On Sat, Jun 12, 2021 at 12:36 AM Andrew Morton
<akpm@xxxxxxxxxxxxxxxxxxxx> wrote:
> On Fri, 11 Jun 2021 18:15:45 +0200 Jann Horn <jannh@xxxxxxxxxx> wrote:
> > +/* Equivalent to calling put_page() @refs times. */
> > +static void put_page_refs(struct page *page, int refs)
> > +{
> > + VM_BUG_ON_PAGE(page_ref_count(page) < refs, page);
>
> I don't think there's a need to nuke the whole kernel in this case.
> Can we warn then simply leak the page? That way we have a much better
> chance of getting a good bug report.
Ah, yeah, I guess that makes sense. I had just copied this over from
put_compound_head(), and figured it was fine to keep it as-is, but I
guess changing it would be reasonable. I'm not quite sure what the
best way to do that would be though.
I guess the check should go away in !DEBUG_VM builds?
Should I just explicitly put the check in an ifdef block? Like so:
#ifdef CONFIG_DEBUG_VM
if (VM_WARN_ON_ONCE_PAGE(...))
return;
#endif
Or, since inline ifdeffery looks ugly, get rid of the explicit ifdef,
and change the !DEBUG_VM definition of VM_WARN_ON_ONCE_PAGE() as
follows so that the branch is compiled away?
#define VM_WARN_ON_ONCE_PAGE(cond, page) (BUILD_BUG_ON_INVALID(cond), false)
That would look kinda neat, but it would be different from the
behavior of WARN_ON(), which still returns the original condition even
in !BUG builds, so that could be confusing...
> > + /*
> > + * Calling put_page() for each ref is unnecessarily slow. Only the last
> > + * ref needs a put_page().
> > + */
> > + if (refs > 1)
> > + page_ref_sub(page, refs - 1);
> > + put_page(page);
> > +}
>
