lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Thu, 21 Apr 2011 17:12:42 +0400
From:	Konstantin Khlebnikov <khlebnikov@...nvz.org>
To:	<linux-mm@...ck.org>, Andrew Morton <akpm@...ux-foundation.org>
CC:	Andi Kleen <andi@...stfloor.org>, <linux-kernel@...r.kernel.org>
Subject: [PATCH 3/3] mm: strictly require elevated page refcount in
 isolate_lru_page()

isolate_lru_page() must be called only with stable reference to the page,
this is what is written in the comment above it, this is reasonable.

current isolate_lru_page() users and its page extra reference sources:

mm/huge_memory.c
__collapse_huge_page_isolate()		- reference from pte

mm/memcontrol.c
mem_cgroup_move_parent()		- get_page_unless_zero()
mem_cgroup_move_charge_pte_range()	- reference from pte

mm/memory-failure.c
soft_offline_page()			- fixed, reference from get_any_page()
delete_from_lru_cache() - reference from caller or get_page_unless_zero()
[seems like there bug, because __memory_failure() can call page_action() for
 hpages tail, but it is ok for isolate_lru_page(), tail getted and not in lru]

mm/memory_hotplug.c
do_migrate_range()			- fixed, get_page_unless_zero()

mm/mempolicy.c
migrate_page_add()			- reference from pte

mm/migrate.c
do_move_page_to_node_array()		- reference from follow_page()

mlock.c					- various external references

mm/vmscan.c
putback_lru_page()			- reference from isolate_lru_page()

It seems that all isolate_lru_page() users are ready now for this restriction.
So, let's replace redundant get_page_unless_zero() with get_page() and
add page initial reference count check with VM_BUG_ON()

Signed-off-by: Konstantin Khlebnikov <khlebnikov@...nvz.org>
---
 mm/vmscan.c |    5 ++++-
 1 files changed, 4 insertions(+), 1 deletions(-)

diff --git a/mm/vmscan.c b/mm/vmscan.c
index f6b435c..0175f39 100644
--- a/mm/vmscan.c
+++ b/mm/vmscan.c
@@ -1201,13 +1201,16 @@ int isolate_lru_page(struct page *page)
 {
 	int ret = -EBUSY;
 
+	VM_BUG_ON(!page_count(page));
+
 	if (PageLRU(page)) {
 		struct zone *zone = page_zone(page);
 
 		spin_lock_irq(&zone->lru_lock);
-		if (PageLRU(page) && get_page_unless_zero(page)) {
+		if (PageLRU(page)) {
 			int lru = page_lru(page);
 			ret = 0;
+			get_page(page);
 			ClearPageLRU(page);
 
 			del_page_from_lru_list(zone, page, lru);

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ