From: Christoph Rohland <cr@sap.com>
To: Linus Torvalds <torvalds@transmeta.com>,
Stephen Tweedie <sct@redhat.com>
Cc: Mike Galbraith <mikeg@wen-online.de>,
Rik van Riel <riel@conectiva.com.br>,
Jeff Garzik <jgarzik@mandrakesoft.com>,
Daniel Phillips <phillips@bonn-fries.net>,
linux-kernel <linux-kernel@vger.kernel.org>
Subject: Re: VM in 2.4.7-pre hurts...
Date: 11 Jul 2001 21:39:28 +0200 [thread overview]
Message-ID: <m3u20j46eh.fsf@linux.local> (raw)
In-Reply-To: <Pine.LNX.4.33.0107091345070.20937-100000@penguin.transmeta.com>
Hi Linus,
On Mon, 9 Jul 2001, Linus Torvalds wrote:
>
> On 9 Jul 2001, Christoph Rohland wrote:
>>
>> No, it does matter. It prevents races against getpage.
>
> No it doesn't.
>
> We have the page locked.
>
> And if somebody does "getpage()" and doesn't check for the page
> lock, then that test _still_ doesn't prevent races, because the
> getpage might happen just _after_ the "atomic_read()".
>
> As it stands now, that atomic_read() does _nothing_. If you think
> something depends on it, then that something is already buggy.
Yep, you are right. This check hides another error: We cannot use
find_get_page for shmem since this is getting the page without the
lock like you described. I removed this optimization. Also
__find_lock_page has to check that mapping and index are still the
ones we looked for.
I append a patch to fix these errors (and the other obvious buglets in
shmem.c I did send to you several times).
Stephen, could you crosscheck? You had the test case which triggered
the count > 2 bug.
Greetings
Christoph
diff -uNr 7-pre6/mm/filemap.c 7-pre6-fix/mm/filemap.c
--- 7-pre6/mm/filemap.c Wed Jul 11 09:59:01 2001
+++ 7-pre6-fix/mm/filemap.c Wed Jul 11 20:49:14 2001
@@ -760,7 +760,7 @@
lock_page(page);
/* Is the page still hashed? Ok, good.. */
- if (page->mapping)
+ if (page->mapping == mapping && page->index == offset)
return page;
/* Nope: we raced. Release and try again.. */
diff -uNr 7-pre6/mm/shmem.c 7-pre6-fix/mm/shmem.c
--- 7-pre6/mm/shmem.c Wed Jul 11 09:59:01 2001
+++ 7-pre6-fix/mm/shmem.c Wed Jul 11 20:44:35 2001
@@ -3,7 +3,8 @@
*
* Copyright (C) 2000 Linus Torvalds.
* 2000 Transmeta Corp.
- * 2000 Christoph Rohland
+ * 2000-2001 Christoph Rohland
+ * 2000-2001 SAP AG
*
* This file is released under the GPL.
*/
@@ -33,7 +34,7 @@
#define TMPFS_MAGIC 0x01021994
#define ENTRIES_PER_PAGE (PAGE_SIZE/sizeof(unsigned long))
-#define NR_SINGLE (ENTRIES_PER_PAGE + SHMEM_NR_DIRECT)
+#define SHMEM_MAX_BLOCKS (SHMEM_NR_DIRECT + ENTRIES_PER_PAGE*ENTRIES_PER_PAGE)
static struct super_operations shmem_ops;
static struct address_space_operations shmem_aops;
@@ -193,7 +194,14 @@
}
out:
- info->max_index = index;
+ /*
+ * We have no chance to give an error, so we limit it to max
+ * size here and the application will fail later
+ */
+ if (index > SHMEM_MAX_BLOCKS)
+ info->max_index = SHMEM_MAX_BLOCKS;
+ else
+ info->max_index = index;
info->swapped -= freed;
shmem_recalc_inode(inode);
spin_unlock (&info->lock);
@@ -311,6 +319,7 @@
return page;
}
+ shmem_recalc_inode(inode);
if (entry->val) {
unsigned long flags;
@@ -390,22 +399,9 @@
static int shmem_getpage(struct inode * inode, unsigned long idx, struct page **ptr)
{
- struct address_space * mapping = inode->i_mapping;
int error;
- *ptr = NOPAGE_SIGBUS;
- if (inode->i_size <= (loff_t) idx * PAGE_CACHE_SIZE)
- return -EFAULT;
-
- *ptr = __find_get_page(mapping, idx, page_hash(mapping, idx));
- if (*ptr) {
- if (Page_Uptodate(*ptr))
- return 0;
- page_cache_release(*ptr);
- }
-
down (&inode->i_sem);
- /* retest we may have slept */
if (inode->i_size < (loff_t) idx * PAGE_CACHE_SIZE)
goto sigbus;
*ptr = shmem_getpage_locked(inode, idx);
@@ -1024,6 +1020,8 @@
unsigned long max_inodes, inodes;
struct shmem_sb_info *info = &sb->u.shmem_sb;
+ max_blocks = info->max_blocks;
+ max_inodes = info->max_inodes;
if (shmem_parse_options (data, NULL, &max_blocks, &max_inodes))
return -EINVAL;
@@ -1071,7 +1069,7 @@
sb->u.shmem_sb.free_blocks = blocks;
sb->u.shmem_sb.max_inodes = inodes;
sb->u.shmem_sb.free_inodes = inodes;
- sb->s_maxbytes = (unsigned long long)(SHMEM_NR_DIRECT + (ENTRIES_PER_PAGE*ENTRIES_PER_PAGE)) << PAGE_CACHE_SHIFT;
+ sb->s_maxbytes = (unsigned long long)SHMEM_MAX_BLOCKS << PAGE_CACHE_SHIFT;
sb->s_blocksize = PAGE_CACHE_SIZE;
sb->s_blocksize_bits = PAGE_CACHE_SHIFT;
sb->s_magic = TMPFS_MAGIC;
@@ -1279,9 +1277,11 @@
struct qstr this;
int vm_enough_memory(long pages);
- error = -ENOMEM;
+ if (size > (unsigned long long) SHMEM_MAX_BLOCKS << PAGE_CACHE_SHIFT)
+ return ERR_PTR(-EINVAL);
+
if (!vm_enough_memory((size) >> PAGE_SHIFT))
- goto out;
+ return ERR_PTR(-ENOMEM);
this.name = name;
this.len = strlen(name);
@@ -1289,7 +1289,7 @@
root = tmpfs_fs_type.kern_mnt->mnt_root;
dentry = d_alloc(root, &this);
if (!dentry)
- goto out;
+ return ERR_PTR(-ENOMEM);
error = -ENFILE;
file = get_empty_filp();
@@ -1315,7 +1315,6 @@
put_filp(file);
put_dentry:
dput (dentry);
-out:
return ERR_PTR(error);
}
/*
next prev parent reply other threads:[~2001-07-11 19:42 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <Pine.LNX.4.33.0107081640570.308-100000@mikeg.weiden.de>
2001-07-08 15:43 ` VM in 2.4.7-pre hurts Rik van Riel
2001-07-08 17:15 ` Mike Galbraith
2001-07-08 17:58 ` Linus Torvalds
2001-07-08 18:23 ` Rik van Riel
2001-07-08 19:30 ` Linus Torvalds
2001-07-09 2:59 ` Linus Torvalds
2001-07-10 2:56 ` Andrea Arcangeli
2001-07-10 4:03 ` Linus Torvalds
2001-07-10 4:20 ` Linus Torvalds
2001-07-10 5:43 ` Andrea Arcangeli
2001-07-10 14:56 ` Andrea Arcangeli
2001-07-10 18:46 ` Linus Torvalds
2001-07-10 5:11 ` Andrea Arcangeli
2001-07-09 7:56 ` Mike Galbraith
2001-07-09 8:25 ` Christoph Rohland
2001-07-09 9:18 ` Mike Galbraith
2001-07-09 9:29 ` Christoph Rohland
2001-07-09 9:38 ` Mike Galbraith
2001-07-09 11:17 ` Mike Galbraith
2001-07-09 11:30 ` Christoph Rohland
2001-07-09 12:26 ` Mike Galbraith
2001-07-09 11:25 ` Christoph Rohland
2001-07-09 12:20 ` Mike Galbraith
2001-07-09 16:20 ` Linus Torvalds
2001-07-09 19:44 ` Christoph Rohland
2001-07-09 20:46 ` Linus Torvalds
2001-07-11 19:39 ` Christoph Rohland [this message]
2001-07-11 1:05 ` Marcelo Tosatti
2001-07-11 4:03 ` Mike Galbraith
2001-07-12 5:00 ` David Lang
[not found] <Pine.LNX.4.33L.0107071542420.17825-100000@duckman.distro.conectiva>
2001-07-07 18:54 ` Linus Torvalds
2001-07-07 20:11 ` Rik van Riel
2001-07-08 17:11 ` Linus Torvalds
2001-07-08 18:29 ` Rik van Riel
2001-07-07 13:41 Jeff Garzik
2001-07-07 14:05 ` Jeff Garzik
2001-07-07 17:28 ` Linus Torvalds
2001-07-07 17:37 ` Jeff Garzik
2001-07-07 17:53 ` Linus Torvalds
2001-07-07 18:08 ` Jeff Garzik
2001-07-07 18:11 ` Rik van Riel
2001-07-07 21:33 ` Alan Cox
2001-07-07 18:00 ` Rik van Riel
2001-07-07 21:25 ` Alan Cox
2001-07-07 21:29 ` Rik van Riel
2001-07-07 21:34 ` Jeff Garzik
2001-07-07 21:43 ` Alan Cox
2001-07-07 21:45 ` Rik van Riel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=m3u20j46eh.fsf@linux.local \
--to=cr@sap.com \
--cc=jgarzik@mandrakesoft.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mikeg@wen-online.de \
--cc=phillips@bonn-fries.net \
--cc=riel@conectiva.com.br \
--cc=sct@redhat.com \
--cc=torvalds@transmeta.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.