Re: 2.6.25-git2: BUG: unable to handle kernel paging request atffffffffffffffff

[Linus Torvalds]

On Mon, 21 Apr 2008, Paul E. McKenney wrote:
> 
> I did take a quick look for improperly freeing dentries -- unhashed
> dentries are freed directly, so if there is a code path that somehow
> unhashes dentries and then d_free()s them without a grace period, we
> have a problem.

No, not even then.

We *always* unhash the dentries before freeing them, but we very 
consciously use "hlist_del_rcu()" on them, not "hlist_del_init()".

That, in turn, will mean that the "pprev" pointer will still be set, so 
the "hlist_unhashed()" thing will *not* trigger.

IOW, when we do that direct-free with:

	if (hlist_unhashed(&dentry->d_hash))
		__d_free(dentry);

the "hlist_unhashed()" will literally guarantee that i has *never* been on 
a hash-list at all!

(If you want to test whether it is currently unhashed or not, you actually 
have to use "d_unhashed()" on the dentry under the dentry lock, which 
tests the DCACHE_UNHASHED bit).

Of course, there could be some bug in there, but the thing is, none of 
this has even changed in a long time, certainly not since 2.6.25. Which is 
why I think the dcache code is all fine, and the bug comes from somewhere 
else corrupting the data structures.

		Linus
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/