From: Pasha Tatashin <pasha.tatashin@soleen.com>
To: Vlastimil Babka <vbabka@suse.cz>
Cc: LKML <linux-kernel@vger.kernel.org>,
linux-mm <linux-mm@kvack.org>,
linux-m68k@lists.linux-m68k.org,
Anshuman Khandual <anshuman.khandual@arm.com>,
Matthew Wilcox <willy@infradead.org>,
Andrew Morton <akpm@linux-foundation.org>,
william.kucharski@oracle.com,
Mike Kravetz <mike.kravetz@oracle.com>,
Geert Uytterhoeven <geert@linux-m68k.org>,
schmitzmic@gmail.com, Steven Rostedt <rostedt@goodmis.org>,
Ingo Molnar <mingo@redhat.com>,
Johannes Weiner <hannes@cmpxchg.org>,
Roman Gushchin <guro@fb.com>,
Muchun Song <songmuchun@bytedance.com>,
Wei Xu <weixugc@google.com>, Greg Thelen <gthelen@google.com>,
David Rientjes <rientjes@google.com>,
Paul Turner <pjt@google.com>, Hugh Dickins <hughd@google.com>
Subject: Re: [PATCH v3 1/9] mm: add overflow and underflow checks for page->_refcount
Date: Thu, 27 Jan 2022 14:42:09 -0500 [thread overview]
Message-ID: <CA+CK2bCP0iFAdr-4VxiS2ubQT0O0c_j-qS4Q0khhRBCLJqQBrg@mail.gmail.com> (raw)
In-Reply-To: <72cae3c0-e06e-4fe5-24d5-a2c94d99780f@suse.cz>
> > diff --git a/include/linux/page_ref.h b/include/linux/page_ref.h
> > index 2e677e6ad09f..fe4864f7f69c 100644
> > --- a/include/linux/page_ref.h
> > +++ b/include/linux/page_ref.h
> > @@ -117,7 +117,10 @@ static inline void init_page_count(struct page *page)
> >
> > static inline void page_ref_add(struct page *page, int nr)
> > {
> > - atomic_add(nr, &page->_refcount);
> > + int old_val = atomic_fetch_add(nr, &page->_refcount);
> > + int new_val = old_val + nr;
> > +
> > + VM_BUG_ON_PAGE((unsigned int)new_val < (unsigned int)old_val, page);
>
> This seems somewhat weird, as it will trigger not just on overflow, but also
> if nr is negative. Which I think is valid usage, even though the function
> has 'add' in name, because 'nr' is signed?
I have not found any places in the mainline kernel where nr is
negative in page_ref_add(). I think, by adding this assert we ensure
that when 'add' shows up in backtraces it can be assured that the ref
count has increased, and if page_ref_sub() showed up it means it
decreased. It is strange to have both functions, and yet allow them to
do the opposite. We can also change the type to unsigned.
Pasha
next prev parent reply other threads:[~2022-01-27 19:42 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-26 18:34 [PATCH v3 0/9] Hardening page _refcount Pasha Tatashin
2022-01-26 18:34 ` [PATCH v3 1/9] mm: add overflow and underflow checks for page->_refcount Pasha Tatashin
2022-01-26 18:59 ` Matthew Wilcox
2022-01-26 19:22 ` Pasha Tatashin
2022-01-26 19:45 ` Matthew Wilcox
2022-01-26 22:40 ` Pasha Tatashin
2022-01-27 18:27 ` Vlastimil Babka
2022-01-27 19:38 ` Pasha Tatashin
2022-01-27 18:30 ` Vlastimil Babka
2022-01-27 19:42 ` Pasha Tatashin [this message]
2022-01-26 18:34 ` [PATCH v3 2/9] mm: Avoid using set_page_count() in set_page_recounted() Pasha Tatashin
2022-01-26 18:34 ` [PATCH v3 3/9] mm: remove set_page_count() from page_frag_alloc_align Pasha Tatashin
2022-01-26 18:34 ` [PATCH v3 4/9] mm: avoid using set_page_count() when pages are freed into allocator Pasha Tatashin
2022-01-26 18:34 ` [PATCH v3 5/9] mm: rename init_page_count() -> page_ref_init() Pasha Tatashin
2022-01-26 18:34 ` [PATCH v3 6/9] mm: remove set_page_count() Pasha Tatashin
2022-01-26 18:34 ` [PATCH v3 7/9] mm: simplify page_ref_* functions Pasha Tatashin
2022-01-26 18:34 ` [PATCH v3 8/9] mm: do not use atomic_set_release in page_ref_unfreeze() Pasha Tatashin
2022-01-26 18:34 ` [PATCH v3 9/9] mm: use atomic_cmpxchg_acquire in page_ref_freeze() Pasha Tatashin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CA+CK2bCP0iFAdr-4VxiS2ubQT0O0c_j-qS4Q0khhRBCLJqQBrg@mail.gmail.com \
--to=pasha.tatashin@soleen.com \
--cc=akpm@linux-foundation.org \
--cc=anshuman.khandual@arm.com \
--cc=geert@linux-m68k.org \
--cc=gthelen@google.com \
--cc=guro@fb.com \
--cc=hannes@cmpxchg.org \
--cc=hughd@google.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-m68k@lists.linux-m68k.org \
--cc=linux-mm@kvack.org \
--cc=mike.kravetz@oracle.com \
--cc=mingo@redhat.com \
--cc=pjt@google.com \
--cc=rientjes@google.com \
--cc=rostedt@goodmis.org \
--cc=schmitzmic@gmail.com \
--cc=songmuchun@bytedance.com \
--cc=vbabka@suse.cz \
--cc=weixugc@google.com \
--cc=william.kucharski@oracle.com \
--cc=willy@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox