From: Hugh Dickins <hugh@veritas.com>
To: Andrew Morton <akpm@osdl.org>
Cc: Ken Chen <kenneth.w.chen@intel.com>,
Bill Irwin <wli@holomorphy.com>, Adam Litke <agl@us.ibm.com>,
David Gibson <david@gibson.dropbear.id.au>,
linux-mm@kvack.org
Subject: [PATCH 2/3] hugetlb: fix prio_tree unit
Date: Wed, 25 Oct 2006 03:35:41 +0100 (BST) [thread overview]
Message-ID: <Pine.LNX.4.64.0610250331220.30678@blonde.wat.veritas.com> (raw)
In-Reply-To: <Pine.LNX.4.64.0610250323570.30678@blonde.wat.veritas.com>
hugetlb_vmtruncate_list was misconverted to prio_tree: its prio_tree is
in units of PAGE_SIZE (PAGE_CACHE_SIZE) like any other, not HPAGE_SIZE
(whereas its radix_tree is kept in units of HPAGE_SIZE, otherwise slots
would be absurdly sparse).
At first I thought the error benign, just calling __unmap_hugepage_range
on more vmas than necessary; but on 32-bit machines, when the prio_tree
is searched correctly, it happens to ensure the v_offset calculation won't
overflow. As it stood, when truncating at or beyond 4GB, it was liable
to discard pages COWed from lower offsets; or even to clear pmd entries
of preceding vmas, triggering exit_mmap's BUG_ON(nr_ptes).
Signed-off-by: Hugh Dickins <hugh@veritas.com>
___
fs/hugetlbfs/inode.c | 24 +++++++++++-------------
1 file changed, 11 insertions(+), 13 deletions(-)
--- 2.6.19-rc3/fs/hugetlbfs/inode.c 2006-10-24 04:34:28.000000000 +0100
+++ linux/fs/hugetlbfs/inode.c 2006-10-24 17:43:08.000000000 +0100
@@ -271,26 +271,24 @@ static void hugetlbfs_drop_inode(struct
hugetlbfs_forget_inode(inode);
}
-/*
- * h_pgoff is in HPAGE_SIZE units.
- * vma->vm_pgoff is in PAGE_SIZE units.
- */
static inline void
-hugetlb_vmtruncate_list(struct prio_tree_root *root, unsigned long h_pgoff)
+hugetlb_vmtruncate_list(struct prio_tree_root *root, pgoff_t pgoff)
{
struct vm_area_struct *vma;
struct prio_tree_iter iter;
- vma_prio_tree_foreach(vma, &iter, root, h_pgoff, ULONG_MAX) {
- unsigned long h_vm_pgoff;
+ vma_prio_tree_foreach(vma, &iter, root, pgoff, ULONG_MAX) {
unsigned long v_offset;
- h_vm_pgoff = vma->vm_pgoff >> (HPAGE_SHIFT - PAGE_SHIFT);
- v_offset = (h_pgoff - h_vm_pgoff) << HPAGE_SHIFT;
/*
- * Is this VMA fully outside the truncation point?
+ * Can the expression below overflow on 32-bit arches?
+ * No, because the prio_tree returns us only those vmas
+ * which overlap the truncated area starting at pgoff,
+ * and no vma on a 32-bit arch can span beyond the 4GB.
*/
- if (h_vm_pgoff >= h_pgoff)
+ if (vma->vm_pgoff < pgoff)
+ v_offset = (pgoff - vma->vm_pgoff) << PAGE_SHIFT;
+ else
v_offset = 0;
__unmap_hugepage_range(vma,
@@ -303,14 +301,14 @@ hugetlb_vmtruncate_list(struct prio_tree
*/
static int hugetlb_vmtruncate(struct inode *inode, loff_t offset)
{
- unsigned long pgoff;
+ pgoff_t pgoff;
struct address_space *mapping = inode->i_mapping;
if (offset > inode->i_size)
return -EINVAL;
BUG_ON(offset & ~HPAGE_MASK);
- pgoff = offset >> HPAGE_SHIFT;
+ pgoff = offset >> PAGE_SHIFT;
inode->i_size = offset;
spin_lock(&mapping->i_mmap_lock);
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next prev parent reply other threads:[~2006-10-25 2:35 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-10-25 2:31 [PATCH 1/3] hugetlb: fix size=4G parsing Hugh Dickins
2006-10-25 2:35 ` Hugh Dickins [this message]
2006-10-25 7:08 ` [PATCH 2/3] hugetlb: fix prio_tree unit David Gibson
2006-10-25 7:41 ` Hugh Dickins
2006-10-25 23:49 ` Chen, Kenneth W
2006-10-26 3:47 ` David Gibson
2006-10-26 6:15 ` Chen, Kenneth W
2006-10-26 7:55 ` Hugh Dickins
2006-10-26 8:13 ` Hugh Dickins
2006-10-26 10:42 ` David Gibson
2006-10-25 2:38 ` [PATCH 3/3] hugetlb: fix absurd HugePages_Rsvd Hugh Dickins
2006-10-25 5:23 ` Mika Penttilä
2006-10-25 5:52 ` David Gibson
2006-10-25 7:27 ` Hugh Dickins
2006-10-25 6:26 ` David Gibson
2006-10-25 6:29 ` David Gibson
2006-10-25 8:39 ` Hugh Dickins
2006-10-25 10:09 ` David Gibson
2006-10-26 3:59 ` Chen, Kenneth W
2006-10-26 4:13 ` 'David Gibson'
2006-10-26 19:08 ` Christoph Lameter
2006-10-26 19:19 ` Chen, Kenneth W
2006-10-26 20:59 ` Christoph Lameter
2006-10-26 22:19 ` 'David Gibson'
2006-10-25 21:31 ` Adam Litke
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Pine.LNX.4.64.0610250331220.30678@blonde.wat.veritas.com \
--to=hugh@veritas.com \
--cc=agl@us.ibm.com \
--cc=akpm@osdl.org \
--cc=david@gibson.dropbear.id.au \
--cc=kenneth.w.chen@intel.com \
--cc=linux-mm@kvack.org \
--cc=wli@holomorphy.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox