Re: VM: Fix nasty and subtle race in shared mmap'ed page writeback
From: Nick Piggin
Date: Thu Jan 04 2007 - 00:08:24 EST
Linus Torvalds wrote:
On Thu, 4 Jan 2007, Nick Piggin wrote:
Yhat's when the bug was introduced -- 2.6.19. 2.6.18 does not have
this bug, so it cannot be years old.
Actually, I think 2.6.18 may have a subtle variation on it.
In particular, I look back at the try_to_free_buffers() thing that I hated
so much, and it makes me wonder.. It used to do:
spin_lock(&mapping->private_lock);
ret = drop_buffers(page, &buffers_to_free);
spin_unlock(&mapping->private_lock);
if (ret) {
.. crappy comment ..
if (test_clear_page_dirty(page))
task_io_account_cancelled_write(PAGE_CACHE_SIZE);
}
and I think that at least on SMP, we had a race with another CPU doing the
"mark page dirty if it was dirty in the PTE" at the same time. Because the
marking dirty would come in, find no buffers (they just got dropped), and
then mark the page dirty (ignoring the lack of any buffers), but then the
above would do the "test_clear_page_dirty()" thing on it.
Ie the race, I think, existed where that crappy comment was.
But that much older race would only trigger on SMP (or possibly UP with
preempt).
Oh yes the try_to_free_buffers race, I think, does exist in older kernels.
Yes according to our earlier analysis it would trigger with UP+preempt and
SMP.
But the patch that Andrea was pointing to was your last patch (The Fix),
which stopped page_mkclean caller throwing out dirty bits. You probably
didn't see that in the mail I cc'ed you on.
So yes it would be interesting to see whether fixing try_to_free_buffers
fixes Andrea's problem on older kernels.
--
SUSE Labs, Novell Inc.
Send instant messages to your online friends http://au.messenger.yahoo.com
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/