2004-06-24 23:36:01

by Chen, Kenneth W

[permalink] [raw]
Subject: Direct I/O stomp over page->mapping for hugetlb page

Hit a kernel oops on 2.6.7 kernel when doing direct I/O to hugetlb page:

Unable to handle kernel paging request at virtual address 000010180401201d
a.out[1300]: Oops 8813272891392 [1]

Call Trace:
[<a000000100025010>] die+0x1d0/0x280
[<a000000100043880>] ia64_do_page_fault+0x380/0x980
[<a00000010009f500>] set_page_dirty+0xc0/0x1a0
[<a00000010009f650>] set_page_dirty_lock+0x70/0xa0
[<a00000010012eec0>] dio_bio_complete+0x100/0x1a0
[<a00000010012f000>] dio_await_completion+0xa0/0xe0
[<a000000100130b30>] direct_io_worker+0x810/0x980
[<a000000100131160>] __blockdev_direct_IO+0x4c0/0x500
[<a0000001000efbb0>] blkdev_direct_IO+0x90/0xc0
[<a000000100096eb0>] generic_file_direct_IO+0xd0/0x120
[<a000000100093920>] __generic_file_aio_read+0x200/0x3c0
[<a000000100093c60>] generic_file_read+0xc0/0x100
[<a0000001000dcf70>] vfs_read+0x210/0x2c0
[<a0000001000dd620>] sys_pread64+0x80/0xe0
[<a00000010000e0c0>] ia64_ret_from_syscall+0x0/0x20

The destructor of compound page was moved into page->mapping since
2.6.6. It got interfered with set_page_dirty() for hugetlb page:
an O_DIRECT read into first tail page of the compound page will
fool set_page_dirty() to deference page->mapping->a_ops and then
kernel oops. Patch to fix the oops. We do just like what
bio_set_pages_dirty() does.

--- linux/fs/direct-io.c.orig 2004-06-24 11:56:53.000000000 -0700
+++ linux/fs/direct-io.c 2004-06-24 15:24:02.000000000 -0700
@@ -395,7 +395,7 @@ static int dio_bio_complete(struct dio *
for (page_no = 0; page_no < bio->bi_vcnt; page_no++) {
struct page *page = bvec[page_no].bv_page;

- if (dio->rw == READ)
+ if (dio->rw == READ && !PageCompound(page))
set_page_dirty_lock(page);
page_cache_release(page);
}