Re: [PATCH 02/11] mm,migration: Do not try to migrate unmapped anonymous pages

From: Minchan Kim
Date: Sun Mar 14 2010 - 20:28:30 EST

Next message: Wolfram Sang: "[PATCH] init dynamic bin_attribute structures"
Previous message: Wolfram Sang: "Re: [PATCH] base firmware: Fix BUG from sysfs attributes change incommit a2db6842873c8e5a70652f278d469128cb52db70"
In reply to: Mel Gorman: "[PATCH 02/11] mm,migration: Do not try to migrate unmapped anonymous pages"
Next in thread: KAMEZAWA Hiroyuki: "Re: [PATCH 02/11] mm,migration: Do not try to migrate unmapped anonymous pages"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi, Mel.
On Sat, Mar 13, 2010 at 1:41 AM, Mel Gorman <mel@xxxxxxxxx> wrote:
> rmap_walk_anon() was triggering errors in memory compaction that looks like
> use-after-free errors in anon_vma. The problem appears to be that between
> the page being isolated from the LRU and rcu_read_lock() being taken, the
> mapcount of the page dropped to 0 and the anon_vma was freed. This patch
> skips the migration of anon pages that are not mapped by anyone.
>
> Signed-off-by: Mel Gorman <mel@xxxxxxxxx>
> Acked-by: Rik van Riel <riel@xxxxxxxxxx>
> ---
> Âmm/migrate.c | Â 10 ++++++++++
> Â1 files changed, 10 insertions(+), 0 deletions(-)
>
> diff --git a/mm/migrate.c b/mm/migrate.c
> index 98eaaf2..3c491e3 100644
> --- a/mm/migrate.c
> +++ b/mm/migrate.c
> @@ -602,6 +602,16 @@ static int unmap_and_move(new_page_t get_new_page, unsigned long private,
> Â Â Â Â * just care Anon page here.
> Â Â Â Â */
> Â Â Â Âif (PageAnon(page)) {
> + Â Â Â Â Â Â Â /*
> + Â Â Â Â Â Â Â Â* If the page has no mappings any more, just bail. An
> + Â Â Â Â Â Â Â Â* unmapped anon page is likely to be freed soon but worse,
> + Â Â Â Â Â Â Â Â* it's possible its anon_vma disappeared between when
> + Â Â Â Â Â Â Â Â* the page was isolated and when we reached here while
> + Â Â Â Â Â Â Â Â* the RCU lock was not held
> + Â Â Â Â Â Â Â Â*/
> + Â Â Â Â Â Â Â if (!page_mapcount(page))

As looking code about mapcount of page, I got confused.
I think mapcount of page is protected by pte lock.
But I can't find pte lock in unmap_and_move.
If I am right, what protects race between this condition check and
rcu_read_lock?
This patch makes race window very small but It can't remove race totally.

I think I am missing something.
Pz, point me out. :)

> + Â Â Â Â Â Â Â Â Â Â Â goto uncharge;
> +
> Â Â Â Â Â Â Â Ârcu_read_lock();
> Â Â Â Â Â Â Â Ârcu_locked = 1;
> Â Â Â Â Â Â Â Âanon_vma = page_anon_vma(page);
> --
> 1.6.5
>

--
Kind regards,
Minchan Kim
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Wolfram Sang: "[PATCH] init dynamic bin_attribute structures"
Previous message: Wolfram Sang: "Re: [PATCH] base firmware: Fix BUG from sysfs attributes change incommit a2db6842873c8e5a70652f278d469128cb52db70"
In reply to: Mel Gorman: "[PATCH 02/11] mm,migration: Do not try to migrate unmapped anonymous pages"
Next in thread: KAMEZAWA Hiroyuki: "Re: [PATCH 02/11] mm,migration: Do not try to migrate unmapped anonymous pages"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]