unmap_kiobuf is first freeing the page and then unlocking the page. This
is fine assuming the kiobuf is used to lockdown userspace as done by the
/dev/raw* device driver (so the free_page will never be the last free
page), but if the free_page is going to release the last reference to the
page, a BUG() will correctly trigger.
This is the fix against 2.3.36:
--- 2.3.36/mm/memory.c.~1~ Wed Jan 5 17:42:52 2000
+++ 2.3.36/mm/memory.c Sun Jan 9 02:56:52 2000
@@ -560,8 +560,8 @@
map = iobuf->maplist[i];
if (map && iobuf->locked) {
- __free_page(map);
UnlockPage(map);
+ __free_page(map);
}
}
And this is the fix against 2.2.14aa1 (while 2.2.x won't trigger a BUG(),
it may as well race, probably not though, as all is serialized by the
kernel lock in the VM lock/waitqueue handling in 2.2.x).
--- 2.2.14-rawio/mm/memory.c.~1~ Sun Jan 9 03:04:04 2000
+++ 2.2.14-rawio/mm/memory.c Sun Jan 9 03:04:28 2000
@@ -570,9 +570,9 @@
map = iobuf->maplist[i];
if (map && iobuf->locked) {
- __free_page(map);
clear_bit(PG_locked, &map->flags);
wake_up(&map->wait);
+ __free_page(map);
}
}
Andrea
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sat Jan 15 2000 - 21:00:14 EST