mm: fix slab->page _count corruption when using slub
On arches that do not support this_cpu_cmpxchg_double() slab_lock is used to do atomic cmpxchg() on double word which contains page->_count. The page count can be changed from get_page() or put_page() without taking slab_lock. That corrupts page counter. Fix it by moving page->_count out of cmpxchg_double data. So that slub does no change it while updating slub meta-data in struct page. [akpm@linux-foundation.org: use standard comment layout, tweak comment text] Reported-by: Amey Bhide <abhide@nicira.com> Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Acked-by: Christoph Lameter <cl@linux.com> Cc: Pekka Enberg <penberg@cs.helsinki.fi> Cc: Andrea Arcangeli <aarcange@redhat.com> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
parent
485802a6c5
commit
abca7c4965
1 changed files with 10 additions and 0 deletions
|
@ -57,8 +57,18 @@ struct page {
|
||||||
};
|
};
|
||||||
|
|
||||||
union {
|
union {
|
||||||
|
#if defined(CONFIG_HAVE_CMPXCHG_DOUBLE) && \
|
||||||
|
defined(CONFIG_HAVE_ALIGNED_STRUCT_PAGE)
|
||||||
/* Used for cmpxchg_double in slub */
|
/* Used for cmpxchg_double in slub */
|
||||||
unsigned long counters;
|
unsigned long counters;
|
||||||
|
#else
|
||||||
|
/*
|
||||||
|
* Keep _count separate from slub cmpxchg_double data.
|
||||||
|
* As the rest of the double word is protected by
|
||||||
|
* slab_lock but _count is not.
|
||||||
|
*/
|
||||||
|
unsigned counters;
|
||||||
|
#endif
|
||||||
|
|
||||||
struct {
|
struct {
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue