bdi: Fix use after free bug in debugfs_remove()

[mirror_ubuntu-bionic-kernel.git] / mm / ksm.c

diff --git a/mm/ksm.c b/mm/ksm.c
index be8f4576f84211499e269f4c69f993a975a8e0a9..5690554137c643bc940c52d7c4179109dd893a9d 100644 (file)
--- a/mm/ksm.c
+++ b/mm/ksm.c
@@ -1138,6 +1138,13 @@ static int replace_page(struct vm_area_struct *vma, struct page *page,
        } else {
                newpte = pte_mkspecial(pfn_pte(page_to_pfn(kpage),
                                               vma->vm_page_prot));
+               /*
+                * We're replacing an anonymous page with a zero page, which is
+                * not anonymous. We need to do proper accounting otherwise we
+                * will get wrong values in /proc, and a BUG message in dmesg
+                * when tearing down the mm.
+                */
+               dec_mm_counter(mm, MM_ANONPAGES);
        }
 
        flush_cache_page(vma, addr, pte_pfn(*ptep));
@@ -2346,8 +2353,12 @@ static int ksm_scan_thread(void *nothing)
                try_to_freeze();
 
                if (ksmd_should_run()) {
-                       schedule_timeout_interruptible(
-                               msecs_to_jiffies(ksm_thread_sleep_millisecs));
+                       if (ksm_thread_sleep_millisecs >= 1000)
+                               schedule_timeout_interruptible(
+                                       msecs_to_jiffies(round_jiffies_relative(ksm_thread_sleep_millisecs)));
+                       else
+                               schedule_timeout_interruptible(
+                                       msecs_to_jiffies(ksm_thread_sleep_millisecs));
                } else {
                        wait_event_freezable(ksm_thread_wait,
                                ksmd_should_run() || kthread_should_stop());