HWPOISON: avoid grabbing the page count multiple times during madvise injection
Wu Fengguang [Wed, 16 Dec 2009 11:19:57 +0000 (12:19 +0100)]
If page is double referenced in madvise_hwpoison() and __memory_failure(),
remove_mapping() will fail because it expects page_count=2. Fix it by
not grabbing extra page count in __memory_failure().

Signed-off-by: Wu Fengguang <fengguang.wu@intel.com>
Signed-off-by: Andi Kleen <ak@linux.intel.com>

mm/madvise.c
mm/memory-failure.c

index 35b1479..18970ae 100644 (file)
@@ -238,7 +238,6 @@ static int madvise_hwpoison(unsigned long start, unsigned long end)
                       page_to_pfn(p), start);
                /* Ignore return value for now */
                __memory_failure(page_to_pfn(p), 0, 1);
-               put_page(p);
        }
        return ret;
 }
index 275f4e2..4253e14 100644 (file)
@@ -627,7 +627,7 @@ static void action_result(unsigned long pfn, char *msg, int result)
 }
 
 static int page_action(struct page_state *ps, struct page *p,
-                       unsigned long pfn, int ref)
+                       unsigned long pfn)
 {
        int result;
        int count;
@@ -635,7 +635,7 @@ static int page_action(struct page_state *ps, struct page *p,
        result = ps->action(p, pfn);
        action_result(pfn, ps->msg, result);
 
-       count = page_count(p) - 1 - ref;
+       count = page_count(p) - 1;
        if (count != 0)
                printk(KERN_ERR
                       "MCE %#lx: %s page still referenced by %d users\n",
@@ -773,7 +773,7 @@ int __memory_failure(unsigned long pfn, int trapno, int ref)
         * In fact it's dangerous to directly bump up page count from 0,
         * that may make page_freeze_refs()/page_unfreeze_refs() mismatch.
         */
-       if (!get_page_unless_zero(compound_head(p))) {
+       if (!ref && !get_page_unless_zero(compound_head(p))) {
                action_result(pfn, "free or high order kernel", IGNORED);
                return PageBuddy(compound_head(p)) ? 0 : -EBUSY;
        }
@@ -821,7 +821,7 @@ int __memory_failure(unsigned long pfn, int trapno, int ref)
        res = -EBUSY;
        for (ps = error_states;; ps++) {
                if (((p->flags | lru_flag)& ps->mask) == ps->res) {
-                       res = page_action(ps, p, pfn, ref);
+                       res = page_action(ps, p, pfn);
                        break;
                }
        }