On Fri, 18 Nov 2011 17:11:28 +0100 Michal Hocko <mhocko@xxxxxxx> wrote: > On Fri 18-11-11 23:23:12, Hillf Danton wrote: > > On Fri, Nov 18, 2011 at 11:07 PM, Michal Hocko <mhocko@xxxxxxx> wrote: > > > On Fri 18-11-11 22:04:37, Hillf Danton wrote: > > >> In the error path that we fail to allocate new huge page, before try again, we > > >> have to check race since page_table_lock is re-acquired. > > > > > > I do not think we can race here because we are serialized by > > > hugetlb_instantiation_mutex AFAIU. Without this lock, however, we could > > > fall into avoidcopy and shortcut despite the fact that other thread has > > > already did the job. > > > > > > The mutex usage is not obvious in hugetlb_cow so maybe we want to be > > > explicit about it (either a comment or do the recheck). > > > > > > > Then the following check is unnecessary, no? > > Hmm, thinking about it some more, I guess we have to recheck because we > can still race with page migration. So we need you patch. > > Reviewed-by: Michal Hocko <mhocko@xxxxxxx> So we need a new changelog. How does this look? From: Hillf Danton <dhillf@xxxxxxxxx> Subject: hugetlb: detect race upon page allocation failure during COW In the error path where we failed to allocate a new huge page, we should check whether a racing thread has added this page for us while this thread waited for the page_table_lock. We are serialized by hugetlb_instantiation_mutex on the pagefault patch but this race can occur when another thread is performing page migration. Signed-off-by: Hillf Danton <dhillf@xxxxxxxxx> Reviewed-by: Michal Hocko <mhocko@xxxxxxx> Cc: Andrea Arcangeli <aarcange@xxxxxxxxxx> Cc: Johannes Weiner <jweiner@xxxxxxxxxx> Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> --- mm/hugetlb.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff -puN mm/hugetlb.c~hugetlb-detect-race-upon-page-allocation-failure-during-cow mm/hugetlb.c --- a/mm/hugetlb.c~hugetlb-detect-race-upon-page-allocation-failure-during-cow +++ a/mm/hugetlb.c @@ -2407,7 +2407,14 @@ retry_avoidcopy: BUG_ON(page_count(old_page) != 1); BUG_ON(huge_pte_none(pte)); spin_lock(&mm->page_table_lock); - goto retry_avoidcopy; + ptep = huge_pte_offset(mm, address & huge_page_mask(h)); + if (likely(pte_same(huge_ptep_get(ptep), pte))) + goto retry_avoidcopy; + /* + * race occurs while re-acquiring page_table_lock, and + * our job is done. + */ + return 0; } WARN_ON_ONCE(1); } _ -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxx. For more info on Linux MM, see: http://www.linux-mm.org/ . Fight unfair telecom internet charges in Canada: sign http://stopthemeter.ca/ Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>