All of lore.kernel.org
 help / color / mirror / Atom feed
From: David Howells <dhowells@redhat.com>
To: uClinux development list <uclinux-dev@uclinux.org>
Cc: linux-kernel@vger.kernel.org
Subject: bug in order>0 page allocations with !CONFIG_MMU
Date: Thu, 04 Nov 2004 14:28:46 +0000	[thread overview]
Message-ID: <19972.1099578526@redhat.com> (raw)


Hi,

I've found that this:

	[mm/page_alloc.c]
	static inline void set_page_refs(struct page *page, int order)
	{
	#ifdef CONFIG_MMU
		set_page_count(page, 1);
	#else
		int i;

		/*
		 * We need to reference all the pages for this order, otherwise if
		 * anyone accesses one of the pages with (get/put) it will be freed.
		 */
		for (i = 0; i < (1 << order); i++)
			set_page_count(page+i, 1);
	#endif /* CONFIG_MMU */
	}

Causes problems if !CONFIG_MMU because __free_pages_ok()/free_pages_check()
reports a bad page on the second page when it comes time to free it:

	Bad page state at __free_pages_ok (in process 'events/0', page c08132e0)
	flags:0x20000000 mapping:00000000 mapcount:0 count:1

Why is doing this necessary at all? No one should be touching the individual
pages of a block allocation. The kernel should defend itself against
userspace trying to munmap part of a multipage mmap.

I think this should be:

	static inline void set_page_refs(struct page *page, int order)
	{
		set_page_count(page, 1);
	}

It seems to work for me. If no one disagrees, I'll give akpm a patch for this.

David

             reply	other threads:[~2004-11-04 14:30 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-11-04 14:28 David Howells [this message]
2004-11-05  5:15 ` [uClinux-dev] bug in order>0 page allocations with !CONFIG_MMU Greg Ungerer
2004-11-05 12:11   ` David Howells

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=19972.1099578526@redhat.com \
    --to=dhowells@redhat.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=uclinux-dev@uclinux.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.