linux/mm
Lee Schermerhorn 69682d852f mempolicy: fix reference counting bugs
Address 3 known bugs in the current memory policy reference counting method.
I have a series of patches to rework the reference counting to reduce overhead
in the allocation path.  However, that series will require testing in -mm once
I repost it.

1) alloc_page_vma() does not release the extra reference taken for
   vma/shared mempolicy when the mode == MPOL_INTERLEAVE.  This can result in
   leaking mempolicy structures.  This is probably occurring, but not being
   noticed.

   Fix:  add the conditional release of the reference.

2) hugezonelist unconditionally releases a reference on the mempolicy when
   mode == MPOL_INTERLEAVE.  This can result in decrementing the reference
   count for system default policy [should have no ill effect] or premature
   freeing of task policy.  If this occurred, the next allocation using task
   mempolicy would use the freed structure and probably BUG out.

   Fix:  add the necessary check to the release.

3) The current reference counting method assumes that vma 'get_policy()'
   methods automatically add an extra reference a non-NULL returned mempolicy.
    This is true for shmem_get_policy() used by tmpfs mappings, including
   regular page shm segments.  However, SHM_HUGETLB shm's, backed by
   hugetlbfs, just use the vma policy without the extra reference.  This
   results in freeing of the vma policy on the first allocation, with reuse of
   the freed mempolicy structure on subsequent allocations.

   Fix: Rather than add another condition to the conditional reference
   release, which occur in the allocation path, just add a reference when
   returning the vma policy in shm_get_policy() to match the assumptions.

Signed-off-by: Lee Schermerhorn <lee.schermerhorn@hp.com>
Cc: Greg KH <greg@kroah.com>
Cc: Andi Kleen <ak@suse.de>
Cc: Christoph Lameter <clameter@sgi.com>
Cc: Mel Gorman <mel@csn.ul.ie>
Cc: David Rientjes <rientjes@google.com>
Cc: <eric.whitney@hp.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-03-10 18:01:19 -07:00
..
allocpercpu.c alloc_percpu() fails to allocate percpu data 2008-03-04 16:35:11 -08:00
backing-dev.c
bootmem.c Introduce flags for reserve_bootmem() 2008-02-07 08:42:25 -08:00
bounce.c
dmapool.c
fadvise.c check ADVICE of fadvise64_64 even if get_xip_page is given 2008-02-05 09:44:19 -08:00
filemap_xip.c Use pgoff_t instead of unsigned long 2008-02-08 09:22:32 -08:00
filemap.c Do not include linux/backing-dev.h twice 2008-03-09 22:21:52 -07:00
fremap.c
highmem.c
hugetlb.c hugetlb: fix pool shrinking while in restricted cpuset 2008-03-04 16:35:18 -08:00
internal.h Solve section mismatch for free_area_init_core. 2008-02-23 17:13:24 -08:00
Kconfig
madvise.c
Makefile Memory controller: rename to Memory Resource Controller 2008-03-04 16:35:12 -08:00
memcontrol.c memcg: fix oops on NULL lru list 2008-03-04 16:35:15 -08:00
memory_hotplug.c
memory.c memcg: when do_swap's do_wp_page fails 2008-03-04 16:35:14 -08:00
mempolicy.c mempolicy: fix reference counting bugs 2008-03-10 18:01:19 -07:00
mempool.c
migrate.c memcg: fix VM_BUG_ON from page migration 2008-03-04 16:35:14 -08:00
mincore.c
mlock.c
mmap.c mm: special mapping nopage 2008-02-08 18:57:39 -08:00
mmzone.c
mprotect.c
mremap.c
msync.c
nommu.c nommu: add new vmalloc_user() and remap_vmalloc_range() interfaces. 2008-02-05 09:44:21 -08:00
oom_kill.c Memory controller: rename to Memory Resource Controller 2008-03-04 16:35:12 -08:00
page_alloc.c memcg: bad page if page_cgroup when free 2008-03-04 16:35:15 -08:00
page_io.c mm: fix PageUptodate data race 2008-02-05 09:44:19 -08:00
page_isolation.c
page-writeback.c writeback: speed up writeback of big dirty files 2008-02-05 09:44:19 -08:00
pagewalk.c
pdflush.c
prio_tree.c
quicklist.c
readahead.c
rmap.c memcg: mm_match_cgroup not vm_match_cgroup 2008-03-04 16:35:14 -08:00
shmem_acl.c
shmem.c memcg: mem_cgroup_charge never NULL 2008-03-04 16:35:15 -08:00
slab.c slab: NUMA slab allocator migration bugfix 2008-03-06 16:21:50 -08:00
slob.c slob: reduce external fragmentation by using three free lists 2008-02-05 09:44:19 -08:00
slub.c slub: Do not cross cacheline boundaries for very small objects 2008-03-06 16:21:50 -08:00
sparse-vmemmap.c
sparse.c mm: fix section mismatch warning in sparse.c 2008-02-05 09:44:19 -08:00
swap_state.c memcgroup: revert swap_state mods 2008-02-07 08:42:20 -08:00
swap.c memcg: move_lists on page not page_cgroup 2008-03-04 16:35:14 -08:00
swapfile.c d_path: Make seq_path() use a struct path argument 2008-02-14 21:17:08 -08:00
thrash.c
tiny-shmem.c
truncate.c docbook: fix kernel-api source files 2008-03-03 10:47:14 -08:00
util.c
vmalloc.c CONFIG_HIGHPTE vs. sub-page page tables. 2008-02-08 09:22:42 -08:00
vmscan.c memcg: move_lists on page not page_cgroup 2008-03-04 16:35:14 -08:00
vmstat.c