Home » Mailing list archives » linux-kernel » 2007 » September » 27

[PATCH mm 1/3] fix BUG at include/linux/mm.h:220!

!MAILaRCHIVE_VOTE_RePLACE
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
[view in full thread]
From: Hugh Dickins <hugh@...>
To: Andrew Morton <akpm@...>
Cc: Hisashi Hifumi <hifumi.hisashi@...>, <linux-kernel@...>
Subject: [PATCH mm 1/3] fix BUG at include/linux/mm.h:220!
Date: Thursday, September 27, 2007 - 3:48 pm

a.k.a. mm-use-pagevec-to-rotate-reclaimable-page-fix-3.patch

put_page_testzero's VM_BUG_ON(atomic_read(&page->_count) == 0) fired
a couple of times while heavily swapping (on -rc7-mm1 and -rc8-mm1).

release_pages() has been using spin_lock_irq/spin_unlock_irq: but now
that it's being called by pagevec_move_tail() with interrupts disabled,
it must use spin_lock_irqsave/spin_unlock_irqrestore instead.

Aside from it being generally wrong to enable IRQs behind the caller's
back, here a pagevec might overflow, or (as I think must have happened
to cause those BUGs) release_pages() may be preempted to another cpu
while still acting on the pagevec of the cpu it started out with,
and that owning cpu also come in to drain it.  Hmm, no, one of the
BUGs was with preemption disabled: so I don't fully understand it.

Tested for 39 hours with rc8-mm1 on three 4cpu machines: no more BUGs.

Signed-off-by: Hugh Dickins <hugh@veritas.com>
---
 mm/swap.c |   12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

--- 2.6.23-rc8-mm2/mm/swap.c	2007-09-27 11:28:39.000000000 +0100
+++ linux/mm/swap.c	2007-09-27 17:51:11.000000000 +0100
@@ -299,6 +299,7 @@ void release_pages(struct page **pages, 
 	int i;
 	struct pagevec pages_to_free;
 	struct zone *zone = NULL;
+	unsigned long uninitialized_var(flags);
 
 	pagevec_init(&pages_to_free, cold);
 	for (i = 0; i < nr; i++) {
@@ -306,7 +307,7 @@ void release_pages(struct page **pages, 
 
 		if (unlikely(PageCompound(page))) {
 			if (zone) {
-				spin_unlock_irq(&zone->lru_lock);
+				spin_unlock_irqrestore(&zone->lru_lock, flags);
 				zone = NULL;
 			}
 			put_compound_page(page);
@@ -320,9 +321,10 @@ void release_pages(struct page **pages, 
 			struct zone *pagezone = page_zone(page);
 			if (pagezone != zone) {
 				if (zone)
-					spin_unlock_irq(&zone->lru_lock);
+					spin_unlock_irqrestore(&zone->lru_lock,
+									flags);
 				zone = pagezone;
-				spin_lock_irq(&zone->lru_lock);
+				spin_lock_irqsave(&zone->lru_lock, flags);
 			}
 			VM_BUG_ON(!PageLRU(page));
 			__ClearPageLRU(page);
@@ -331,7 +333,7 @@ void release_pages(struct page **pages, 
 
 		if (!pagevec_add(&pages_to_free, page)) {
 			if (zone) {
-				spin_unlock_irq(&zone->lru_lock);
+				spin_unlock_irqrestore(&zone->lru_lock, flags);
 				zone = NULL;
 			}
 			__pagevec_free(&pages_to_free);
@@ -339,7 +341,7 @@ void release_pages(struct page **pages, 
   		}
 	}
 	if (zone)
-		spin_unlock_irq(&zone->lru_lock);
+		spin_unlock_irqrestore(&zone->lru_lock, flags);
 
 	pagevec_free(&pages_to_free);
 }
-
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
Messages in current thread:
[PATCH mm 1/3] fix BUG at include/linux/mm.h:220!, Hugh Dickins, (Thu Sep 27, 3:48 pm)
[PATCH mm 3/3] move_tail_pages into lru_add_drain, Hugh Dickins, (Thu Sep 27, 3:51 pm)
[PATCH mm 2/3] kill redundancy in rotate_reclaimable_page, Hugh Dickins, (Thu Sep 27, 3:49 pm)