Race in shrink_cache

From: Daniel Phillips (phillips@arcor.de)
Date: Thu Sep 05 2002 - 00:04:28 EST

Next message: George Toft: "PROBLEM: Kernel loses time - 1 min each 10 minutes"
Previous message: Rusty Russell: "Re: ip_conntrack_hash() problem"
Next in thread: Andrew Morton: "Re: Race in shrink_cache"
Reply: Andrew Morton: "Re: Race in shrink_cache"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Marcelo,

This looks really suspicious, vmscan.c#435:

        spin_unlock(&pagemap_lru_lock);
                                                        if (put_page_testzero(page))
                                                                __free_pages_ok(page, 0);
        /* avoid to free a locked page */
        page_cache_get(page);

/* whoops, double free coming */

I suggest you bump the page count before releasing the lru lock. The race
shown above may not in fact be possible, but the current code is fragile.

-- 
Daniel
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Next message: George Toft: "PROBLEM: Kernel loses time - 1 min each 10 minutes"
Previous message: Rusty Russell: "Re: ip_conntrack_hash() problem"
Next in thread: Andrew Morton: "Re: Race in shrink_cache"
Reply: Andrew Morton: "Re: Race in shrink_cache"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Sat Sep 07 2002 - 22:00:23 EST