Commit 22b31eec63e5f2e219a3ee15f456897272bc73e8
Committed by
Linus Torvalds
Linus Torvalds
1 parent
3dc147414c
Exists in
master
and in
4 other branches
badpage: vm_normal_page use print_bad_pte
print_bad_pte() is so far being called only when zap_pte_range() finds negative page_mapcount, or there's a fault on a pte_file where it does not belong. That's weak coverage when we suspect pagetable corruption. Originally, it was called when vm_normal_page() found an invalid pfn: but pfn_valid is expensive on some architectures and configurations, so 2.6.24 put that under CONFIG_DEBUG_VM (which doesn't help in the field), then 2.6.26 replaced it by a VM_BUG_ON (likewise). Reinstate the print_bad_pte() in vm_normal_page(), but use a cheaper test than pfn_valid(): memmap_init_zone() (used in bootup and hotplug) keep a __read_mostly note of the highest_memmap_pfn, vm_normal_page() then check pfn against that. We could call this pfn_plausible() or pfn_sane(), but I doubt we'll need it elsewhere: of course it's not reliable, but gives much stronger pagetable validation on many boxes. Also use print_bad_pte() when the pte_special bit is found outside a VM_PFNMAP or VM_MIXEDMAP area, instead of VM_BUG_ON. Signed-off-by: Hugh Dickins <hugh@veritas.com> Cc: Nick Piggin <nickpiggin@yahoo.com.au> Cc: Christoph Lameter <cl@linux-foundation.org> Cc: Mel Gorman <mel@csn.ul.ie> Cc: Rik van Riel <riel@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Showing 3 changed files with 15 additions and 10 deletions Side-by-side Diff
mm/internal.h
mm/memory.c
| ... | ... | @@ -467,21 +467,18 @@ |
| 467 | 467 | struct page *vm_normal_page(struct vm_area_struct *vma, unsigned long addr, |
| 468 | 468 | pte_t pte) |
| 469 | 469 | { |
| 470 | - unsigned long pfn; | |
| 470 | + unsigned long pfn = pte_pfn(pte); | |
| 471 | 471 | |
| 472 | 472 | if (HAVE_PTE_SPECIAL) { |
| 473 | - if (likely(!pte_special(pte))) { | |
| 474 | - VM_BUG_ON(!pfn_valid(pte_pfn(pte))); | |
| 475 | - return pte_page(pte); | |
| 476 | - } | |
| 477 | - VM_BUG_ON(!(vma->vm_flags & (VM_PFNMAP | VM_MIXEDMAP))); | |
| 473 | + if (likely(!pte_special(pte))) | |
| 474 | + goto check_pfn; | |
| 475 | + if (!(vma->vm_flags & (VM_PFNMAP | VM_MIXEDMAP))) | |
| 476 | + print_bad_pte(vma, addr, pte, NULL); | |
| 478 | 477 | return NULL; |
| 479 | 478 | } |
| 480 | 479 | |
| 481 | 480 | /* !HAVE_PTE_SPECIAL case follows: */ |
| 482 | 481 | |
| 483 | - pfn = pte_pfn(pte); | |
| 484 | - | |
| 485 | 482 | if (unlikely(vma->vm_flags & (VM_PFNMAP|VM_MIXEDMAP))) { |
| 486 | 483 | if (vma->vm_flags & VM_MIXEDMAP) { |
| 487 | 484 | if (!pfn_valid(pfn)) |
| 488 | 485 | |
| ... | ... | @@ -497,11 +494,14 @@ |
| 497 | 494 | } |
| 498 | 495 | } |
| 499 | 496 | |
| 500 | - VM_BUG_ON(!pfn_valid(pfn)); | |
| 497 | +check_pfn: | |
| 498 | + if (unlikely(pfn > highest_memmap_pfn)) { | |
| 499 | + print_bad_pte(vma, addr, pte, NULL); | |
| 500 | + return NULL; | |
| 501 | + } | |
| 501 | 502 | |
| 502 | 503 | /* |
| 503 | 504 | * NOTE! We still have PageReserved() pages in the page tables. |
| 504 | - * | |
| 505 | 505 | * eg. VDSO mappings can cause them to exist. |
| 506 | 506 | */ |
| 507 | 507 | out: |
mm/page_alloc.c
| ... | ... | @@ -69,6 +69,7 @@ |
| 69 | 69 | |
| 70 | 70 | unsigned long totalram_pages __read_mostly; |
| 71 | 71 | unsigned long totalreserve_pages __read_mostly; |
| 72 | +unsigned long highest_memmap_pfn __read_mostly; | |
| 72 | 73 | int percpu_pagelist_fraction; |
| 73 | 74 | |
| 74 | 75 | #ifdef CONFIG_HUGETLB_PAGE_SIZE_VARIABLE |
| ... | ... | @@ -2596,6 +2597,9 @@ |
| 2596 | 2597 | unsigned long end_pfn = start_pfn + size; |
| 2597 | 2598 | unsigned long pfn; |
| 2598 | 2599 | struct zone *z; |
| 2600 | + | |
| 2601 | + if (highest_memmap_pfn < end_pfn - 1) | |
| 2602 | + highest_memmap_pfn = end_pfn - 1; | |
| 2599 | 2603 | |
| 2600 | 2604 | z = &NODE_DATA(nid)->node_zones[zone]; |
| 2601 | 2605 | for (pfn = start_pfn; pfn < end_pfn; pfn++) { |