| Message ID | 20250321120222.1456770-3-gshan@redhat.com (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | Fix parameter passed to page_mapcount_is_type() | expand |
On 3/21/25 13:02, Gavin Shan wrote: > As the comments of page_mapcount_is_type() indicate, the parameter > passed to the function should be one more than page->_mapcount. > However, page->_mapcount is passed to the function by commit 4ffca5a96678 > ("mm: support only one page_type per page") where page_type_has_type() > is replaced by page_mapcount_is_type(), but the parameter isn't adjusted. > > Fix the parameter for page_mapcount_is_type() to be (page->__mapcount > + 1). Note that the issue doesn't cause any visible impacts due to the > safety gap introduced by PGTY_mapcount_underflow limit. > > Fixes: 4ffca5a96678 ("mm: support only one page_type per page") > Signed-off-by: Gavin Shan <gshan@redhat.com> > Acked-by: David Hildenbrand <david@redhat.com> Acked-by: Vlastimil Babka <vbabka@suse.cz> > --- > mm/debug.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/mm/debug.c b/mm/debug.c > index 8d2acf432385..b6bd9555ec7b 100644 > --- a/mm/debug.c > +++ b/mm/debug.c > @@ -71,10 +71,10 @@ static void __dump_folio(struct folio *folio, struct page *page, > unsigned long pfn, unsigned long idx) > { > struct address_space *mapping = folio_mapping(folio); > - int mapcount = atomic_read(&page->_mapcount); > + int mapcount = atomic_read(&page->_mapcount) + 1; > char *type = ""; > > - mapcount = page_mapcount_is_type(mapcount) ? 0 : mapcount + 1; > + mapcount = page_mapcount_is_type(mapcount) ? 0 : mapcount; At this point it would be perhaps more obvious: if (page_mapcount_is_type(mapcount)) mapcount = 0; But doesn't matter much. > pr_warn("page: refcount:%d mapcount:%d mapping:%p index:%#lx pfn:%#lx\n", > folio_ref_count(folio), mapcount, mapping, > folio->index + idx, pfn);
On 21.03.25 16:19, Vlastimil Babka wrote: > On 3/21/25 13:02, Gavin Shan wrote: >> As the comments of page_mapcount_is_type() indicate, the parameter >> passed to the function should be one more than page->_mapcount. >> However, page->_mapcount is passed to the function by commit 4ffca5a96678 >> ("mm: support only one page_type per page") where page_type_has_type() >> is replaced by page_mapcount_is_type(), but the parameter isn't adjusted. >> >> Fix the parameter for page_mapcount_is_type() to be (page->__mapcount >> + 1). Note that the issue doesn't cause any visible impacts due to the >> safety gap introduced by PGTY_mapcount_underflow limit. >> >> Fixes: 4ffca5a96678 ("mm: support only one page_type per page") >> Signed-off-by: Gavin Shan <gshan@redhat.com> >> Acked-by: David Hildenbrand <david@redhat.com> > > Acked-by: Vlastimil Babka <vbabka@suse.cz> > >> --- >> mm/debug.c | 4 ++-- >> 1 file changed, 2 insertions(+), 2 deletions(-) >> >> diff --git a/mm/debug.c b/mm/debug.c >> index 8d2acf432385..b6bd9555ec7b 100644 >> --- a/mm/debug.c >> +++ b/mm/debug.c >> @@ -71,10 +71,10 @@ static void __dump_folio(struct folio *folio, struct page *page, >> unsigned long pfn, unsigned long idx) >> { >> struct address_space *mapping = folio_mapping(folio); >> - int mapcount = atomic_read(&page->_mapcount); >> + int mapcount = atomic_read(&page->_mapcount) + 1; >> char *type = ""; >> >> - mapcount = page_mapcount_is_type(mapcount) ? 0 : mapcount + 1; >> + mapcount = page_mapcount_is_type(mapcount) ? 0 : mapcount; > > At this point it would be perhaps more obvious: > > if (page_mapcount_is_type(mapcount)) > mapcount = 0; Agreed, maybe Andrew can fix that up.
On Fri, 21 Mar 2025 16:38:29 +0100 David Hildenbrand <david@redhat.com> wrote: > >> - mapcount = page_mapcount_is_type(mapcount) ? 0 : mapcount + 1; > >> + mapcount = page_mapcount_is_type(mapcount) ? 0 : mapcount; > > > > At this point it would be perhaps more obvious: > > > > if (page_mapcount_is_type(mapcount)) > > mapcount = 0; > > Agreed, maybe Andrew can fix that up. Sure. I'll be adding this series to the 6.15-rc1 pile.
diff --git a/mm/debug.c b/mm/debug.c index 8d2acf432385..b6bd9555ec7b 100644 --- a/mm/debug.c +++ b/mm/debug.c @@ -71,10 +71,10 @@ static void __dump_folio(struct folio *folio, struct page *page, unsigned long pfn, unsigned long idx) { struct address_space *mapping = folio_mapping(folio); - int mapcount = atomic_read(&page->_mapcount); + int mapcount = atomic_read(&page->_mapcount) + 1; char *type = ""; - mapcount = page_mapcount_is_type(mapcount) ? 0 : mapcount + 1; + mapcount = page_mapcount_is_type(mapcount) ? 0 : mapcount; pr_warn("page: refcount:%d mapcount:%d mapping:%p index:%#lx pfn:%#lx\n", folio_ref_count(folio), mapcount, mapping, folio->index + idx, pfn);
As the comments of page_mapcount_is_type() indicate, the parameter passed to the function should be one more than page->_mapcount. However, page->_mapcount is passed to the function by commit 4ffca5a96678 ("mm: support only one page_type per page") where page_type_has_type() is replaced by page_mapcount_is_type(), but the parameter isn't adjusted. Fix the parameter for page_mapcount_is_type() to be (page->__mapcount + 1). Note that the issue doesn't cause any visible impacts due to the safety gap introduced by PGTY_mapcount_underflow limit. Fixes: 4ffca5a96678 ("mm: support only one page_type per page") Signed-off-by: Gavin Shan <gshan@redhat.com> Acked-by: David Hildenbrand <david@redhat.com> --- mm/debug.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)