0
       #1:  (&(&mm->page_table_lock)->rlock){+.+...}, at: [<ffffffff8122f017>] handle_pte_fault+0x3f7/0x6a0
      Pid: 6361, comm: trinity-main Tainted: G        W
      3.7.0-rc2-next-20121024-sasha-00001-gd95ef01-dirty #74
      Call Trace:
        __might_sleep+0x1c3/0x1e0
        mutex_lock_nested+0x29/0x50
        mpol_shared_policy_lookup+0x2e/0x90
        shmem_get_policy+0x2e/0x30
        get_vma_policy+0x5a/0xa0
        mpol_misplaced+0x41/0x1d0
        handle_pte_fault+0x465/0x6a0
    
    This was triggered by a different version of automatic NUMA balancing
    but in theory the current version is vunerable to the same problem.
    
    do_numa_page
      -> numa_migrate_prep
        -> mpol_misplaced
          -> get_vma_policy
            -> shmem_get_policy
    
    It's very unlikely this will happen as shared pages are not marked
    pte_numa -- see the page_mapcount() check in change_pte_range() -- but
    it is possible.
    
    To address this, this patch restores sp->lock as originally implemented
    by Kosaki Motohiro.  In the path where get_vma_policy() is called, it
    should not be calling sp_alloc() so it is not necessary to treat the PTL
    specially.
    Signed-off-by: NKOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
    Tested-by: NKOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
    Signed-off-by: NMel Gorman <mgorman@suse.de>
    Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
    42288fe3
mempolicy.c 70.9 KB