Commit 08498be4 authored Sep 19, 2025 by Wei Yang Committed by Andrew Morton Sep 28, 2025

mm/ksm: get mm_slot by mm_slot_entry() when slot is !NULL

Patch series "mm_slot: fix the usage of mm_slot_entry", v2.

When using mm_slot in ksm, there is code like:

     slot = mm_slot_lookup(mm_slots_hash, mm);
     mm_slot = mm_slot_entry(slot, struct ksm_mm_slot, slot);
     if (mm_slot && ..) {
     }

The mm_slot_entry() won't return a valid value if slot is NULL generally. 
But currently it works since slot is the first element of struct
ksm_mm_slot.

To reduce the ambiguity and make it robust, access mm_slot_entry() when
slot is !NULL.

Link: https://lkml.kernel.org/r/20250919071244.17020-1-richard.weiyang@gmail.com
Link: https://lkml.kernel.org/r/20250919071244.17020-2-richard.weiyang@gmail.com


Signed-off-by: Wei Yang <richard.weiyang@gmail.com>
Acked-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Dev Jain <dev.jain@arm.com>
Reviewed-by: Lance Yang <lance.yang@linux.dev>
Cc: Kiryl Shutsemau <kirill@shutemov.name>
Cc: xu xin <xu.xin16@zte.com.cn>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>

parent 3dfd02c9

mm/ksm.c

+11 −9

Original line number	Diff line number	Diff line
		@@ -2936,8 +2936,9 @@ void __ksm_exit(struct mm_struct *mm)

		spin_lock(&ksm_mmlist_lock);
		slot = mm_slot_lookup(mm_slots_hash, mm);
		if (slot) {
		mm_slot = mm_slot_entry(slot, struct ksm_mm_slot, slot);
		if (mm_slot && ksm_scan.mm_slot != mm_slot) {
		if (ksm_scan.mm_slot != mm_slot) {
		if (!mm_slot->rmap_list) {
		hash_del(&slot->hash);
		list_del(&slot->mm_node);
		@@ -2947,6 +2948,7 @@ void __ksm_exit(struct mm_struct *mm)
		&ksm_scan.mm_slot->slot.mm_node);
		}
		}
		}
		spin_unlock(&ksm_mmlist_lock);

		if (easy_to_free) {