diff options
| author | Hugh Dickins <hughd@google.com> | 2012-10-08 19:33:19 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2012-10-09 03:22:56 -0400 |
| commit | e6c509f85455041d3d7c4b863bf80bc294288cc1 (patch) | |
| tree | 50ccf8e339b219851ca7ad000379b1559415e354 /mm/mlock.c | |
| parent | 39b5f29ac1f988c1615fbc9c69f6651ab0d0c3c7 (diff) | |
mm: use clear_page_mlock() in page_remove_rmap()
We had thought that pages could no longer get freed while still marked as
mlocked; but Johannes Weiner posted this program to demonstrate that
truncating an mlocked private file mapping containing COWed pages is still
mishandled:
#include <sys/types.h>
#include <sys/mman.h>
#include <sys/stat.h>
#include <stdlib.h>
#include <unistd.h>
#include <fcntl.h>
#include <stdio.h>
int main(void)
{
char *map;
int fd;
system("grep mlockfreed /proc/vmstat");
fd = open("chigurh", O_CREAT|O_EXCL|O_RDWR);
unlink("chigurh");
ftruncate(fd, 4096);
map = mmap(NULL, 4096, PROT_WRITE, MAP_PRIVATE, fd, 0);
map[0] = 11;
mlock(map, sizeof(fd));
ftruncate(fd, 0);
close(fd);
munlock(map, sizeof(fd));
munmap(map, 4096);
system("grep mlockfreed /proc/vmstat");
return 0;
}
The anon COWed pages are not caught by truncation's clear_page_mlock() of
the pagecache pages; but unmap_mapping_range() unmaps them, so we ought to
look out for them there in page_remove_rmap(). Indeed, why should
truncation or invalidation be doing the clear_page_mlock() when removing
from pagecache? mlock is a property of mapping in userspace, not a
property of pagecache: an mlocked unmapped page is nonsensical.
Reported-by: Johannes Weiner <hannes@cmpxchg.org>
Signed-off-by: Hugh Dickins <hughd@google.com>
Cc: Mel Gorman <mel@csn.ul.ie>
Cc: Rik van Riel <riel@redhat.com>
Cc: Michel Lespinasse <walken@google.com>
Cc: Ying Han <yinghan@google.com>
Acked-by: Johannes Weiner <hannes@cmpxchg.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'mm/mlock.c')
| -rw-r--r-- | mm/mlock.c | 16 |
1 files changed, 3 insertions, 13 deletions
diff --git a/mm/mlock.c b/mm/mlock.c index a948be4b7ba7..de7321592897 100644 --- a/mm/mlock.c +++ b/mm/mlock.c | |||
| @@ -51,13 +51,10 @@ EXPORT_SYMBOL(can_do_mlock); | |||
| 51 | /* | 51 | /* |
| 52 | * LRU accounting for clear_page_mlock() | 52 | * LRU accounting for clear_page_mlock() |
| 53 | */ | 53 | */ |
| 54 | void __clear_page_mlock(struct page *page) | 54 | void clear_page_mlock(struct page *page) |
| 55 | { | 55 | { |
| 56 | VM_BUG_ON(!PageLocked(page)); | 56 | if (!TestClearPageMlocked(page)) |
| 57 | |||
| 58 | if (!page->mapping) { /* truncated ? */ | ||
| 59 | return; | 57 | return; |
| 60 | } | ||
| 61 | 58 | ||
| 62 | dec_zone_page_state(page, NR_MLOCK); | 59 | dec_zone_page_state(page, NR_MLOCK); |
| 63 | count_vm_event(UNEVICTABLE_PGCLEARED); | 60 | count_vm_event(UNEVICTABLE_PGCLEARED); |
| @@ -290,14 +287,7 @@ void munlock_vma_pages_range(struct vm_area_struct *vma, | |||
| 290 | page = follow_page(vma, addr, FOLL_GET | FOLL_DUMP); | 287 | page = follow_page(vma, addr, FOLL_GET | FOLL_DUMP); |
| 291 | if (page && !IS_ERR(page)) { | 288 | if (page && !IS_ERR(page)) { |
| 292 | lock_page(page); | 289 | lock_page(page); |
| 293 | /* | 290 | munlock_vma_page(page); |
| 294 | * Like in __mlock_vma_pages_range(), | ||
| 295 | * because we lock page here and migration is | ||
| 296 | * blocked by the elevated reference, we need | ||
| 297 | * only check for file-cache page truncation. | ||
| 298 | */ | ||
| 299 | if (page->mapping) | ||
| 300 | munlock_vma_page(page); | ||
| 301 | unlock_page(page); | 291 | unlock_page(page); |
| 302 | put_page(page); | 292 | put_page(page); |
| 303 | } | 293 | } |