Re: VM: Fix nasty and subtle race in shared mmap'ed page writeback

[Nick Piggin]

Andrew Morton wrote:
> On Wed, 3 Jan 2007 20:44:36 -0800 (PST)
> Linus Torvalds <torvalds@xxxxxxxx> wrote:
>
>
> > Actually, I think 2.6.18 may have a subtle variation on it. 
> >
> > In particular, I look back at the try_to_free_buffers() thing that I hated 
> > so much, and it makes me wonder.. It used to do:
> >
> > 	spin_lock(&mapping->private_lock);
> > 	ret = drop_buffers(page, &buffers_to_free);
> > 	spin_unlock(&mapping->private_lock);
> > 	if (ret) {
> > 		.. crappy comment ..
> > 		if (test_clear_page_dirty(page))
> > 			task_io_account_cancelled_write(PAGE_CACHE_SIZE);
> > 	}
> >
> > and I think that at least on SMP, we had a race with another CPU doing the 
> > "mark page dirty if it was dirty in the PTE" at the same time. Because the 
> > marking dirty would come in, find no buffers (they just got dropped), and 
> > then mark the page dirty (ignoring the lack of any buffers), but then the 
> > above would do the "test_clear_page_dirty()" thing on it.
>
>
> That bug was introduced in 2.6.19, with the dirty page tracking patches.
>
> 2.6.18 and earlier used ->private_lock coverage in try_to_free_buffers() to
> prevent it.

Ohh, right you are, I was looking at 2.6.19 sources. The comments above
ttfb match that as well. Curious that the dirty page patches were allowed
to mess with this...

Anyway that leaves us with the question of why Andrea's database is getting
corrupted. Hopefully he can give us a minimal test-case.

> > Ie the race, I think, existed where that crappy comment was.
>
>
> The comment was complete, accurate and needed.

Indeed ;)

--
SUSE Labs, Novell Inc.
Send instant messages to your online friends http://au.messenger.yahoo.com 
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/