Re: bootmem: Double freeing a PFN on nodes spanning other nodes
From: KAMEZAWA Hiroyuki
Date: Sun May 18 2008 - 20:30:51 EST
On Sat, 17 May 2008 00:30:55 +0200
Johannes Weiner <hannes@xxxxxxxxxxxx> wrote:
> Hi,
>
> When memory nodes overlap each other, the bootmem allocator is not aware
> of this and might pass the same page twice to __free_pages_bootmem().
>
1. init_bootmem_node() is called against a node, [start, end). After this,
all pages are 'allocated'.
2. free_bootmem_node() is called against available memory in a node.
3. bootmem allocator is ready.
memory overlap seems not to be trouble while an arch's code calls
free_bootmem_node() correctly.
Thanks,
-Kame
> As I traced the code, this should result in bad_page() calls on every
> boot but noone has yet reported something like this and I am wondering
> why.
>
> __free_pages_bootmem() boils down to either free_hot_cold_page() or
> __free_one_page(). Either path should lead to setting the page private
> or buddy:
>
> free_hot_cold_page() sets ->private to the page block's migratetype (and
> sets PG_private).
>
> __free_one_page sets ->private to the page's order (and sets PG_private
> and PG_buddy).
>
> If a page is passed in twice, free_pages_check() should now warn (via
> bad_page()) on the flags set above.
>
> Am I missing something? Thanks in advance.
>
> Hannes
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/