From: Andrew Morton <akpm@linux-foundation.org>
To: Andrew Barry <abarry@cray.com>
Cc: linux-mm <linux-mm@kvack.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
Mel Gorman <mgorman@suse.de>,
KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>,
Minchan Kim <minchan.kim@gmail.com>,
Rik van Riel <riel@redhat.com>, Hugh Dickins <hughd@google.com>,
David Gibson <david@gibson.dropbear.id.au>
Subject: Re: [PATCH 1/1] hugepages: Fix race between hugetlbfs umount and quota update.
Date: Thu, 18 Aug 2011 15:28:46 -0700 [thread overview]
Message-ID: <20110818152846.e76ff944.akpm@linux-foundation.org> (raw)
In-Reply-To: <4E4C3A2B.3000405@cray.com>
On Wed, 17 Aug 2011 17:01:15 -0500
Andrew Barry <abarry@cray.com> wrote:
> This patch fixes a race between the umount of a hugetlbfs filesystem, and quota
> updates in that filesystem, which can result in the update of the filesystem
> quota record, after the record structure has been freed.
>
> Rather than an address-space struct pointer, it puts a hugetlbfs_sb_info struct
> pointer into page_private of the page struct. A reference count and an active
> bit are added to the hugetlbfs_sb_info struct; the reference count is increased
> by hugetlb_get_quota and decreased by hugetlb_put_quota. When hugetlbfs is
> unmounted, it frees the hugetlbfs_sb_info struct, but only if the reference
> count is zero, otherwise it clears the active bit. The last hugetlb_put_quota
> then frees the hugetlbfs_sb_info struct.
>
> Discussion was titled: Fix refcounting in hugetlbfs quota handling.
> See: https://lkml.org/lkml/2011/8/11/28
The changelog doesn't actually describe the race - it just asserts that
there is one. This makes it unnecessarily difficult to review the
fix! So I didn't really look at the code - I just scanned the trivial
stuff.
The patch was somewhat wordwrapped - please fix the email client then
resend.
> + if (hugetlb_get_quota(HUGETLBFS_SB(inode->i_mapping->host->i_sb), chg))
> + hugetlb_put_quota(HUGETLBFS_SB(inode->i_mapping->host->i_sb), chg);
> + set_page_private(page, (unsigned long)HUGETLBFS_SB(inode->i_mapping->host->i_sb));
> + hugetlb_put_quota(HUGETLBFS_SB(vma->vm_file->f_mapping->host->i_sb), reserve);
> + if (hugetlb_get_quota(HUGETLBFS_SB(inode->i_mapping->host->i_sb), chg))
> + hugetlb_put_quota(HUGETLBFS_SB(inode->i_mapping->host->i_sb), chg);
> + hugetlb_put_quota(HUGETLBFS_SB(inode->i_mapping->host->i_sb), (chg - freed));
Are all the inode->i_mapping->host pointer hops actually necessary? I
didn't see anything about them in the changelog and I'd expect that
inode->i_mapping->host is always equal to `inode' for hugetlbfs?
If they _are_ necessary then I'd suggest that the code could be cleaned
up by adding
static struct hugetlbfs_sb_info *inode_to_sb(struct inode *inode)
{
return HUGETLBFS_SB(inode->i_mapping->host->i_sb);
}
to hugetlbfs.c. This will reduce the relatively large number of
checkpatch warnings which were added.
WARNING: multiple messages have this Message-ID (diff)
From: Andrew Morton <akpm@linux-foundation.org>
To: Andrew Barry <abarry@cray.com>
Cc: linux-mm <linux-mm@kvack.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
Mel Gorman <mgorman@suse.de>,
KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>,
Minchan Kim <minchan.kim@gmail.com>,
Rik van Riel <riel@redhat.com>, Hugh Dickins <hughd@google.com>,
David Gibson <david@gibson.dropbear.id.au>
Subject: Re: [PATCH 1/1] hugepages: Fix race between hugetlbfs umount and quota update.
Date: Thu, 18 Aug 2011 15:28:46 -0700 [thread overview]
Message-ID: <20110818152846.e76ff944.akpm@linux-foundation.org> (raw)
In-Reply-To: <4E4C3A2B.3000405@cray.com>
On Wed, 17 Aug 2011 17:01:15 -0500
Andrew Barry <abarry@cray.com> wrote:
> This patch fixes a race between the umount of a hugetlbfs filesystem, and quota
> updates in that filesystem, which can result in the update of the filesystem
> quota record, after the record structure has been freed.
>
> Rather than an address-space struct pointer, it puts a hugetlbfs_sb_info struct
> pointer into page_private of the page struct. A reference count and an active
> bit are added to the hugetlbfs_sb_info struct; the reference count is increased
> by hugetlb_get_quota and decreased by hugetlb_put_quota. When hugetlbfs is
> unmounted, it frees the hugetlbfs_sb_info struct, but only if the reference
> count is zero, otherwise it clears the active bit. The last hugetlb_put_quota
> then frees the hugetlbfs_sb_info struct.
>
> Discussion was titled: Fix refcounting in hugetlbfs quota handling.
> See: https://lkml.org/lkml/2011/8/11/28
The changelog doesn't actually describe the race - it just asserts that
there is one. This makes it unnecessarily difficult to review the
fix! So I didn't really look at the code - I just scanned the trivial
stuff.
The patch was somewhat wordwrapped - please fix the email client then
resend.
> + if (hugetlb_get_quota(HUGETLBFS_SB(inode->i_mapping->host->i_sb), chg))
> + hugetlb_put_quota(HUGETLBFS_SB(inode->i_mapping->host->i_sb), chg);
> + set_page_private(page, (unsigned long)HUGETLBFS_SB(inode->i_mapping->host->i_sb));
> + hugetlb_put_quota(HUGETLBFS_SB(vma->vm_file->f_mapping->host->i_sb), reserve);
> + if (hugetlb_get_quota(HUGETLBFS_SB(inode->i_mapping->host->i_sb), chg))
> + hugetlb_put_quota(HUGETLBFS_SB(inode->i_mapping->host->i_sb), chg);
> + hugetlb_put_quota(HUGETLBFS_SB(inode->i_mapping->host->i_sb), (chg - freed));
Are all the inode->i_mapping->host pointer hops actually necessary? I
didn't see anything about them in the changelog and I'd expect that
inode->i_mapping->host is always equal to `inode' for hugetlbfs?
If they _are_ necessary then I'd suggest that the code could be cleaned
up by adding
static struct hugetlbfs_sb_info *inode_to_sb(struct inode *inode)
{
return HUGETLBFS_SB(inode->i_mapping->host->i_sb);
}
to hugetlbfs.c. This will reduce the relatively large number of
checkpatch warnings which were added.
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Fight unfair telecom internet charges in Canada: sign http://stopthemeter.ca/
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next prev parent reply other threads:[~2011-08-18 22:29 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-08-17 22:01 [PATCH 1/1] hugepages: Fix race between hugetlbfs umount and quota update Andrew Barry
2011-08-17 22:01 ` Andrew Barry
2011-08-18 22:28 ` Andrew Morton [this message]
2011-08-18 22:28 ` Andrew Morton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20110818152846.e76ff944.akpm@linux-foundation.org \
--to=akpm@linux-foundation.org \
--cc=abarry@cray.com \
--cc=david@gibson.dropbear.id.au \
--cc=hughd@google.com \
--cc=kosaki.motohiro@jp.fujitsu.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mgorman@suse.de \
--cc=minchan.kim@gmail.com \
--cc=riel@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.