tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

[PATCH] compound page: default destructor

Somehow I imagined that calling a NULL destructor would free a compound page
rather than oopsing. No, we must supply a default destructor, __free_pages_ok
using the order noted by prep_compound_page. hugetlb can still replace this
as before with its own free_huge_page pointer.

The case that needs this is not common: rarely does put_compound_page's
put_page_testzero bring the count down to 0. But if get_user_pages is applied
to some part of a compound page, without immediate release (e.g. AIO or
Infiniband), then it's possible for its put_page to come after the containing
vma has been unmapped and the driver done its free_pages.

That's just the kind of case compound pages are supposed to be guarding
against (but Nick points out, nor did PageReserved handle this right).

Signed-off-by: Hugh Dickins <hugh@veritas.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

authored by

Hugh Dickins and committed by
Linus Torvalds d98c7a09 41d78ba5

+8 -1
+8 -1
mm/page_alloc.c
··· 56 56 int percpu_pagelist_fraction; 57 57 58 58 static void fastcall free_hot_cold_page(struct page *page, int cold); 59 + static void __free_pages_ok(struct page *page, unsigned int order); 59 60 60 61 /* 61 62 * results with 256, 32 in the lowmem_reserve sysctl: ··· 174 173 * put_page() function. Its ->lru.prev holds the order of allocation. 175 174 * This usage means that zero-order pages may not be compound. 176 175 */ 176 + 177 + static void free_compound_page(struct page *page) 178 + { 179 + __free_pages_ok(page, (unsigned long)page[1].lru.prev); 180 + } 181 + 177 182 static void prep_compound_page(struct page *page, unsigned long order) 178 183 { 179 184 int i; 180 185 int nr_pages = 1 << order; 181 186 182 - page[1].lru.next = NULL; /* set dtor */ 187 + page[1].lru.next = (void *)free_compound_page; /* set dtor */ 183 188 page[1].lru.prev = (void *)order; 184 189 for (i = 0; i < nr_pages; i++) { 185 190 struct page *p = page + i;