On Thu, Jun 11, 2015 at 11:49:48AM +0200, Vlastimil Babka wrote:
> On 06/03/2015 07:06 PM, Kirill A. Shutemov wrote:
> >Original split_huge_page() combined two operations: splitting PMDs into
> >tables of PTEs and splitting underlying compound page. This patch
> >implements split_huge_pmd() which split given PMD without splitting
> >other PMDs this page mapped with or underlying compound page.
> >
> >Without tail page refcounting, implementation of split_huge_pmd() is
> >pretty straight-forward.
> >
> >Signed-off-by: Kirill A. Shutemov <kirill.shutemov@xxxxxxxxxxxxxxx>
> >Tested-by: Sasha Levin <sasha.levin@xxxxxxxxxx>
>
> [...]
>
> >+
> >+ if (atomic_add_negative(-1, compound_mapcount_ptr(page))) {
> >+ /* Last compound_mapcount is gone. */
> >+ __dec_zone_page_state(page, NR_ANON_TRANSPARENT_HUGEPAGES);
> >+ if (PageDoubleMap(page)) {
> >+ /* No need in mapcount reference anymore */
> >+ ClearPageDoubleMap(page);
> >+ for (i = 0; i < HPAGE_PMD_NR; i++)
> >+ atomic_dec(&page[i]._mapcount);
> >+ }
> >+ } else if (!TestSetPageDoubleMap(page)) {
> >+ /*
> >+ * The first PMD split for the compound page and we still
> >+ * have other PMD mapping of the page: bump _mapcount in
> >+ * every small page.
> >+ * This reference will go away with last compound_mapcount.
> >+ */
> >+ for (i = 0; i < HPAGE_PMD_NR; i++)
> >+ atomic_inc(&page[i]._mapcount);
>
> The order of actions here means that between TestSetPageDoubleMap() and the
> atomic incs, anyone calling page_mapcount() on one of the pages not
> processed by the for loop yet, will see a value lower by 1 from what he
> should see. I wonder if that can cause any trouble somewhere, especially if
> there's only one other compound mapping and page_mapcount() will return 0
> instead of 1?
Good catch. Thanks.
What about this?
diff --git a/mm/huge_memory.c b/mm/huge_memory.c
index 0f1f5731a893..cd0e6addb662 100644
--- a/mm/huge_memory.c
+++ b/mm/huge_memory.c
@@ -2636,15 +2636,25 @@ static void __split_huge_pmd_locked(struct vm_area_struct *vma, pmd_t *pmd,
for (i = 0; i < HPAGE_PMD_NR; i++)
atomic_dec(&page[i]._mapcount);
}
- } else if (!TestSetPageDoubleMap(page)) {
+ } else if (!PageDoubleMap(page)) {
/*
* The first PMD split for the compound page and we still
* have other PMD mapping of the page: bump _mapcount in
* every small page.
+ *
* This reference will go away with last compound_mapcount.
+ *
+ * Note, we need to increment mapcounts before setting
+ * PG_double_map to avoid false-negative page_mapped().
*/
for (i = 0; i < HPAGE_PMD_NR; i++)
atomic_inc(&page[i]._mapcount);
+
+ if (TestSetPageDoubleMap(page)) {
+ /* Race with another __split_huge_pmd() for the page */
+ for (i = 0; i < HPAGE_PMD_NR; i++)
+ atomic_dec(&page[i]._mapcount);
+ }
}
smp_wmb(); /* make pte visible before pmd */
> Conversely, when clearing PageDoubleMap() above (or in one of those rmap
> functions IIRC), one could see mapcount inflated by one. But I guess that's
> less dangerous.
I think it's safe.
--
Kirill A. Shutemov
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@xxxxxxxxx. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>