From: Christoph Rohland <cr@sap.com>
To: Linus Torvalds <torvalds@transmeta.com>,
Stephen Tweedie <sct@redhat.com>
Cc: Mike Galbraith <mikeg@wen-online.de>,
Rik van Riel <riel@conectiva.com.br>,
Jeff Garzik <jgarzik@mandrakesoft.com>,
Daniel Phillips <phillips@bonn-fries.net>,
linux-kernel <linux-kernel@vger.kernel.org>
Subject: Re: VM in 2.4.7-pre hurts...
Date: 11 Jul 2001 21:39:28 +0200 [thread overview]
Message-ID: <m3u20j46eh.fsf@linux.local> (raw)
In-Reply-To: <Pine.LNX.4.33.0107091345070.20937-100000@penguin.transmeta.com>
Hi Linus,
On Mon, 9 Jul 2001, Linus Torvalds wrote:
>
> On 9 Jul 2001, Christoph Rohland wrote:
>>
>> No, it does matter. It prevents races against getpage.
>
> No it doesn't.
>
> We have the page locked.
>
> And if somebody does "getpage()" and doesn't check for the page
> lock, then that test _still_ doesn't prevent races, because the
> getpage might happen just _after_ the "atomic_read()".
>
> As it stands now, that atomic_read() does _nothing_. If you think
> something depends on it, then that something is already buggy.
Yep, you are right. This check hides another error: We cannot use
find_get_page for shmem since this is getting the page without the
lock like you described. I removed this optimization. Also
__find_lock_page has to check that mapping and index are still the
ones we looked for.
I append a patch to fix these errors (and the other obvious buglets in
shmem.c I did send to you several times).
Stephen, could you crosscheck? You had the test case which triggered
the count > 2 bug.
Greetings
Christoph
diff -uNr 7-pre6/mm/filemap.c 7-pre6-fix/mm/filemap.c
--- 7-pre6/mm/filemap.c Wed Jul 11 09:59:01 2001
+++ 7-pre6-fix/mm/filemap.c Wed Jul 11 20:49:14 2001
@@ -760,7 +760,7 @@
lock_page(page);
/* Is the page still hashed? Ok, good.. */
- if (page->mapping)
+ if (page->mapping == mapping && page->index == offset)
return page;
/* Nope: we raced. Release and try again.. */
diff -uNr 7-pre6/mm/shmem.c 7-pre6-fix/mm/shmem.c
--- 7-pre6/mm/shmem.c Wed Jul 11 09:59:01 2001
+++ 7-pre6-fix/mm/shmem.c Wed Jul 11 20:44:35 2001
@@ -3,7 +3,8 @@
*
* Copyright (C) 2000 Linus Torvalds.
* 2000 Transmeta Corp.
- * 2000 Christoph Rohland
+ * 2000-2001 Christoph Rohland
+ * 2000-2001 SAP AG
*
* This file is released under the GPL.
*/
@@ -33,7 +34,7 @@
#define TMPFS_MAGIC 0x01021994
#define ENTRIES_PER_PAGE (PAGE_SIZE/sizeof(unsigned long))
-#define NR_SINGLE (ENTRIES_PER_PAGE + SHMEM_NR_DIRECT)
+#define SHMEM_MAX_BLOCKS (SHMEM_NR_DIRECT + ENTRIES_PER_PAGE*ENTRIES_PER_PAGE)
static struct super_operations shmem_ops;
static struct address_space_operations shmem_aops;
@@ -193,7 +194,14 @@
}
out:
- info->max_index = index;
+ /*
+ * We have no chance to give an error, so we limit it to max
+ * size here and the application will fail later
+ */
+ if (index > SHMEM_MAX_BLOCKS)
+ info->max_index = SHMEM_MAX_BLOCKS;
+ else
+ info->max_index = index;
info->swapped -= freed;
shmem_recalc_inode(inode);
spin_unlock (&info->lock);
@@ -311,6 +319,7 @@
return page;
}
+ shmem_recalc_inode(inode);
if (entry->val) {
unsigned long flags;
@@ -390,22 +399,9 @@
static int shmem_getpage(struct inode * inode, unsigned long idx, struct page **ptr)
{
- struct address_space * mapping = inode->i_mapping;
int error;
- *ptr = NOPAGE_SIGBUS;
- if (inode->i_size <= (loff_t) idx * PAGE_CACHE_SIZE)
- return -EFAULT;
-
- *ptr = __find_get_page(mapping, idx, page_hash(mapping, idx));
- if (*ptr) {
- if (Page_Uptodate(*ptr))
- return 0;
- page_cache_release(*ptr);
- }
-
down (&inode->i_sem);
- /* retest we may have slept */
if (inode->i_size < (loff_t) idx * PAGE_CACHE_SIZE)
goto sigbus;
*ptr = shmem_getpage_locked(inode, idx);
@@ -1024,6 +1020,8 @@
unsigned long max_inodes, inodes;
struct shmem_sb_info *info = &sb->u.shmem_sb;
+ max_blocks = info->max_blocks;
+ max_inodes = info->max_inodes;
if (shmem_parse_options (data, NULL, &max_blocks, &max_inodes))
return -EINVAL;
@@ -1071,7 +1069,7 @@
sb->u.shmem_sb.free_blocks = blocks;
sb->u.shmem_sb.max_inodes = inodes;
sb->u.shmem_sb.free_inodes = inodes;
- sb->s_maxbytes = (unsigned long long)(SHMEM_NR_DIRECT + (ENTRIES_PER_PAGE*ENTRIES_PER_PAGE)) << PAGE_CACHE_SHIFT;
+ sb->s_maxbytes = (unsigned long long)SHMEM_MAX_BLOCKS << PAGE_CACHE_SHIFT;
sb->s_blocksize = PAGE_CACHE_SIZE;
sb->s_blocksize_bits = PAGE_CACHE_SHIFT;
sb->s_magic = TMPFS_MAGIC;
@@ -1279,9 +1277,11 @@
struct qstr this;
int vm_enough_memory(long pages);
- error = -ENOMEM;
+ if (size > (unsigned long long) SHMEM_MAX_BLOCKS << PAGE_CACHE_SHIFT)
+ return ERR_PTR(-EINVAL);
+
if (!vm_enough_memory((size) >> PAGE_SHIFT))
- goto out;
+ return ERR_PTR(-ENOMEM);
this.name = name;
this.len = strlen(name);
@@ -1289,7 +1289,7 @@
root = tmpfs_fs_type.kern_mnt->mnt_root;
dentry = d_alloc(root, &this);
if (!dentry)
- goto out;
+ return ERR_PTR(-ENOMEM);
error = -ENFILE;
file = get_empty_filp();
@@ -1315,7 +1315,6 @@
put_filp(file);
put_dentry:
dput (dentry);
-out:
return ERR_PTR(error);
}
/*
next prev parent reply other threads:[~2001-07-11 19:42 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <Pine.LNX.4.33.0107081640570.308-100000@mikeg.weiden.de>
2001-07-08 15:43 ` VM in 2.4.7-pre hurts Rik van Riel
2001-07-08 17:15 ` Mike Galbraith
2001-07-08 17:58 ` Linus Torvalds
2001-07-08 18:23 ` Rik van Riel
2001-07-08 19:30 ` Linus Torvalds
2001-07-09 2:59 ` Linus Torvalds
2001-07-10 2:56 ` Andrea Arcangeli
2001-07-10 4:03 ` Linus Torvalds
2001-07-10 4:20 ` Linus Torvalds
2001-07-10 5:43 ` Andrea Arcangeli
2001-07-10 14:56 ` Andrea Arcangeli
2001-07-10 18:46 ` Linus Torvalds
2001-07-10 5:11 ` Andrea Arcangeli
2001-07-09 7:56 ` Mike Galbraith
2001-07-09 8:25 ` Christoph Rohland
2001-07-09 9:18 ` Mike Galbraith
2001-07-09 9:29 ` Christoph Rohland
2001-07-09 9:38 ` Mike Galbraith
2001-07-09 11:17 ` Mike Galbraith
2001-07-09 11:30 ` Christoph Rohland
2001-07-09 12:26 ` Mike Galbraith
2001-07-09 11:25 ` Christoph Rohland
2001-07-09 12:20 ` Mike Galbraith
2001-07-09 16:20 ` Linus Torvalds
2001-07-09 19:44 ` Christoph Rohland
2001-07-09 20:46 ` Linus Torvalds
2001-07-11 19:39 ` Christoph Rohland [this message]
2001-07-11 1:05 ` Marcelo Tosatti
2001-07-11 4:03 ` Mike Galbraith
2001-07-12 5:00 ` David Lang
[not found] <Pine.LNX.4.33L.0107071542420.17825-100000@duckman.distro.conectiva>
2001-07-07 18:54 ` Linus Torvalds
2001-07-07 20:11 ` Rik van Riel
2001-07-08 17:11 ` Linus Torvalds
2001-07-08 18:29 ` Rik van Riel
2001-07-07 13:41 Jeff Garzik
2001-07-07 14:05 ` Jeff Garzik
2001-07-07 17:28 ` Linus Torvalds
2001-07-07 17:37 ` Jeff Garzik
2001-07-07 17:53 ` Linus Torvalds
2001-07-07 18:08 ` Jeff Garzik
2001-07-07 18:11 ` Rik van Riel
2001-07-07 21:33 ` Alan Cox
2001-07-07 18:00 ` Rik van Riel
2001-07-07 21:25 ` Alan Cox
2001-07-07 21:29 ` Rik van Riel
2001-07-07 21:34 ` Jeff Garzik
2001-07-07 21:43 ` Alan Cox
2001-07-07 21:45 ` Rik van Riel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=m3u20j46eh.fsf@linux.local \
--to=cr@sap.com \
--cc=jgarzik@mandrakesoft.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mikeg@wen-online.de \
--cc=phillips@bonn-fries.net \
--cc=riel@conectiva.com.br \
--cc=sct@redhat.com \
--cc=torvalds@transmeta.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox