Commit bd1ce5f9 authored by Wu Fengguang's avatar Wu Fengguang Committed by Andi Kleen

HWPOISON: avoid grabbing the page count multiple times during madvise injection

If page is double referenced in madvise_hwpoison() and __memory_failure(),
remove_mapping() will fail because it expects page_count=2. Fix it by
not grabbing extra page count in __memory_failure().
Signed-off-by: default avatarWu Fengguang <fengguang.wu@intel.com>
Signed-off-by: default avatarAndi Kleen <ak@linux.intel.com>
parent a7560fc8
...@@ -238,7 +238,6 @@ static int madvise_hwpoison(unsigned long start, unsigned long end) ...@@ -238,7 +238,6 @@ static int madvise_hwpoison(unsigned long start, unsigned long end)
page_to_pfn(p), start); page_to_pfn(p), start);
/* Ignore return value for now */ /* Ignore return value for now */
__memory_failure(page_to_pfn(p), 0, 1); __memory_failure(page_to_pfn(p), 0, 1);
put_page(p);
} }
return ret; return ret;
} }
......
...@@ -627,7 +627,7 @@ static void action_result(unsigned long pfn, char *msg, int result) ...@@ -627,7 +627,7 @@ static void action_result(unsigned long pfn, char *msg, int result)
} }
static int page_action(struct page_state *ps, struct page *p, static int page_action(struct page_state *ps, struct page *p,
unsigned long pfn, int ref) unsigned long pfn)
{ {
int result; int result;
int count; int count;
...@@ -635,7 +635,7 @@ static int page_action(struct page_state *ps, struct page *p, ...@@ -635,7 +635,7 @@ static int page_action(struct page_state *ps, struct page *p,
result = ps->action(p, pfn); result = ps->action(p, pfn);
action_result(pfn, ps->msg, result); action_result(pfn, ps->msg, result);
count = page_count(p) - 1 - ref; count = page_count(p) - 1;
if (count != 0) if (count != 0)
printk(KERN_ERR printk(KERN_ERR
"MCE %#lx: %s page still referenced by %d users\n", "MCE %#lx: %s page still referenced by %d users\n",
...@@ -773,7 +773,7 @@ int __memory_failure(unsigned long pfn, int trapno, int ref) ...@@ -773,7 +773,7 @@ int __memory_failure(unsigned long pfn, int trapno, int ref)
* In fact it's dangerous to directly bump up page count from 0, * In fact it's dangerous to directly bump up page count from 0,
* that may make page_freeze_refs()/page_unfreeze_refs() mismatch. * that may make page_freeze_refs()/page_unfreeze_refs() mismatch.
*/ */
if (!get_page_unless_zero(compound_head(p))) { if (!ref && !get_page_unless_zero(compound_head(p))) {
action_result(pfn, "free or high order kernel", IGNORED); action_result(pfn, "free or high order kernel", IGNORED);
return PageBuddy(compound_head(p)) ? 0 : -EBUSY; return PageBuddy(compound_head(p)) ? 0 : -EBUSY;
} }
...@@ -821,7 +821,7 @@ int __memory_failure(unsigned long pfn, int trapno, int ref) ...@@ -821,7 +821,7 @@ int __memory_failure(unsigned long pfn, int trapno, int ref)
res = -EBUSY; res = -EBUSY;
for (ps = error_states;; ps++) { for (ps = error_states;; ps++) {
if (((p->flags | lru_flag)& ps->mask) == ps->res) { if (((p->flags | lru_flag)& ps->mask) == ps->res) {
res = page_action(ps, p, pfn, ref); res = page_action(ps, p, pfn);
break; break;
} }
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment