mm/mglru: skip special VMAs in lru_gen_look_around()

commit c28ac3c7eb945fee6e20f47d576af68fdff1392a upstream.

Special VMAs like VM_PFNMAP can contain anon pages from COW.  There isn't
much profit in doing lookaround on them.  Besides, they can trigger the
pte_special() warning in get_pte_pfn().

Skip them in lru_gen_look_around().

Link: https://lkml.kernel.org/r/20231223045647.1566043-1-yuzhao@google.com
Fixes: 018ee47f1489 ("mm: multi-gen LRU: exploit locality in rmap")
Signed-off-by: Yu Zhao <yuzhao@google.com>
Reported-by: syzbot+03fd9b3f71641f0ebf2d@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/000000000000f9ff00060d14c256@google.com/
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/mm/vmscan.c b/mm/vmscan.c
index dcc264d..0dfb9a7 100644 (file)
--- a/mm/vmscan.c
+++ b/mm/vmscan.c
@@ -4656,6 +4656,7 @@ void lru_gen_look_around(struct page_vma_mapped_walk *pvmw)
        int young = 0;
        pte_t *pte = pvmw->pte;
        unsigned long addr = pvmw->address;
+       struct vm_area_struct *vma = pvmw->vma;
        struct folio *folio = pfn_folio(pvmw->pfn);
        bool can_swap = !folio_is_file_lru(folio);
        struct mem_cgroup *memcg = folio_memcg(folio);
@@ -4670,11 +4671,15 @@ void lru_gen_look_around(struct page_vma_mapped_walk *pvmw)
        if (spin_is_contended(pvmw->ptl))
                return;
 
+       /* exclude special VMAs containing anon pages from COW */
+       if (vma->vm_flags & VM_SPECIAL)
+               return;
+
        /* avoid taking the LRU lock under the PTL when possible */
        walk = current->reclaim_state ? current->reclaim_state->mm_walk : NULL;
 
-       start = max(addr & PMD_MASK, pvmw->vma->vm_start);
-       end = min(addr | ~PMD_MASK, pvmw->vma->vm_end - 1) + 1;
+       start = max(addr & PMD_MASK, vma->vm_start);
+       end = min(addr | ~PMD_MASK, vma->vm_end - 1) + 1;
 
        if (end - start > MIN_LRU_BATCH * PAGE_SIZE) {
                if (addr - start < MIN_LRU_BATCH * PAGE_SIZE / 2)
@@ -4699,7 +4704,7 @@ void lru_gen_look_around(struct page_vma_mapped_walk *pvmw)
                unsigned long pfn;
                pte_t ptent = ptep_get(pte + i);
 
-               pfn = get_pte_pfn(ptent, pvmw->vma, addr);
+               pfn = get_pte_pfn(ptent, vma, addr);
                if (pfn == -1)
                        continue;
 
@@ -4710,7 +4715,7 @@ void lru_gen_look_around(struct page_vma_mapped_walk *pvmw)
                if (!folio)
                        continue;
 
-               if (!ptep_test_and_clear_young(pvmw->vma, addr, pte + i))
+               if (!ptep_test_and_clear_young(vma, addr, pte + i))
                        VM_WARN_ON_ONCE(true);
 
                young++;