On Fri, Jul 27, 2018 at 09:48:17PM +1000, Nicholas Piggin wrote: > The page table fragment allocator uses the main page refcount racily > with respect to speculative references. A customer observed a BUG due > to page table page refcount underflow in the fragment allocator. This > can be caused by the fragment allocator set_page_count stomping on a > speculative reference, and then the speculative failure handler > decrements the new reference, and the underflow eventually pops when > the page tables are freed. Oof. Can't you fix this instead by using page_ref_add() instead of set_page_count()? > Any objection to the struct page change to grab the arch specific > page table page word for powerpc to use? If not, then this should > go via powerpc tree because it's inconsequential for core mm. I want (eventually) to get to the point where every struct page carries a pointer to the struct mm that it belongs to. It's good for debugging as well as handling memory errors in page tables.
