aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorHugh Dickins <hugh@veritas.com>2009-01-06 17:40:09 -0500
committerLinus Torvalds <torvalds@linux-foundation.org>2009-01-06 18:59:07 -0500
commit22b31eec63e5f2e219a3ee15f456897272bc73e8 (patch)
tree906e4975a0e2cdef15ef071b4890e3b28e36cf39
parent3dc147414ccad81dc33edb80774b1fed12a38c08 (diff)
badpage: vm_normal_page use print_bad_pte
print_bad_pte() is so far being called only when zap_pte_range() finds negative page_mapcount, or there's a fault on a pte_file where it does not belong. That's weak coverage when we suspect pagetable corruption. Originally, it was called when vm_normal_page() found an invalid pfn: but pfn_valid is expensive on some architectures and configurations, so 2.6.24 put that under CONFIG_DEBUG_VM (which doesn't help in the field), then 2.6.26 replaced it by a VM_BUG_ON (likewise). Reinstate the print_bad_pte() in vm_normal_page(), but use a cheaper test than pfn_valid(): memmap_init_zone() (used in bootup and hotplug) keep a __read_mostly note of the highest_memmap_pfn, vm_normal_page() then check pfn against that. We could call this pfn_plausible() or pfn_sane(), but I doubt we'll need it elsewhere: of course it's not reliable, but gives much stronger pagetable validation on many boxes. Also use print_bad_pte() when the pte_special bit is found outside a VM_PFNMAP or VM_MIXEDMAP area, instead of VM_BUG_ON. Signed-off-by: Hugh Dickins <hugh@veritas.com> Cc: Nick Piggin <nickpiggin@yahoo.com.au> Cc: Christoph Lameter <cl@linux-foundation.org> Cc: Mel Gorman <mel@csn.ul.ie> Cc: Rik van Riel <riel@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-rw-r--r--mm/internal.h1
-rw-r--r--mm/memory.c20
-rw-r--r--mm/page_alloc.c4
3 files changed, 15 insertions, 10 deletions
diff --git a/mm/internal.h b/mm/internal.h
index 13333bc2eb68..1981bc9454f3 100644
--- a/mm/internal.h
+++ b/mm/internal.h
@@ -49,6 +49,7 @@ extern void putback_lru_page(struct page *page);
49/* 49/*
50 * in mm/page_alloc.c 50 * in mm/page_alloc.c
51 */ 51 */
52extern unsigned long highest_memmap_pfn;
52extern void __free_pages_bootmem(struct page *page, unsigned int order); 53extern void __free_pages_bootmem(struct page *page, unsigned int order);
53 54
54/* 55/*
diff --git a/mm/memory.c b/mm/memory.c
index cda04b19f733..890095f5f36d 100644
--- a/mm/memory.c
+++ b/mm/memory.c
@@ -467,21 +467,18 @@ static inline int is_cow_mapping(unsigned int flags)
467struct page *vm_normal_page(struct vm_area_struct *vma, unsigned long addr, 467struct page *vm_normal_page(struct vm_area_struct *vma, unsigned long addr,
468 pte_t pte) 468 pte_t pte)
469{ 469{
470 unsigned long pfn; 470 unsigned long pfn = pte_pfn(pte);
471 471
472 if (HAVE_PTE_SPECIAL) { 472 if (HAVE_PTE_SPECIAL) {
473 if (likely(!pte_special(pte))) { 473 if (likely(!pte_special(pte)))
474 VM_BUG_ON(!pfn_valid(pte_pfn(pte))); 474 goto check_pfn;
475 return pte_page(pte); 475 if (!(vma->vm_flags & (VM_PFNMAP | VM_MIXEDMAP)))
476 } 476 print_bad_pte(vma, addr, pte, NULL);
477 VM_BUG_ON(!(vma->vm_flags & (VM_PFNMAP | VM_MIXEDMAP)));
478 return NULL; 477 return NULL;
479 } 478 }
480 479
481 /* !HAVE_PTE_SPECIAL case follows: */ 480 /* !HAVE_PTE_SPECIAL case follows: */
482 481
483 pfn = pte_pfn(pte);
484
485 if (unlikely(vma->vm_flags & (VM_PFNMAP|VM_MIXEDMAP))) { 482 if (unlikely(vma->vm_flags & (VM_PFNMAP|VM_MIXEDMAP))) {
486 if (vma->vm_flags & VM_MIXEDMAP) { 483 if (vma->vm_flags & VM_MIXEDMAP) {
487 if (!pfn_valid(pfn)) 484 if (!pfn_valid(pfn))
@@ -497,11 +494,14 @@ struct page *vm_normal_page(struct vm_area_struct *vma, unsigned long addr,
497 } 494 }
498 } 495 }
499 496
500 VM_BUG_ON(!pfn_valid(pfn)); 497check_pfn:
498 if (unlikely(pfn > highest_memmap_pfn)) {
499 print_bad_pte(vma, addr, pte, NULL);
500 return NULL;
501 }
501 502
502 /* 503 /*
503 * NOTE! We still have PageReserved() pages in the page tables. 504 * NOTE! We still have PageReserved() pages in the page tables.
504 *
505 * eg. VDSO mappings can cause them to exist. 505 * eg. VDSO mappings can cause them to exist.
506 */ 506 */
507out: 507out:
diff --git a/mm/page_alloc.c b/mm/page_alloc.c
index 3acb216e9a78..755c99a0ac71 100644
--- a/mm/page_alloc.c
+++ b/mm/page_alloc.c
@@ -69,6 +69,7 @@ EXPORT_SYMBOL(node_states);
69 69
70unsigned long totalram_pages __read_mostly; 70unsigned long totalram_pages __read_mostly;
71unsigned long totalreserve_pages __read_mostly; 71unsigned long totalreserve_pages __read_mostly;
72unsigned long highest_memmap_pfn __read_mostly;
72int percpu_pagelist_fraction; 73int percpu_pagelist_fraction;
73 74
74#ifdef CONFIG_HUGETLB_PAGE_SIZE_VARIABLE 75#ifdef CONFIG_HUGETLB_PAGE_SIZE_VARIABLE
@@ -2597,6 +2598,9 @@ void __meminit memmap_init_zone(unsigned long size, int nid, unsigned long zone,
2597 unsigned long pfn; 2598 unsigned long pfn;
2598 struct zone *z; 2599 struct zone *z;
2599 2600
2601 if (highest_memmap_pfn < end_pfn - 1)
2602 highest_memmap_pfn = end_pfn - 1;
2603
2600 z = &NODE_DATA(nid)->node_zones[zone]; 2604 z = &NODE_DATA(nid)->node_zones[zone];
2601 for (pfn = start_pfn; pfn < end_pfn; pfn++) { 2605 for (pfn = start_pfn; pfn < end_pfn; pfn++) {
2602 /* 2606 /*