mm: fix slab->page _count corruption when using slub
On arches that do not support this_cpu_cmpxchg_double() slab_lock is used to do atomic cmpxchg() on double word which contains page->_count. The page count can be changed from get_page() or put_page() without taking slab_lock. That corrupts page counter. Fix it by moving page->_count out of cmpxchg_double data. So that slub does no change it while updating slub meta-data in struct page. [akpm@linux-foundation.org: use standard comment layout, tweak comment text] Reported-by: Amey Bhide <abhide@nicira.com> Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Acked-by: Christoph Lameter <cl@linux.com> Cc: Pekka Enberg <penberg@cs.helsinki.fi> Cc: Andrea Arcangeli <aarcange@redhat.com> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
parent
485802a6c5
commit
abca7c4965
|
@ -57,8 +57,18 @@ struct page {
|
|||
};
|
||||
|
||||
union {
|
||||
#if defined(CONFIG_HAVE_CMPXCHG_DOUBLE) && \
|
||||
defined(CONFIG_HAVE_ALIGNED_STRUCT_PAGE)
|
||||
/* Used for cmpxchg_double in slub */
|
||||
unsigned long counters;
|
||||
#else
|
||||
/*
|
||||
* Keep _count separate from slub cmpxchg_double data.
|
||||
* As the rest of the double word is protected by
|
||||
* slab_lock but _count is not.
|
||||
*/
|
||||
unsigned counters;
|
||||
#endif
|
||||
|
||||
struct {
|
||||
|
||||
|
|
Loading…
Reference in New Issue