On Tue, Oct 26, 2021 at 2:45 PM Mike Kravetz <mike.kravetz@xxxxxxxxxx> wrote:
>
> On 10/26/21 10:38 AM, Pasha Tatashin wrote:
> > prep_compound_gigantic_page() calls set_page_count(0, p), but it is not
> > needed because page_ref_freeze(p, 1) already sets refcount to 0.
> >
> > Using, set_page_count() is dangerous, because it unconditionally resets
> > refcount from the current value to unrestrained value, and therefore
> > should be minimized.
> >
> > Signed-off-by: Pasha Tatashin <pasha.tatashin@xxxxxxxxxx>
>
> Thanks!
>
> My bad for not removing the set_page_count when adding the page_ref_freeze.
>
> FYI, there have been additional changes to this routine in Andrew's
> tree. Not really sure if we want/need the VM_BUG_ON_PAGE as that would
> only check if there was a 'bug' in page_ref_freeze.
I would like to keep it. Part of the idea of this series is to reduce
reliance on comments such as:
/* No worries, refcount is A therefore we can do B */
And instead enforce that via VM_BUG_ON(). It should be able to
prevent existing and future _refcount related bugs from manifesting as
memory corruptions.
Pasha
>
> --
> Mike Kravetz
>
> > ---
> > mm/hugetlb.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/mm/hugetlb.c b/mm/hugetlb.c
> > index 95dc7b83381f..7e3996c8b696 100644
> > --- a/mm/hugetlb.c
> > +++ b/mm/hugetlb.c
> > @@ -1707,7 +1707,7 @@ static bool prep_compound_gigantic_page(struct page *page, unsigned int order)
> > pr_warn("HugeTLB page can not be used due to unexpected inflated ref count\n");
> > goto out_error;
> > }
> > - set_page_count(p, 0);
> > + VM_BUG_ON_PAGE(page_count(p), p);
> > set_compound_head(p, page);
> > }
> > atomic_set(compound_mapcount_ptr(page), -1);
> >
