[PATCH V2] x86/mm/pat: Do a small optimization and fix in reserve_memtype

[PATCH V2] x86/mm/pat: Do a small optimization and fix in reserve_memtype

[Pan Xinhui]

From: Pan Xinhui <xinhuix.pan@intel.com>

It's safe and more reasonable to unlock memtype_lock right after
rbt_memtype_check_insert. It's not cool to call kfree, pr_info, etc with
this lock held. So move spin_unlock a little ahead.

memory_lock protects data stored in rb-tree, if *new* succeed to be
stored into the rb-tree, we might hit panic. Because we access *new* in
dprintk "cattr_name(new->type)". data stored in the rb-tree might be
freed at any possbile time. It's abviously wrong to access such data
without lock. So save new->type to actual_type, and use actual_type in
dprintk.

Signed-off-by: Pan Xinhui <xinhuix.pan@intel.com>
---
change from V1:
	fix an access of *new* without memtype_lock held.
---
 arch/x86/mm/pat.c | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/arch/x86/mm/pat.c b/arch/x86/mm/pat.c
index 188e3e0..f3c49fa 100644
--- a/arch/x86/mm/pat.c
+++ b/arch/x86/mm/pat.c
@@ -538,22 +538,20 @@ int reserve_memtype(u64 start, u64 end, enum page_cache_mode req_type,
 	new->type	= actual_type;
 
 	spin_lock(&memtype_lock);
-
 	err = rbt_memtype_check_insert(new, new_type);
+	actual_type = new->type;
+	spin_unlock(&memtype_lock);
+
 	if (err) {
 		pr_info("x86/PAT: reserve_memtype failed [mem %#010Lx-%#010Lx], track %s, req %s\n",
 			start, end - 1,
 			cattr_name(new->type), cattr_name(req_type));
 		kfree(new);
-		spin_unlock(&memtype_lock);
-
 		return err;
 	}
 
-	spin_unlock(&memtype_lock);
-
 	dprintk("reserve_memtype added [mem %#010Lx-%#010Lx], track %s, req %s, ret %s\n",
-		start, end - 1, cattr_name(new->type), cattr_name(req_type),
+		start, end - 1, cattr_name(actual_type), cattr_name(req_type),
 		new_type ? cattr_name(*new_type) : "-");
 
 	return err;
-- 
1.9.1

Re: [PATCH V2] x86/mm/pat: Do a small optimization and fix in reserve_memtype

[Thomas Gleixner]

On Tue, 21 Jul 2015, Pan Xinhui wrote:
> diff --git a/arch/x86/mm/pat.c b/arch/x86/mm/pat.c
> index 188e3e0..f3c49fa 100644
> --- a/arch/x86/mm/pat.c
> +++ b/arch/x86/mm/pat.c
> @@ -538,22 +538,20 @@ int reserve_memtype(u64 start, u64 end, enum page_cache_mode req_type,
>  	new->type	= actual_type;
>  
>  	spin_lock(&memtype_lock);
> -
>  	err = rbt_memtype_check_insert(new, new_type);
> +	actual_type = new->type;

What's the point of this? new->type is set to actual_type 5 lines above.

Thanks,

	tglx

Re: [PATCH V2] x86/mm/pat: Do a small optimization and fix in reserve_memtype

[Pan Xinhui]

hi, tglx
	thanks for your reply :)

On 2015年07月21日 16:10, Thomas Gleixner wrote:
> On Tue, 21 Jul 2015, Pan Xinhui wrote:
>> diff --git a/arch/x86/mm/pat.c b/arch/x86/mm/pat.c
>> index 188e3e0..f3c49fa 100644
>> --- a/arch/x86/mm/pat.c
>> +++ b/arch/x86/mm/pat.c
>> @@ -538,22 +538,20 @@ int reserve_memtype(u64 start, u64 end, enum page_cache_mode req_type,
>>  	new->type	= actual_type;
>>  
>>  	spin_lock(&memtype_lock);
>> -
>>  	err = rbt_memtype_check_insert(new, new_type);
>> +	actual_type = new->type;
> 
> What's the point of this? new->type is set to actual_type 5 lines above.
191 int rbt_memtype_check_insert(struct memtype *new,
192                  enum page_cache_mode *ret_type)
193 {
194     int err = 0;
195 
196     err = memtype_rb_check_conflict(&memtype_rbroot, new->start, new->end,
197                         new->type, ret_type);
198 
199     if (!err) {
200         if (ret_type)
201             new->type = *ret_type;
202 
So new->type might be set to *ret_type.

136     if (match->type != found_type && newtype == NULL)
137         goto failure;
138 
139     dprintk("Overlap at 0x%Lx-0x%Lx\n", match->start, match->end);
140     found_type = match->type;
141 
142     node = rb_next(&match->rb);
143     while (node) {
144         match = container_of(node, struct memtype, rb);
145 
146         if (match->start >= end) /* Checked all possible matches */
147             goto success;
148 
149         if (is_node_overlap(match, start, end) &&
150             match->type != found_type) {
151             goto failure;
152         }
153 
154         node = rb_next(&match->rb);
155     }
156 success:
157     if (newtype)
158         *newtype = found_type;

So *ret_type might be set to found_type(match->type),

The call train is deep, it took me long time to review them.
As actual_type != new->type is possible, we need save new->type to actual_type.

thanks
xinhui
> 
> Thanks,
> 
> 	tglx
> 

Re: [PATCH V2] x86/mm/pat: Do a small optimization and fix in reserve_memtype

[Thomas Gleixner]

On Tue, 21 Jul 2015, Pan Xinhui wrote:
> So *ret_type might be set to found_type(match->type),
> 
> The call train is deep, it took me long time to review them.
> As actual_type != new->type is possible, we need save new->type to actual_type.

Fair enough. But that wants to have a comment in the code as any
casual reader will trip over this.

Thanks,

	tglx