[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20070314191005.GA21733@skynet.ie>
Date: Wed, 14 Mar 2007 19:10:05 +0000
From: mel@...net.ie (Mel Gorman)
To: Andrew Morton <akpm@...ux-foundation.org>
Cc: Bjorn Helgaas <bjorn.helgaas@...com>, linux-kernel@...r.kernel.org
Subject: [PATCH] Avoid unsafe use of struct pages in move_freepages when CONFIG_HOLES_IN_ZONE is set
In the majority of situations, mem_map is guaranteed to be valid within
a MAX_ORDER_NR_PAGES block of pages. However, when CONFIG_HOLES_IN_ZONE
is set, there is no guarantee that mem_map exists for the entire block.
This means that when checking struct pages around a known valid page, there
is no guarantee they are valid.
move_freepages() operates on a MAX_ORDER_NR_PAGES range of pages based on
a known valid page retrieved from the free lists. However, a bug check is
unsafe when CONFIG_HOLES_IN_ZONE is set and pfn_valid() is called too late.
This patch disables the bug check when CONFIG_HOLES_IN_ZONE and checks
pfn_valid() earlier before calling PageBuddy(). It applies on top of
move-free-pages-between-lists-on-steal-fix-2.patch from Yasunori Goto in -mm.
Credit to Bjorn Helgaas for reporting this bug and testing.
Signed-off-by: Mel Gorman <mel@....ul.ie>
page_alloc.c | 18 ++++++++++++++----
1 file changed, 14 insertions(+), 4 deletions(-)
diff -rup -X /usr/src/patchset-0.6/bin//dontdiff linux-2.6.21-rc3-mm2-goto/mm/page_alloc.c linux-2.6.21-rc3-mm2-zone_holes_ia64_fix/mm/page_alloc.c
--- linux-2.6.21-rc3-mm2-goto/mm/page_alloc.c 2007-03-14 16:07:23.000000000 +0000
+++ linux-2.6.21-rc3-mm2-zone_holes_ia64_fix/mm/page_alloc.c 2007-03-14 18:51:41.000000000 +0000
@@ -707,13 +707,18 @@ int move_freepages(struct zone *zone,
unsigned long order;
int blocks_moved = 0;
+#ifndef CONFIG_HOLES_IN_ZONE
+ /*
+ * page_zone is not safe to call in this context when
+ * CONFIG_HOLES_IN_ZONE is set. This bug check is probably redundant
+ * anyway as we check zone boundaries in move_freepages_block().
+ * Remove at a later date when no bug reports exist related to
+ * CONFIG_PAGE_GROUP_BY_MOBILITY
+ */
BUG_ON(page_zone(start_page) != page_zone(end_page - 1));
+#endif
for (page = start_page; page < end_page;) {
- if (!PageBuddy(page)) {
- page++;
- continue;
- }
#ifdef CONFIG_HOLES_IN_ZONE
if (!pfn_valid(page_to_pfn(page))) {
page++;
@@ -721,6 +726,11 @@ int move_freepages(struct zone *zone,
}
#endif
+ if (!PageBuddy(page)) {
+ page++;
+ continue;
+ }
+
order = page_order(page);
list_del(&page->lru);
list_add(&page->lru,
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists