bootmem: Double freeing a PFN on nodes spanning other nodes - Kernel

This is a discussion on bootmem: Double freeing a PFN on nodes spanning other nodes - Kernel ; Hi, When memory nodes overlap each other, the bootmem allocator is not aware of this and might pass the same page twice to __free_pages_bootmem(). As I traced the code, this should result in bad_page() calls on every boot but noone ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: bootmem: Double freeing a PFN on nodes spanning other nodes

  1. bootmem: Double freeing a PFN on nodes spanning other nodes

    Hi,

    When memory nodes overlap each other, the bootmem allocator is not aware
    of this and might pass the same page twice to __free_pages_bootmem().

    As I traced the code, this should result in bad_page() calls on every
    boot but noone has yet reported something like this and I am wondering
    why.

    __free_pages_bootmem() boils down to either free_hot_cold_page() or
    __free_one_page(). Either path should lead to setting the page private
    or buddy:

    free_hot_cold_page() sets ->private to the page block's migratetype (and
    sets PG_private).

    __free_one_page sets ->private to the page's order (and sets PG_private
    and PG_buddy).

    If a page is passed in twice, free_pages_check() should now warn (via
    bad_page()) on the flags set above.

    Am I missing something? Thanks in advance.

    Hannes
    --
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomo@vger.kernel.org
    More majordomo info at http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at http://www.tux.org/lkml/

  2. Re: bootmem: Double freeing a PFN on nodes spanning other nodes

    On Sat, 17 May 2008 00:30:55 +0200
    Johannes Weiner wrote:

    > Hi,
    >
    > When memory nodes overlap each other, the bootmem allocator is not aware
    > of this and might pass the same page twice to __free_pages_bootmem().
    >


    1. init_bootmem_node() is called against a node, [start, end). After this,
    all pages are 'allocated'.
    2. free_bootmem_node() is called against available memory in a node.
    3. bootmem allocator is ready.

    memory overlap seems not to be trouble while an arch's code calls
    free_bootmem_node() correctly.

    Thanks,
    -Kame





    > As I traced the code, this should result in bad_page() calls on every
    > boot but noone has yet reported something like this and I am wondering
    > why.
    >
    > __free_pages_bootmem() boils down to either free_hot_cold_page() or
    > __free_one_page(). Either path should lead to setting the page private
    > or buddy:
    >
    > free_hot_cold_page() sets ->private to the page block's migratetype (and
    > sets PG_private).
    >
    > __free_one_page sets ->private to the page's order (and sets PG_private
    > and PG_buddy).
    >
    > If a page is passed in twice, free_pages_check() should now warn (via
    > bad_page()) on the flags set above.
    >
    > Am I missing something? Thanks in advance.
    >
    > Hannes
    > --
    > To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    > the body of a message to majordomo@vger.kernel.org
    > More majordomo info at http://vger.kernel.org/majordomo-info.html
    > Please read the FAQ at http://www.tux.org/lkml/

    --
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomo@vger.kernel.org
    More majordomo info at http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at http://www.tux.org/lkml/

  3. Re: bootmem: Double freeing a PFN on nodes spanning other nodes

    KAMEZAWA Hiroyuki writes:

    > On Sat, 17 May 2008 00:30:55 +0200
    > Johannes Weiner wrote:
    >
    >> Hi,
    >>
    >> When memory nodes overlap each other, the bootmem allocator is not aware
    >> of this and might pass the same page twice to __free_pages_bootmem().
    >>

    >
    > 1. init_bootmem_node() is called against a node, [start, end). After this,
    > all pages are 'allocated'.
    > 2. free_bootmem_node() is called against available memory in a node.
    > 3. bootmem allocator is ready.
    >
    > memory overlap seems not to be trouble while an arch's code calls
    > free_bootmem_node() correctly.


    Ah, I totally overlooked that one. Thank you very much!

    Hannes
    --
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomo@vger.kernel.org
    More majordomo info at http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at http://www.tux.org/lkml/

+ Reply to Thread