Re: 2.6.5-rc2-aa5

From: Rajesh Venkatasubramanian
Date: Mon Mar 29 2004 - 16:35:12 EST

Andrew Moroton <akpm@xxxxxxxx> wrote:
>> Andrea Arcangeli <andrea@xxxxxxx> wrote:
>> Notably there is a BUG_ON(page->mapping) triggering in
>> page_remove_rmap in the pagecache case. that could be ex-pagecache
>> being
>> removed from pagecache before all ptes have been zapped, infact the
>> page_remove_rmap triggers in the vmtruncate path.
> Confused. vmtruncate zaps the ptes before removing pages from
> pagecache,
> so I'd expect a non-null ->mapping in page_remove_rmap() is a very
> common
> thing. truncate a file which someone has mmapped and it'll happen every
> time, will it not?

Andrea missed a not (!) in the BUG_ON. It is BUG_ON(!page->mapping).

The race Andrea hit _may_ be the mremap vs. vmtruncate race I hit:

A first truncate that raced with mremap and left an orphaned pte.
The following truncate tried to clear the orphaned pte, and reached
page_remove_rmap with page->mapping == NULL.

Yes. It can happen in all 2.4 and 2.6 kernels.

Hugh has a better fix than mine for the mremap vs. truncate race
in his anobjrmap 7/6 patch.

With prio_tree we have to modify Hugh's fix, though.


To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at