Commit 2668db91 authored Mar 10, 2008 by Adam Litke Committed by Linus Torvalds Mar 10, 2008

hugetlb: correct page count for surplus huge pages



Free pages in the hugetlb pool are free and as such have a reference count of
zero.  Regular allocations into the pool from the buddy are "freed" into the
pool which results in their page_count dropping to zero.  However, surplus
pages can be directly utilized by the caller without first being freed to the
pool.  Therefore, a call to put_page_testzero() is in order so that such a
page will be handed to the caller with a correct count.

This has not affected end users because the bad page count is reset before the
page is handed off.  However, under CONFIG_DEBUG_VM this triggers a BUG when
the page count is validated.

Thanks go to Mel for first spotting this issue and providing an initial fix.

Signed-off-by: Adam Litke <agl@us.ibm.com>
Cc: Mel Gorman <mel@csn.ul.ie>
Cc: Dave Hansen <haveblue@us.ibm.com>
Cc: William Lee Irwin III <wli@holomorphy.com>
Cc: Andy Whitcroft <apw@shadowen.org>
Cc: Mel Gorman <mel@csn.ul.ie>
Cc: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

parent 84207805

mm/hugetlb.c

+10 −3

Original line number	Diff line number	Diff line
		@@ -286,6 +286,12 @@ static struct page alloc_buddy_huge_page(struct vm_area_struct vma,

		spin_lock(&hugetlb_lock);
		if (page) {
		/*
		* This page is now managed by the hugetlb allocator and has
		* no users -- drop the buddy allocator's reference.
		*/
		put_page_testzero(page);
		VM_BUG_ON(page_count(page));
		nid = page_to_nid(page);
		set_compound_page_dtor(page, free_huge_page);
		/*
		@@ -369,13 +375,14 @@ static int gather_surplus_pages(int delta)
		enqueue_huge_page(page);
		else {
		/*
		* Decrement the refcount and free the page using its
		* destructor. This must be done with hugetlb_lock
		* The page has a reference count of zero already, so
		* call free_huge_page directly instead of using
		* put_page. This must be done with hugetlb_lock
		* unlocked which is safe because free_huge_page takes
		* hugetlb_lock before deciding how to free the page.
		*/
		spin_unlock(&hugetlb_lock);
		put_page(page);
		free_huge_page(page);
		spin_lock(&hugetlb_lock);
		}
		}