Re: [PATCH] mm: slub: fix page->_count corruption (again)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 28 Jan 2014 15:17:22 -0800 Dave Hansen <dave@xxxxxxxx> wrote:

> Commit abca7c496 notes that we can not _set_ a page->counters
> directly, except when using a real double-cmpxchg.  Doing so can
> lose updates to ->_count.
> 
> That an absolute rule:
> 
>         You may not *set* page->counters except via a cmpxchg.
> 
> Commit abca7c496 fixed this for the folks who have the slub
> cmpxchg_double code turned off at compile time, but it left the
> bad alone.  It can still be reached, and the same bug triggered
> in two cases:
> 1. Turning on slub debugging at runtime, which is available on
>    the distro kernels that I looked at.
> 2. On 64-bit CPUs with no CMPXCHG16B (some early AMD x86-64
>    cpus, evidently)
> 
> There are at least 3 ways we could fix this:
> 
> 1. Take all of the exising calls to cmpxchg_double_slab() and
>    __cmpxchg_double_slab() and convert them to take an old, new
>    and target 'struct page'.
> 2. Do (1), but with the newly-introduced 'slub_data'.
> 3. Do some magic inside the two cmpxchg...slab() functions to
>    pull the counters out of new_counters and only set those
>    fields in page->{inuse,frozen,objects}.

This code is borderline insane.

Yes, struct page is special and it's worth spending time and doing
weird things to optimise it.  But sheesh.

An alternative is to make that cmpxchg quietly go away.  Is it more
trouble than it is worth?

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@xxxxxxxxx.  For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>




[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]