LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
* page_mkwrite caller is racy?
@ 2007-01-29 10:20 Nick Piggin
  2007-01-29 16:08 ` Hugh Dickins
                   ` (2 more replies)
  0 siblings, 3 replies; 9+ messages in thread
From: Nick Piggin @ 2007-01-29 10:20 UTC (permalink / raw)
  To: linux-kernel, Linux Memory Management, David Howells,
	Hugh Dickins, Andrew Morton

Hi,

After do_wp_page calls page_mkwrite on its target (old_page), it then drops the
reference to the page before locking the ptl and verifying that the pte points
to old_page.

Unfortunately, old_page may have been truncated and freed, or reclaimed, then
re-allocated and used again for the same pagecache position and faulted in
read-only into the same pte by another thread. Then you will have a situation
where page_mkwrite succeeds but the page we use is actually a readonly one.

Moving page_cache_release(old_page) to below the next statement will fix that
problem.

But it is sad that this thing got merged without any callers to even know how it
is intended to work. Must it be able to sleep?

Nick

-- 
SUSE Labs, Novell Inc.
Send instant messages to your online friends http://au.messenger.yahoo.com 

^ permalink raw reply	[flat|nested] 9+ messages in thread

end of thread, other threads:[~2007-02-01 11:45 UTC | newest]

Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2007-01-29 10:20 page_mkwrite caller is racy? Nick Piggin
2007-01-29 16:08 ` Hugh Dickins
2007-01-29 20:41   ` Anton Altaparmakov
2007-01-30  1:14   ` Nick Piggin
2007-01-30  1:51     ` Mark Fasheh
2007-01-30 14:58       ` Anton Altaparmakov
2007-01-31  1:18         ` Nick Piggin
2007-01-29 20:00 ` Mark Fasheh
2007-02-01 11:44 ` David Howells

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).