From: Johannes Weiner <hannes@saeurebad.de>
To: Mikulas Patocka <mpatocka@redhat.com>
Cc: David Miller <davem@davemloft.net>,
sparclinux@vger.kernel.org, linux-kernel@vger.kernel.org,
akpm@linux-foundation.org, torvalds@linux-foundation.org
Subject: Re: Bootmem allocator broken
Date: Fri, 15 Aug 2008 01:40:38 +0200 [thread overview]
Message-ID: <8763q3xj0p.fsf@skyscraper.fehenstaub.lan> (raw)
In-Reply-To: <Pine.LNX.4.64.0808141855500.15262@hs20-bc2-1.build.redhat.com> (Mikulas Patocka's message of "Thu, 14 Aug 2008 19:11:19 -0400 (EDT)")
Hi Mikulas,
Mikulas Patocka <mpatocka@redhat.com> writes:
> Examining the problem further, it turned out that Johannes Weiner
> committed new bootmem allocator to 2.6.27-rc1 and the allocator is broken.
>
> This is the minimal sequence that jams the allocator:
>
> void *p, *q, *r;
> p = alloc_bootmem(PAGE_SIZE);
> q = alloc_bootmem(64);
> free_bootmem(p, PAGE_SIZE);
> p = alloc_bootmem(PAGE_SIZE);
> r = alloc_bootmem(64);
>
> --- after this sequence (assuming that the allocator was empty or
> page-aligned before), pointer "q" will be equal to pointer "r".
>
> What's hapenning inside the allocator:
> p = alloc_bootmem(PAGE_SIZE);
> in allocator: last_end_off == PAGE_SIZE, bitmap contains bits 10000...
> q = alloc_bootmem(64);
> in allocator: last_end_off == PAGE_SIZE + 64, bitmap contains 11000...
> free_bootmem(p, PAGE_SIZE);
> in allocator: last_end_off == PAGE_SIZE + 64, bitmap contains 01000...
> p = alloc_bootmem(PAGE_SIZE);
> in allocator: last_end_off == PAGE_SIZE, bitmap contains 11000...
> r = alloc_bootmem(64);
> and now:
> it finds bit "2", as a place where to allocate (sidx)
> it hits the condition
> if (bdata->last_end_off && PFN_DOWN(bdata->last_end_off) + 1 == sidx))
> start_off = ALIGN(bdata->last_end_off, align);
> --- you can see that the condition is true, so it assigns start_off =
> ALIGN(bdata->last_end_off, align); --- that is PAGE_SIZE --- and allocates
> over already allocated block.
>
> This patch fixes it (kernels 2.6.27-rc2 and 2.6.27-rc3 boot ok after the
> patch). Johannes, please review the patch and submit it to Linus.
>
> With the patch it tries to continue at the end of previous allocation only
> if the previous allocation ended in the middle of the page.
Yes, taking last_end_off into account when it's page-aligned is bogus as
the whole merging thing is about partial pages.
Cool spot and nice fix!
> Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Acked-by: Johannes Weiner <hannes@saeurebad.de>
Hannes
> ---
> mm/bootmem.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> Index: linux-2.6.27-rc2-orig/mm/bootmem.c
> ===================================================================
> --- linux-2.6.27-rc2-orig.orig/mm/bootmem.c 2008-08-15 00:10:38.000000000 +0200
> +++ linux-2.6.27-rc2-orig/mm/bootmem.c 2008-08-15 00:10:53.000000000 +0200
> @@ -473,7 +473,7 @@ find_block:
> goto find_block;
> }
>
> - if (bdata->last_end_off &&
> + if (bdata->last_end_off & (PAGE_SIZE - 1) &&
> PFN_DOWN(bdata->last_end_off) + 1 == sidx)
> start_off = ALIGN(bdata->last_end_off, align);
> else
next prev parent reply other threads:[~2008-08-14 23:41 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-06-18 0:47 stack overflow on Sparc64 Mikulas Patocka
2008-06-18 4:01 ` David Miller
2008-06-19 3:24 ` Mikulas Patocka
2008-06-19 3:59 ` David Miller
2008-06-19 5:17 ` Mikulas Patocka
2008-06-19 6:37 ` David Miller
2008-06-19 13:01 ` Mikulas Patocka
2008-06-20 15:47 ` Mikulas Patocka
2008-06-20 17:26 ` David Miller
2008-06-20 20:34 ` Mikulas Patocka
2008-06-20 20:37 ` David Miller
2008-06-20 21:26 ` Mikulas Patocka
2008-06-20 21:41 ` David Miller
2008-06-21 4:51 ` David Miller
2008-06-21 19:42 ` Mikulas Patocka
2008-06-22 7:03 ` David Miller
2008-06-22 13:48 ` Mikulas Patocka
2008-08-12 6:30 ` David Miller
2008-08-12 8:22 ` David Miller
2008-08-13 0:53 ` Mikulas Patocka
2008-08-13 0:59 ` David Miller
2008-08-13 1:11 ` console handover badness [was: stack overflow on Sparc64] Mikulas Patocka
2008-08-13 1:22 ` console handover badness David Miller
2008-08-13 1:40 ` David Miller
2008-08-13 8:50 ` David Miller
2008-08-13 12:46 ` Mikulas Patocka
2008-08-14 3:25 ` David Miller
2008-08-14 23:11 ` Bootmem allocator broken [was: console handover badness] Mikulas Patocka
2008-08-14 23:25 ` Bootmem allocator broken David Miller
2008-08-15 11:09 ` Alexander Beregalov
2008-08-15 21:13 ` David Miller
2008-08-14 23:40 ` Johannes Weiner [this message]
2008-06-20 21:14 ` stack overflow on Sparc64 Mikulas Patocka
2008-06-20 21:20 ` David Miller
2008-06-20 21:25 ` Mikulas Patocka
2008-06-20 21:44 ` David Miller
2008-06-20 21:47 ` David Miller
2008-06-20 22:22 ` Mikulas Patocka
2008-06-20 22:28 ` David Miller
2008-06-20 22:36 ` Mikulas Patocka
2008-06-20 22:47 ` David Miller
2008-06-21 0:37 ` Mikulas Patocka
2008-06-20 22:33 ` Mikulas Patocka
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8763q3xj0p.fsf@skyscraper.fehenstaub.lan \
--to=hannes@saeurebad.de \
--cc=akpm@linux-foundation.org \
--cc=davem@davemloft.net \
--cc=linux-kernel@vger.kernel.org \
--cc=mpatocka@redhat.com \
--cc=sparclinux@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox