[PATCH 3/9] mm: rcu read lock when getting from tail to head page

From: Michel Lespinasse
Date: Fri Aug 19 2011 - 03:49:48 EST

Next message: Michel Lespinasse: "[PATCH 2/9] mm: avoid calling get_page_unless_zero() when charging cgroups"
Previous message: Michel Lespinasse: "[PATCH 7/9] rcu: rcu_get_gp_cookie() / rcu_gp_cookie_elapsed() stand-ins"
In reply to: Michel Lespinasse: "[PATCH 7/9] rcu: rcu_get_gp_cookie() / rcu_gp_cookie_elapsed() stand-ins"
Next in thread: Michel Lespinasse: "[PATCH 2/9] mm: avoid calling get_page_unless_zero() when charging cgroups"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In the tail page case, put_compound_page() uses get_page_unless_zero()
to get a reference on the head page. There is a small possibility that
the compound page might get split, and the head page freed, before that
reference can be obtained.

Similarly, page_trans_compound_anon_split() needs to get a reference
on a a THP page's head before it can proceed with splitting it.

In order to guarantee page count stability one rcu grace period after
allocation, as described in page_cache_get_speculative() comment in
pagemap.h, we need to take the rcu read lock from the time we locate the
head page until we get a reference on it.

Signed-off-by: Michel Lespinasse <walken@xxxxxxxxxx>
---
mm/ksm.c | 4 ++++
mm/swap.c | 8 +++++++-
2 files changed, 11 insertions(+), 1 deletions(-)

diff --git a/mm/ksm.c b/mm/ksm.c
index 9a68b0c..0eec889 100644
--- a/mm/ksm.c
+++ b/mm/ksm.c
@@ -817,10 +817,12 @@ out:
static int page_trans_compound_anon_split(struct page *page)
{
int ret = 0;
+ rcu_read_lock();
struct page *transhuge_head = page_trans_compound_anon(page);
if (transhuge_head) {
/* Get the reference on the head to split it. */
if (get_page_unless_zero(transhuge_head)) {
+ rcu_read_unlock();
/*
* Recheck we got the reference while the head
* was still anonymous.
@@ -834,10 +836,12 @@ static int page_trans_compound_anon_split(struct page *page)
*/
ret = 1;
put_page(transhuge_head);
+ return ret;
} else
/* Retry later if split_huge_page run from under us. */
ret = 1;
}
+ rcu_read_unlock();
return ret;
}

diff --git a/mm/swap.c b/mm/swap.c
index 3a442f1..ac617dc 100644
--- a/mm/swap.c
+++ b/mm/swap.c
@@ -78,7 +78,10 @@ static void put_compound_page(struct page *page)
{
if (unlikely(PageTail(page))) {
/* __split_huge_page_refcount can run under us */
- struct page *page_head = page->first_page;
+ struct page *page_head;
+
+ rcu_read_lock();
+ page_head = page->first_page;
smp_rmb();
/*
* If PageTail is still set after smp_rmb() we can be sure
@@ -87,6 +90,8 @@ static void put_compound_page(struct page *page)
*/
if (likely(PageTail(page) && get_page_unless_zero(page_head))) {
unsigned long flags;
+
+ rcu_read_unlock();
/*
* Verify that our page_head wasn't converted
* to a a regular page before we got a
@@ -140,6 +145,7 @@ static void put_compound_page(struct page *page)
}
} else {
/* page_head is a dangling pointer */
+ rcu_read_unlock();
VM_BUG_ON(PageTail(page));
goto out_put_single;
}
--
1.7.3.1

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Michel Lespinasse: "[PATCH 2/9] mm: avoid calling get_page_unless_zero() when charging cgroups"
Previous message: Michel Lespinasse: "[PATCH 7/9] rcu: rcu_get_gp_cookie() / rcu_gp_cookie_elapsed() stand-ins"
In reply to: Michel Lespinasse: "[PATCH 7/9] rcu: rcu_get_gp_cookie() / rcu_gp_cookie_elapsed() stand-ins"
Next in thread: Michel Lespinasse: "[PATCH 2/9] mm: avoid calling get_page_unless_zero() when charging cgroups"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]