[PATCH mm] swapless page migration: fix fork corruption

[Hugh Dickins]

Several times while testing swapless page migration, gcc has tried to
exec a pointer instead of a string: smells like COW mappings are not
being properly write-protected on fork.

The protection in copy_one_pte looks very convincing, until at last you
realize that the second arg to make_migration_entry is a boolean "write",
and SWP_MIGRATION_READ is 30.

Anyway, it's better done like in change_pte_range, using
is_write_migration_entry and make_migration_entry_read.

Signed-off-by: Hugh Dickins <hugh@xxxxxxxxxxx>
---
This is a fix to -mm's swapless-pm-add-r-w-migration-entries.patch

 mm/memory.c |    9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

--- 2.6.17-rc4-mm3/mm/memory.c	2006-05-22 12:19:00.000000000 +0100
+++ linux/mm/memory.c	2006-05-26 16:31:59.000000000 +0100
@@ -448,16 +448,13 @@ copy_one_pte(struct mm_struct *dst_mm, s
 						 &src_mm->mmlist);
 				spin_unlock(&mmlist_lock);
 			}
-			if (is_migration_entry(entry) &&
+			if (is_write_migration_entry(entry) &&
 					is_cow_mapping(vm_flags)) {
-				page = migration_entry_to_page(entry);
-
 				/*
 				 * COW mappings require pages in both parent
-				*  and child to be set to read.
+				 * and child to be set to read.
 				 */
-				entry = make_migration_entry(page,
-							SWP_MIGRATION_READ);
+				make_migration_entry_read(&entry);
 				pte = swp_entry_to_pte(entry);
 				set_pte_at(src_mm, addr, src_pte, pte);
 			}
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/