Re: [PATCH] mm: slub: fix page->_count corruption (again)
From: Andrew Morton
Date: Tue Jan 28 2014 - 18:30:07 EST
On Tue, 28 Jan 2014 15:17:22 -0800 Dave Hansen <dave@xxxxxxxx> wrote:
> Commit abca7c496 notes that we can not _set_ a page->counters
> directly, except when using a real double-cmpxchg. Doing so can
> lose updates to ->_count.
>
> That an absolute rule:
>
> You may not *set* page->counters except via a cmpxchg.
>
> Commit abca7c496 fixed this for the folks who have the slub
> cmpxchg_double code turned off at compile time, but it left the
> bad alone. It can still be reached, and the same bug triggered
> in two cases:
> 1. Turning on slub debugging at runtime, which is available on
> the distro kernels that I looked at.
> 2. On 64-bit CPUs with no CMPXCHG16B (some early AMD x86-64
> cpus, evidently)
>
> There are at least 3 ways we could fix this:
>
> 1. Take all of the exising calls to cmpxchg_double_slab() and
> __cmpxchg_double_slab() and convert them to take an old, new
> and target 'struct page'.
> 2. Do (1), but with the newly-introduced 'slub_data'.
> 3. Do some magic inside the two cmpxchg...slab() functions to
> pull the counters out of new_counters and only set those
> fields in page->{inuse,frozen,objects}.
This code is borderline insane.
Yes, struct page is special and it's worth spending time and doing
weird things to optimise it. But sheesh.
An alternative is to make that cmpxchg quietly go away. Is it more
trouble than it is worth?
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/