Re: [patch] mm: vmscan fix mapping use after free
From: Mel Gorman
Date: Tue Jun 15 2010 - 09:24:15 EST
On Tue, Jun 15, 2010 at 03:43:44PM +1000, Nick Piggin wrote:
> On Tue, Jun 15, 2010 at 03:12:42PM +1000, Nick Piggin wrote:
> > > Once that page is unlocked, we can't touch *mapping - its inode can be
> > > concurrently reclaimed. Although I guess the technique in
> > > handle_write_error() can be reused.
> >
> > Nasty. That guy needs to be using lock_page_nosync().
> --
>
> Need lock_page_nosync here because we have no reference to the mapping when
> taking the page lock.
>
> Signed-off-by: Nick Piggin <npiggin@xxxxxxx>
>
Thanks, I've picked this up and merged it into the series and removed
the "hand grenade" comment.
> ---
> mm/vmscan.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> Index: linux-2.6/mm/vmscan.c
> ===================================================================
> --- linux-2.6.orig/mm/vmscan.c
> +++ linux-2.6/mm/vmscan.c
> @@ -296,7 +296,7 @@ static int may_write_to_queue(struct bac
> static void handle_write_error(struct address_space *mapping,
> struct page *page, int error)
> {
> - lock_page(page);
> + lock_page_nosync(page);
> if (page_mapping(page) == mapping)
> mapping_set_error(mapping, error);
> unlock_page(page);
>
--
Mel Gorman
Part-time Phd Student Linux Technology Center
University of Limerick IBM Dublin Software Lab
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/