diff options
| author | Hugh Dickins <hughd@google.com> | 2012-10-08 19:33:19 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2012-10-09 03:22:56 -0400 |
| commit | e6c509f85455041d3d7c4b863bf80bc294288cc1 (patch) | |
| tree | 50ccf8e339b219851ca7ad000379b1559415e354 /mm/memory.c | |
| parent | 39b5f29ac1f988c1615fbc9c69f6651ab0d0c3c7 (diff) | |
mm: use clear_page_mlock() in page_remove_rmap()
We had thought that pages could no longer get freed while still marked as
mlocked; but Johannes Weiner posted this program to demonstrate that
truncating an mlocked private file mapping containing COWed pages is still
mishandled:
#include <sys/types.h>
#include <sys/mman.h>
#include <sys/stat.h>
#include <stdlib.h>
#include <unistd.h>
#include <fcntl.h>
#include <stdio.h>
int main(void)
{
char *map;
int fd;
system("grep mlockfreed /proc/vmstat");
fd = open("chigurh", O_CREAT|O_EXCL|O_RDWR);
unlink("chigurh");
ftruncate(fd, 4096);
map = mmap(NULL, 4096, PROT_WRITE, MAP_PRIVATE, fd, 0);
map[0] = 11;
mlock(map, sizeof(fd));
ftruncate(fd, 0);
close(fd);
munlock(map, sizeof(fd));
munmap(map, 4096);
system("grep mlockfreed /proc/vmstat");
return 0;
}
The anon COWed pages are not caught by truncation's clear_page_mlock() of
the pagecache pages; but unmap_mapping_range() unmaps them, so we ought to
look out for them there in page_remove_rmap(). Indeed, why should
truncation or invalidation be doing the clear_page_mlock() when removing
from pagecache? mlock is a property of mapping in userspace, not a
property of pagecache: an mlocked unmapped page is nonsensical.
Reported-by: Johannes Weiner <hannes@cmpxchg.org>
Signed-off-by: Hugh Dickins <hughd@google.com>
Cc: Mel Gorman <mel@csn.ul.ie>
Cc: Rik van Riel <riel@redhat.com>
Cc: Michel Lespinasse <walken@google.com>
Cc: Ying Han <yinghan@google.com>
Acked-by: Johannes Weiner <hannes@cmpxchg.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'mm/memory.c')
| -rw-r--r-- | mm/memory.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/mm/memory.c b/mm/memory.c index d205e4381a34..5f5d1f039bf4 100644 --- a/mm/memory.c +++ b/mm/memory.c | |||
| @@ -1577,12 +1577,12 @@ split_fallthrough: | |||
| 1577 | if (page->mapping && trylock_page(page)) { | 1577 | if (page->mapping && trylock_page(page)) { |
| 1578 | lru_add_drain(); /* push cached pages to LRU */ | 1578 | lru_add_drain(); /* push cached pages to LRU */ |
| 1579 | /* | 1579 | /* |
| 1580 | * Because we lock page here and migration is | 1580 | * Because we lock page here, and migration is |
| 1581 | * blocked by the pte's page reference, we need | 1581 | * blocked by the pte's page reference, and we |
| 1582 | * only check for file-cache page truncation. | 1582 | * know the page is still mapped, we don't even |
| 1583 | * need to check for file-cache page truncation. | ||
| 1583 | */ | 1584 | */ |
| 1584 | if (page->mapping) | 1585 | mlock_vma_page(page); |
| 1585 | mlock_vma_page(page); | ||
| 1586 | unlock_page(page); | 1586 | unlock_page(page); |
| 1587 | } | 1587 | } |
| 1588 | } | 1588 | } |