diff for duplicates of <20160617122506.GC6534@node.shutemov.name> diff --git a/a/1.txt b/N1/1.txt index a8d5f2b..0ea6fd7 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -100,3 +100,55 @@ You can simulate race by replacing 'if (pud_none(*pud))' with "if (0)". It would produce "BUG: non-zero nr_pmds on freeing mm: 2" on the test-case. Fix: + +>From fd22922e7b4664e83653a84331f0a95b985bff0c Mon Sep 17 00:00:00 2001 +From: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com> +Date: Fri, 17 Jun 2016 15:07:03 +0300 +Subject: [PATCH] hugetlb: fix nr_pmds accounting with shared page tables + +We account HugeTLB's shared page table to all processes who share it. +The accounting happens during huge_pmd_share(). + +If somebody populates pud entry under us, we should decrease pagetable's +refcount and decrease nr_pmds of the process. + +By mistake, I increase nr_pmds again in this case. :-/ +It will lead to "BUG: non-zero nr_pmds on freeing mm: 2" on process' +exit. + +Let's fix this by increasing nr_pmds only when we're sure that the page +table will be used. + +Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com> +Reported-by: zhongjiang <zhongjiang@huawei.com> +Fixes: dc6c9a35b66b ("mm: account pmd page tables to the process") +Cc: <stable@vger.kernel.org> [4.0+] +--- + mm/hugetlb.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/mm/hugetlb.c b/mm/hugetlb.c +index e197cd7080e6..ed6a537f0878 100644 +--- a/mm/hugetlb.c ++++ b/mm/hugetlb.c +@@ -4216,7 +4216,6 @@ pte_t *huge_pmd_share(struct mm_struct *mm, unsigned long addr, pud_t *pud) + if (saddr) { + spte = huge_pte_offset(svma->vm_mm, saddr); + if (spte) { +- mm_inc_nr_pmds(mm); + get_page(virt_to_page(spte)); + break; + } +@@ -4231,9 +4230,9 @@ pte_t *huge_pmd_share(struct mm_struct *mm, unsigned long addr, pud_t *pud) + if (pud_none(*pud)) { + pud_populate(mm, pud, + (pmd_t *)((unsigned long)spte & PAGE_MASK)); ++ mm_inc_nr_pmds(mm); + } else { + put_page(virt_to_page(spte)); +- mm_inc_nr_pmds(mm); + } + spin_unlock(ptl); + out: +-- + Kirill A. Shutemov diff --git a/a/content_digest b/N1/content_digest index 9baf281..82946af 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -116,6 +116,58 @@ "You can simulate race by replacing 'if (pud_none(*pud))' with \"if (0)\". It\n" "would produce \"BUG: non-zero nr_pmds on freeing mm: 2\" on the test-case.\n" "\n" - Fix: + "Fix:\n" + "\n" + ">From fd22922e7b4664e83653a84331f0a95b985bff0c Mon Sep 17 00:00:00 2001\n" + "From: \"Kirill A. Shutemov\" <kirill.shutemov@linux.intel.com>\n" + "Date: Fri, 17 Jun 2016 15:07:03 +0300\n" + "Subject: [PATCH] hugetlb: fix nr_pmds accounting with shared page tables\n" + "\n" + "We account HugeTLB's shared page table to all processes who share it.\n" + "The accounting happens during huge_pmd_share().\n" + "\n" + "If somebody populates pud entry under us, we should decrease pagetable's\n" + "refcount and decrease nr_pmds of the process.\n" + "\n" + "By mistake, I increase nr_pmds again in this case. :-/\n" + "It will lead to \"BUG: non-zero nr_pmds on freeing mm: 2\" on process'\n" + "exit.\n" + "\n" + "Let's fix this by increasing nr_pmds only when we're sure that the page\n" + "table will be used.\n" + "\n" + "Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>\n" + "Reported-by: zhongjiang <zhongjiang@huawei.com>\n" + "Fixes: dc6c9a35b66b (\"mm: account pmd page tables to the process\")\n" + "Cc: <stable@vger.kernel.org> [4.0+]\n" + "---\n" + " mm/hugetlb.c | 3 +--\n" + " 1 file changed, 1 insertion(+), 2 deletions(-)\n" + "\n" + "diff --git a/mm/hugetlb.c b/mm/hugetlb.c\n" + "index e197cd7080e6..ed6a537f0878 100644\n" + "--- a/mm/hugetlb.c\n" + "+++ b/mm/hugetlb.c\n" + "@@ -4216,7 +4216,6 @@ pte_t *huge_pmd_share(struct mm_struct *mm, unsigned long addr, pud_t *pud)\n" + " \t\tif (saddr) {\n" + " \t\t\tspte = huge_pte_offset(svma->vm_mm, saddr);\n" + " \t\t\tif (spte) {\n" + "-\t\t\t\tmm_inc_nr_pmds(mm);\n" + " \t\t\t\tget_page(virt_to_page(spte));\n" + " \t\t\t\tbreak;\n" + " \t\t\t}\n" + "@@ -4231,9 +4230,9 @@ pte_t *huge_pmd_share(struct mm_struct *mm, unsigned long addr, pud_t *pud)\n" + " \tif (pud_none(*pud)) {\n" + " \t\tpud_populate(mm, pud,\n" + " \t\t\t\t(pmd_t *)((unsigned long)spte & PAGE_MASK));\n" + "+\t\tmm_inc_nr_pmds(mm);\n" + " \t} else {\n" + " \t\tput_page(virt_to_page(spte));\n" + "-\t\tmm_inc_nr_pmds(mm);\n" + " \t}\n" + " \tspin_unlock(ptl);\n" + " out:\n" + "-- \n" + Kirill A. Shutemov -f96e37c0094b70f7d053bf6f4ab679913e1b602a095f1489c555e8781a3222cc +24acb9bbddd649272ebb8ff7f78607955aa9b0acb656477dff0ed9c5b025c6d9
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.