From e1e075c1ef8f659b4d4612e7838190fa0472e08f Mon Sep 17 00:00:00 2001
From: Izik Eidus <ieidus@redhat.com>
Date: Sun, 19 Apr 2009 05:08:21 +0300
Subject: [PATCH 04/15] KSM: fix 495350 (effective bug)

we mark the rmap_item as rmap_item that pointing into stable tree
in the unstable_tree_search_insert() case.

Signed-off-by: Izik Eidus <ieidus@redhat.com>
Message-Id: <1240106904-21687-4-git-send-email-ieidus@redhat.com>
RH-Upstream-status: pending
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Acked-by: Andrea Arcangeli <aarcange@redhat.com>
Acked-by: "Michael S. Tsirkin" <mst@redhat.com>
Acked-by: john cooper <john.cooper@redhat.com>
Bugzilla: 500263
---
 kernel/ksm/ksm_main.c |   16 +++++++++++-----
 1 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/kernel/ksm/ksm_main.c b/kernel/ksm/ksm_main.c
index 818711e..c7e24a2 100644
--- a/kernel/ksm/ksm_main.c
+++ b/kernel/ksm/ksm_main.c
@@ -986,16 +986,22 @@ static int cmp_and_merge_page(struct ksm_scan *ksm_scan, struct page *page)
 	tree_item = unstable_tree_search_insert(page, page2, rmap_item);
 	if (tree_item) {
 		int ret;
+		struct rmap_item *tmp_rmap_item;
 
-		rmap_item = tree_item->rmap_item;
-		BUG_ON(!rmap_item);
+		tmp_rmap_item = tree_item->rmap_item;
+		BUG_ON(!tmp_rmap_item);
 		ret = try_to_merge_two_pages_alloc(slot->mm, page,
-						   rmap_item->mm,
+						   tmp_rmap_item->mm,
 						   page2[0], addr,
-						   rmap_item->address);
+						   tmp_rmap_item->address);
 		if (!ret) {
 			rb_erase(&tree_item->node, &root_unstable_tree);
-			stable_tree_insert(page2[0], tree_item, rmap_item);
+			if (!stable_tree_insert(page2[0],
+						tree_item, tmp_rmap_item)) {
+				if (rmap_item) {
+					rmap_item->stable_tree = 1;
+				}
+			}
 		}
 		put_page(page2[0]);
 		return !ret;
-- 
1.6.3.rc4.29.g8146