From f9d5713690ab4b4e888859bf3b32322c767fe80d Mon Sep 17 00:00:00 2001
From: Jinjiang Tu <tujinjiang@huawei.com>
Date: Tue, 10 Jun 2025 11:15:45 +0800
Subject: [PATCH] mm/vmscan: fix hwpoisoned THP handling in shrink_page_list

hulk inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/ICDSA3
CVE: NA

----------------------------------------

In shrink_page_list(), the hwpoisoned page may be THP, which can't be
handled by try_to_unmap(), lead to null-ptr-deref in try_to_unmap_one().

To fix it, skip the hwpoisoned page if it is THP.

Fixes: 21b0040ede03 ("mm/vmscan: don't try to reclaim hwpoison folio")
Signed-off-by: Jinjiang Tu <tujinjiang@huawei.com>
---
 mm/vmscan.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/mm/vmscan.c b/mm/vmscan.c
index df7998e8174f..6a649f02666f 100644
--- a/mm/vmscan.c
+++ b/mm/vmscan.c
@@ -1170,6 +1170,9 @@ static unsigned long shrink_page_list(struct list_head *page_list,
 			goto keep;
 
 		if (PageHWPoison(page)) {
+			if (PageTransHuge(page))
+				goto keep_locked;
+
 			try_to_unmap(page, TTU_IGNORE_MLOCK | TTU_IGNORE_ACCESS);
 			unlock_page(page);
 			put_page(page);
-- 
Gitee