On 10/01/2012 11:03 AM, Yasuaki Ishimatsu wrote:
> Hi Chen,
>
> 2012/09/29 11:15, Ni zhan Chen wrote:
>> On 09/05/2012 05:25 PM, [email protected] wrote:
>>> From: Yasuaki Ishimatsu <[email protected]>
>>>
>>> The function get_page_bootmem() may be called more than one time to
>>> the same
>>> page. There is no need to set page's type, private if the function
>>> is not
>>> the first time called to the page.
>>>
>>> Note: the patch is just optimization and does not fix any problem.
>>
>> Hi Yasuaki,
>>
>> this patch is reasonable to me. I have another question associated to
>> get_page_bootmem(), the question is from another fujitsu guy's patch
>> changelog [commit : 04753278769f3], the changelog said that:
>>
>> 1) When the memmap of removing section is allocated on other
>> section by bootmem, it should/can be free.
>> 2) When the memmap of removing section is allocated on the
>> same section, it shouldn't be freed. Because the section has to be
>> logical memory offlined already and all pages must be isolated
>> against
>> page allocater. If it is freed, page allocator may use it which
>> will
>> be removed physically soon.
>>
>> but I don't see his patch guarantee 2), it means that his patch
>> doesn't guarantee the memmap of removing section which is allocated
>> on other section by bootmem doesn't be freed. Hopefully get your
>> explaination in details, thanks in advance. :-)
>
> In my understanding, the patch does not guarantee it.
> Please see [commit : 0c0a4a517a31e]. free_map_bootmem() in the commit
> guarantees it.
Thanks Yasuaki, I have already seen the commit you mentioned. But the
changelog of the commit I point out 2), why it said that "If it is
freed, page allocator may use it which will be removed physically soon",
does it mean that use-after-free ? AFAK, the isolated pages will be free
if no users use it, so why not free the associated memmap?
>
> Thanks,
> Yasuaki Ishimatsu
>
>>
>>>
>>> CC: David Rientjes <[email protected]>
>>> CC: Jiang Liu <[email protected]>
>>> CC: Len Brown <[email protected]>
>>> CC: Benjamin Herrenschmidt <[email protected]>
>>> CC: Paul Mackerras <[email protected]>
>>> CC: Christoph Lameter <[email protected]>
>>> Cc: Minchan Kim <[email protected]>
>>> CC: Andrew Morton <[email protected]>
>>> CC: KOSAKI Motohiro <[email protected]>
>>> CC: Wen Congyang <[email protected]>
>>> Signed-off-by: Yasuaki Ishimatsu <[email protected]>
>>> ---
>>> mm/memory_hotplug.c | 15 +++++++++++----
>>> 1 files changed, 11 insertions(+), 4 deletions(-)
>>>
>>> diff --git a/mm/memory_hotplug.c b/mm/memory_hotplug.c
>>> index d736df3..26a5012 100644
>>> --- a/mm/memory_hotplug.c
>>> +++ b/mm/memory_hotplug.c
>>> @@ -95,10 +95,17 @@ static void release_memory_resource(struct
>>> resource *res)
>>> static void get_page_bootmem(unsigned long info, struct page *page,
>>> unsigned long type)
>>> {
>>> - page->lru.next = (struct list_head *) type;
>>> - SetPagePrivate(page);
>>> - set_page_private(page, info);
>>> - atomic_inc(&page->_count);
>>> + unsigned long page_type;
>>> +
>>> + page_type = (unsigned long)page->lru.next;
>>> + if (page_type < MEMORY_HOTPLUG_MIN_BOOTMEM_TYPE ||
>>> + page_type > MEMORY_HOTPLUG_MAX_BOOTMEM_TYPE){
>>> + page->lru.next = (struct list_head *)type;
>>> + SetPagePrivate(page);
>>> + set_page_private(page, info);
>>> + atomic_inc(&page->_count);
>>> + } else
>>> + atomic_inc(&page->_count);
>>> }
>>> /* reference to __meminit __free_pages_bootmem is valid
>>
>
>
>