From: David Gibson <david@gibson.dropbear.id.au>
To: Hugh Dickins <hugh@veritas.com>
Cc: Andrew Morton <akpm@osdl.org>,
Ken Chen <kenneth.w.chen@intel.com>,
Bill Irwin <wli@holomorphy.com>, Adam Litke <agl@us.ibm.com>,
linux-mm@kvack.org
Subject: Re: [PATCH 3/3] hugetlb: fix absurd HugePages_Rsvd
Date: Wed, 25 Oct 2006 16:29:04 +1000 [thread overview]
Message-ID: <20061025062904.GC2330@localhost.localdomain> (raw)
In-Reply-To: <20061025062610.GB2330@localhost.localdomain>
On Wed, Oct 25, 2006 at 04:26:10PM +1000, David Gibson wrote:
> On Wed, Oct 25, 2006 at 03:38:24AM +0100, Hugh Dickins wrote:
> > If you truncated an mmap'ed hugetlbfs file, then faulted on the truncated
> > area, /proc/meminfo's HugePages_Rsvd wrapped hugely "negative". Reinstate
> > my preliminary i_size check before attempting to allocate the page (though
> > this only fixes the most obvious case: more work will be needed here).
> >
> > Signed-off-by: Hugh Dickins <hugh@veritas.com>
> > ___
> >
> > This is not a complete solution (what if hugetlb_no_page is actually
> > racing with truncate_hugepages?), and there are several other accounting
> > anomalies in here (private versus shared pages, hugetlbfs quota handling);
> > but those all need more thought. It'll probably make sense to use i_mutex
> > instead of hugetlb_instantiation_mutex, so locking out truncation
> > and mmap.
>
> Ah, yes. I also encountered this one a few days ago - I found it in
> the context of deserializing the hugepage fault path, which makes the
> problem worse, and forgot to consider if there was also a problem in
> the original case.
>
> In fact, there's a second problem with the current location of the
> i_size check. As well as wrapping the reserved count, if there's a
> fault on a truncated area and the hugepage pool is also empty, we can
> get an OOM SIGKILL instead of the correct SIGBUS.
>
> I don't things are quite as bad as you fear, though: I believe the
> page lock protects us against racing concurrent truncations (this is
> one reason we have find_lock_page() here, rather than the
> find_get_page() which appears in the analagous normal page path).
>
> I suggest the slightly revised patch below, which doesn't duplicate
> the i_size test, and cleans up the backout path (removing a
> no-longer-useful goto label) in the process.
Bother. Forgot to add in the above, that I've also implemented a
couple of extra cases for the libhugetlbfs testsuite which will catch
this bug. Adam, if you could merge the patch with these test cases
from:
http://ozlabs.org/~dgibson/home/tmp/reserve-wraparound
to the libhugetlbfs tree, that would be great.
--
David Gibson | I'll have my music baroque, and my code
david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next prev parent reply other threads:[~2006-10-25 6:29 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-10-25 2:31 [PATCH 1/3] hugetlb: fix size=4G parsing Hugh Dickins
2006-10-25 2:35 ` [PATCH 2/3] hugetlb: fix prio_tree unit Hugh Dickins
2006-10-25 7:08 ` David Gibson
2006-10-25 7:41 ` Hugh Dickins
2006-10-25 23:49 ` Chen, Kenneth W
2006-10-26 3:47 ` David Gibson
2006-10-26 6:15 ` Chen, Kenneth W
2006-10-26 7:55 ` Hugh Dickins
2006-10-26 8:13 ` Hugh Dickins
2006-10-26 10:42 ` David Gibson
2006-10-25 2:38 ` [PATCH 3/3] hugetlb: fix absurd HugePages_Rsvd Hugh Dickins
2006-10-25 5:23 ` Mika Penttilä
2006-10-25 5:52 ` David Gibson
2006-10-25 7:27 ` Hugh Dickins
2006-10-25 6:26 ` David Gibson
2006-10-25 6:29 ` David Gibson [this message]
2006-10-25 8:39 ` Hugh Dickins
2006-10-25 10:09 ` David Gibson
2006-10-26 3:59 ` Chen, Kenneth W
2006-10-26 4:13 ` 'David Gibson'
2006-10-26 19:08 ` Christoph Lameter
2006-10-26 19:19 ` Chen, Kenneth W
2006-10-26 20:59 ` Christoph Lameter
2006-10-26 22:19 ` 'David Gibson'
2006-10-25 21:31 ` Adam Litke
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20061025062904.GC2330@localhost.localdomain \
--to=david@gibson.dropbear.id.au \
--cc=agl@us.ibm.com \
--cc=akpm@osdl.org \
--cc=hugh@veritas.com \
--cc=kenneth.w.chen@intel.com \
--cc=linux-mm@kvack.org \
--cc=wli@holomorphy.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.