From: xu xin xu.xin16@zte.com.cn
Background ========== The commit d7597f59d1d33 ("mm: add new api to enable ksm per process") introduce MMF_VM_MERGE_ANY for mm->flags, and allow user to set it by prctl() so that the process's VMAs are forcely scanned by ksmd. Sequently, the commit 3c6f33b7273a ("mm/ksm: support fork/exec for prctl") support inheritsingMMF_VM_MERGE_ANY flag when a task calls execve(). Lastly, The commit 3a9e567ca45fb ("mm/ksm: fix ksm exec support for prctl") fixed the issue that ksmd doesn't scan the mm_struct with MMF_VM_MERGE_ANY by adding the mm_slot to ksm_mm_head in __bprm_mm_init().
Problem ======= In some extreme scenarios, however, this inheritance of MMF_VM_MERGE_ANY during exec/fork can fail. For example, when the scanning frequency of ksmd is tuned extremely high, a process carrying MMF_VM_MERGE_ANY may still fail to pass it to the newly exec'd process. This happens because ksm_execve() is executed too early in the do_execve flow (prematurely adding the new mm_struct to the ksm_mm_slot list).
As a result, before do_execve completes, ksmd may have already performed a scan and found that this new mm_struct has no VM_MERGEABLE VMAs, thus clearing its MMF_VM_MERGE_ANY flag. Consequently, when the new program executes, the flag MMF_VM_MERGE_ANY inheritance fails!
Reproduce ======== Prepare ksm-utils in the prerequisite PATCH, and simply do as follows
echo 1 > /sys/kernel/mm/ksm/run; echo 2000 > /sys/kernel/mm/ksm/pages_to_scan; echo 0 > /sys/kernel/mm/ksm/sleep_millisecs; ksm-set -s on [NEW_PROGRAM_BIN] & ksm-get -a -e
you can see like this: Pid Comm Merging_pages Ksm_zero_pages Ksm_profit Ksm_mergeable Ksm_merge_any 206 NEW_PROGRAM_BIN 7680 0 30965760 yes no
Note: If the first time don't reproduce the issue, pkill NEW_PROGRAM_BIN and try run it again. Usually, we can reproduce it in 5 times.
Root reason =========== The commit d7597f59d1d33 ("mm: add new api to enable ksm per process") clear the flag MMF_VM_MERGE_ANY when ksmd found no VM_MERGEABLE VMAs.
Solution ======== Remove the action of clearing MMF_VM_MERGE_ANY when ksmd found no VM_MERGEABLE VMAs. because perhaps their mm_struct has just been added to ksm_mm_slot list, and its process has not yet officially started running or has not yet performed mmap/brk to allocate anonymous VMAS.
Fixes: 3c6f33b7273a ("mm/ksm: support fork/exec for prctl") Fixes: d7597f59d1d3 ("mm: add new api to enable ksm per process") Signed-off-by: xu xin xu.xin16@zte.com.cn Cc: stable@vger.kernel.org Cc: Stefan Roesch shr@devkernel.io Cc: David Hildenbrand david@redhat.com Cc: Jinjiang Tu tujinjiang@huawei.com Cc: Wang Yaxin wang.yaxin@zte.com.cn --- mm/ksm.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/mm/ksm.c b/mm/ksm.c index 04019a15b25d..17c7ed7df700 100644 --- a/mm/ksm.c +++ b/mm/ksm.c @@ -2617,8 +2617,14 @@ static struct ksm_rmap_item *scan_get_next_rmap_item(struct page **page) spin_unlock(&ksm_mmlist_lock);
mm_slot_free(mm_slot_cache, mm_slot); + /* + * Only clear MMF_VM_MERGEABLE. We must not clear + * MMF_VM_MERGE_ANY, because for those MMF_VM_MERGE_ANY process, + * perhaps their mm_struct has just been added to ksm_mm_slot + * list, and its process has not yet officially started running + * or has not yet performed mmap/brk to allocate anonymous VMAS. + */ mm_flags_clear(MMF_VM_MERGEABLE, mm); - mm_flags_clear(MMF_VM_MERGE_ANY, mm); mmap_read_unlock(mm); mmdrop(mm); } else {