Re: [PATCH] mm: fix hang on anon_vma->root->lock

From: Hugh Dickins
Date: Fri Aug 27 2010 - 16:14:26 EST

Next message: John Stultz: "Re: [PATCH 1/5] ptp: Added a brand new class driver for ptp clocks."
Previous message: Andrew Morton: "Re: [PATCH RESEND] initialise DMA engine before MMC"
In reply to: Christoph Lameter: "Re: [PATCH] mm: fix hang on anon_vma->root->lock"
Next in thread: Christoph Lameter: "Re: [PATCH] mm: fix hang on anon_vma->root->lock"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Aug 27, 2010 at 12:29 PM, Christoph Lameter <cl@xxxxxxxxx> wrote:
> On Fri, 27 Aug 2010, Hugh Dickins wrote:
>
>> Eh? ÂMy solution was a second page_mapped(page) test i.e. testing an atomic.
>
> Argh. Right. Looked like a global to me. Did not see the earlier local
> def.
>
> If you still use a pointer then what does insure that the root
> pointer was not changed after the ACCESS_ONCE? The free semantics
> of an anon_vma?

Nothing ensures that the root pointer was not changed after the
ACCESS_ONCE, that's exactly why we use ACCESS_ONCE there: once we've
got the lock and realize that what we've locked may not be what we
wanted (or may change from what we were wanting at any moment, the
page no longer being mapped there - but in that case we no longer want
it), we have to be sure to unlock the one we locked, rather than the
one which anon_vma->root might subsequently point to.

(Umm, maybe I'm not the clearest of explainers, sorry! If you get my
point, fine; if it's gibberish to you, please ask me to try again.)

>
> Since there is no lock taken before the mapped check none of the
> earlier reads from the anon vma structure nor the page mapped check
> necessarily reflect a single state of the anon_vma.

There's no lock (other than RCU's read "lock") taken before the
original mapped check, and that's important, otherwise our attempt to
lock might actually spinon or corrupt something that was long ago an
anon_vma. But we do take the anon_vma->root->lock before the second
mapped check which I added. If the page is still mapped at the point
of that second check, then we know that we got the right anon_vma,
that the page might be mapped in it, and anon_vma->root is not going
to change underneath us before the page_unlock_anon_vma(). (The page
may get unmapped at any time, the lock does not protect against that;
but if it's still mapped once we hold the lock, free_pgtables() cannot
free the anon_vma until we're done.)

Hugh
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: John Stultz: "Re: [PATCH 1/5] ptp: Added a brand new class driver for ptp clocks."
Previous message: Andrew Morton: "Re: [PATCH RESEND] initialise DMA engine before MMC"
In reply to: Christoph Lameter: "Re: [PATCH] mm: fix hang on anon_vma->root->lock"
Next in thread: Christoph Lameter: "Re: [PATCH] mm: fix hang on anon_vma->root->lock"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]