Re: Race in shrink_cache

From: Daniel Phillips (phillips@arcor.de)
Date: Thu Sep 05 2002 - 01:36:16 EST


On Thursday 05 September 2002 08:36, Andrew Morton wrote:
> Daniel Phillips wrote:
> >
> > Hi Marcelo,
> >
> > This looks really suspicious, vmscan.c#435:
> >
> > spin_unlock(&pagemap_lru_lock);
> > if (put_page_testzero(page))
> > __free_pages_ok(page, 0);
> > /* avoid to free a locked page */
> > page_cache_get(page);
> >
> > /* whoops, double free coming */
> >
> > I suggest you bump the page count before releasing the lru lock. The race
> > shown above may not in fact be possible, but the current code is fragile.
> >
>
> That's OK. The page has a ref because of nonzero ->buffers And it
> is locked, which pins page->buffers.

Yes, true. Calm down ladies and gentlemen, and move away from the exits,
there is no fire. While we're in here, do you have any idea what this is
about:

/*
 * We must not allow an anon page
 * with no buffers to be visible on
 * the LRU, so we unlock the page after
 * taking the lru lock
 */

That is, what's scary about an anon page without buffers?

-- 
Daniel
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Sat Sep 07 2002 - 22:00:24 EST