Re: [PATCH]: fix the bug of __free_pages() of mm/page_alloc.c

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Russell King <rmk+lkml@arm.linux.org.uk>
To: zhan rongkai <zhanrk@gmail.com>
Cc: linux-kernel@vger.kernel.org
Subject: Re: [PATCH]: fix the bug of __free_pages() of mm/page_alloc.c
Date: Thu, 20 Jan 2005 14:31:34 +0000	[thread overview]
Message-ID: <20050120143133.A13242@flint.arm.linux.org.uk> (raw)
In-Reply-To: <73e62045050120053463b7e763@mail.gmail.com>; from zhanrk@gmail.com on Thu, Jan 20, 2005 at 09:34:17PM +0800

On Thu, Jan 20, 2005 at 09:34:17PM +0800, zhan rongkai wrote:
> [PATCH]: fix the bug of __free_pages() of mm/page_alloc.c
> =========================================================
> 
> The buddy allocator's __free_pages() function seems to be buggy.
> 
> The following codes are from kernel 2.6.10:
> 
> fastcall void __free_pages(struct page *page, unsigned int order)
> {
> 	if (!PageReserved(page) && put_page_testzero(page)) {
> 		if (order == 0)
> 			free_hot_page(page);
> 		else
> 			__free_pages_ok(page, order);
> 	}
> }
> 
> As you know, before truely freeing all pages, this function calls
> put_page_testzero(page) to
> drop the refcount of the pages.
> 
> But, in fact the macro put_page_testzero(page) **only** drops **one**
> page's refcount.
> Therefore, if (order > 0), the refcounts of (page+1) ..
> (page+(1<<order)-1) are unchanged!
> This will cause __free_pages_ok() to dump stack, because it finds some
> pages' page_count()
> are not zero!

When you allocate a page with order > 0, the first 0-order page has a
refcount of 1, and the remaining 0-order pages have a refcount of 0.

If you're triggering this check, I suspect you're fiddling about with
the individual pages (using get_page on them individually?) which is
a no-no.

-- 
Russell King
 Linux kernel    2.6 ARM Linux   - http://www.arm.linux.org.uk/
 maintainer of:  2.6 PCMCIA      - http://pcmcia.arm.linux.org.uk/
                 2.6 Serial core

next prev parent reply	other threads:[~2005-01-20 14:31 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-01-20 13:34 [PATCH]: fix the bug of __free_pages() of mm/page_alloc.c zhan rongkai
2005-01-20 14:31 ` Russell King [this message]
2005-01-21  3:32   ` zhan rongkai
2005-01-21  3:40     ` zhan rongkai
2005-01-21  3:45       ` zhan rongkai

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20050120143133.A13242@flint.arm.linux.org.uk \
    --to=rmk+lkml@arm.linux.org.uk \
    --cc=linux-kernel@vger.kernel.org \
    --cc=zhanrk@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.