Message ID | 20230810095309.3109107-2-shikemeng@huaweicloud.com (mailing list archive) |
---|---|
State | New |
Headers | show |
Series | Fixes and cleanups to break_down_buddy_pages in | expand |
On 10.08.23 11:53, Kemeng Shi wrote: > When guard page debug is enabled and set_page_guard returns success, we miss > to forward page to point to start of next split range and we will do split > unexpectedly in page range without target page. Move start page update > before set_page_guard to fix this. > > Signed-off-by: Kemeng Shi <shikemeng@huaweicloud.com> > --- > mm/page_alloc.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/mm/page_alloc.c b/mm/page_alloc.c > index 96b7c1a7d1f2..fd93d1396ccd 100644 > --- a/mm/page_alloc.c > +++ b/mm/page_alloc.c > @@ -6557,6 +6557,7 @@ static void break_down_buddy_pages(struct zone *zone, struct page *page, > next_page = page; > current_buddy = page + size; > } > + page = next_page; > > if (set_page_guard(zone, current_buddy, high, migratetype)) > continue; > @@ -6564,7 +6565,6 @@ static void break_down_buddy_pages(struct zone *zone, struct page *page, > if (current_buddy != target) { > add_to_free_list(current_buddy, zone, high, migratetype); > set_buddy_order(current_buddy, high); > - page = next_page; > } > } > } Is this worth a Fixes: tag? What is the user-visible result?
on 8/10/2023 5:10 PM, David Hildenbrand wrote: > On 10.08.23 11:53, Kemeng Shi wrote: >> When guard page debug is enabled and set_page_guard returns success, we miss >> to forward page to point to start of next split range and we will do split >> unexpectedly in page range without target page. Move start page update >> before set_page_guard to fix this. >> >> Signed-off-by: Kemeng Shi <shikemeng@huaweicloud.com> >> --- >> mm/page_alloc.c | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/mm/page_alloc.c b/mm/page_alloc.c >> index 96b7c1a7d1f2..fd93d1396ccd 100644 >> --- a/mm/page_alloc.c >> +++ b/mm/page_alloc.c >> @@ -6557,6 +6557,7 @@ static void break_down_buddy_pages(struct zone *zone, struct page *page, >> next_page = page; >> current_buddy = page + size; >> } >> + page = next_page; >> if (set_page_guard(zone, current_buddy, high, migratetype)) >> continue; >> @@ -6564,7 +6565,6 @@ static void break_down_buddy_pages(struct zone *zone, struct page *page, >> if (current_buddy != target) { >> add_to_free_list(current_buddy, zone, high, migratetype); >> set_buddy_order(current_buddy, high); >> - page = next_page; >> } >> } >> } > > Is this worth a Fixes: tag? > Sure, I will add this in next version. > What is the user-visible result? > As we split to wrong target page, then splited pages are not able to merge back to originial order when target page is put back and splited pages except target page is not usable. To be specific: Consider target page is the third page in buddy page with order 2. | buddy-2 | Page | Target | Page | After break down to target page, we will only set first page to Guard because of bug. | Guard | Page | Target | Page | When we try put_page_back_buddy with target page, the buddy page of target if neither guard nor buddy, Then it's not able to construct original page with order 2 | Guard | Page | buddy-0 | Page | All pages except target page is not in free list and is not usable.
diff --git a/mm/page_alloc.c b/mm/page_alloc.c index 96b7c1a7d1f2..fd93d1396ccd 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c @@ -6557,6 +6557,7 @@ static void break_down_buddy_pages(struct zone *zone, struct page *page, next_page = page; current_buddy = page + size; } + page = next_page; if (set_page_guard(zone, current_buddy, high, migratetype)) continue; @@ -6564,7 +6565,6 @@ static void break_down_buddy_pages(struct zone *zone, struct page *page, if (current_buddy != target) { add_to_free_list(current_buddy, zone, high, migratetype); set_buddy_order(current_buddy, high); - page = next_page; } } }
When guard page debug is enabled and set_page_guard returns success, we miss to forward page to point to start of next split range and we will do split unexpectedly in page range without target page. Move start page update before set_page_guard to fix this. Signed-off-by: Kemeng Shi <shikemeng@huaweicloud.com> --- mm/page_alloc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)