From: Peter Zijlstra <a.p.zijlstra@chello.nl>
To: Hugh Dickins <hugh@veritas.com>
Cc: Nick Piggin <npiggin@suse.de>,
Linus Torvalds <torvalds@linux-foundation.org>,
Linux Memory Management List <linux-mm@kvack.org>
Subject: Re: [patch] mm: fix anon_vma races
Date: Sun, 19 Oct 2008 12:51:40 +0200 [thread overview]
Message-ID: <1224413500.10548.55.camel@lappy.programming.kicks-ass.net> (raw)
In-Reply-To: <Pine.LNX.4.64.0810191048410.11802@blonde.site>
On Sun, 2008-10-19 at 10:52 +0100, Hugh Dickins wrote:
> On Sat, 18 Oct 2008, Peter Zijlstra wrote:
> >
> > fault_creation:
> >
> > anon_vma_prepare()
> > page_add_new_anon_rmap();
> >
> > expand_creation:
> >
> > anon_vma_prepare()
> > anon_vma_lock();
> >
> > rmap_lookup:
> >
> > page_referenced()/try_to_unmap()
> > page_lock_anon_vma()
> >
> > vma_lookup:
> >
> > vma_adjust()/vma_*
> > vma->anon_vma
> >
> > teardown:
> >
> > unmap_vmas()
> > zap_range()
> > page_remove_rmap()
> > free_page()
> > free_pgtables()
> > anon_vma_unlink()
> > free_range()
> >
> > IOW we remove rmap, free the page (set mapping=NULL) and then unlink and
> > free the anon_vma.
> >
> > But at that time vma->anon_vma is still set.
> >
> >
> > head starts to hurt,..
>
> Comprehension isn't my strong suit at the moment: I don't grasp
> what problem you're seeing here - if you can spell it out in more
> detail for me, I'd like to try stopping your head hurt - though not
> at cost of making mine hurt more!
Heh, I meant to continue on this path more later yesterday, but weekend
chores kept me from it.
The above was my feeble attempt at getting an overview of what we do
with these anon_vma things so as to get a feel for the interaction.
I think my main concern in all this is validating that we have the right
anon_vma on dereference - both the vma->anon_vma and the page->mapping
one.
Part of the confusion is that we don't clear those pointers at the end
of their lifetimes (page_remove_rmap and anon_vma_unlink).
I guess the !page_mapping() test in page_lock_anon_vma() is meant to
deal with this, I think the point is that we have a stable page
reference, and thus the mapping is stable too (although
page_referenced() only holds a ref, and that could race with a fault
which would install the anon_vma? - still that looks a race the safe
way)
Still it looks odd to have a rcu_read_lock() section without and
rcu_dereference() or smp_read_depend barrier.
I think I see how the vma->anon_vma references work too, given the added
locking in anon_vma_prepare() proposed in this thread. But I need to
ponder those a bit more.
And alas, I need to run out again.. these weekends are too short.
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next prev parent reply other threads:[~2008-10-19 10:51 UTC|newest]
Thread overview: 52+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-10-16 4:10 Nick Piggin
2008-10-17 22:14 ` Hugh Dickins
2008-10-17 23:05 ` Linus Torvalds
2008-10-18 0:13 ` Hugh Dickins
2008-10-18 0:25 ` Linus Torvalds
2008-10-18 1:53 ` Nick Piggin
2008-10-18 2:50 ` Paul Mackerras
2008-10-18 2:57 ` Linus Torvalds
2008-10-18 5:49 ` Nick Piggin
2008-10-18 10:49 ` Paul Mackerras
2008-10-18 17:00 ` Linus Torvalds
2008-10-18 18:44 ` Matthew Wilcox
2008-10-19 2:54 ` Nick Piggin
2008-10-19 2:53 ` Nick Piggin
2008-10-17 23:13 ` Peter Zijlstra
2008-10-17 23:53 ` Linus Torvalds
2008-10-18 0:42 ` Linus Torvalds
2008-10-18 1:08 ` Linus Torvalds
2008-10-18 1:32 ` Nick Piggin
2008-10-18 2:11 ` Linus Torvalds
2008-10-18 2:25 ` Nick Piggin
2008-10-18 2:35 ` Nick Piggin
2008-10-18 2:53 ` Linus Torvalds
2008-10-18 5:20 ` Nick Piggin
2008-10-18 10:38 ` Peter Zijlstra
2008-10-19 9:52 ` Hugh Dickins
2008-10-19 10:51 ` Peter Zijlstra [this message]
2008-10-19 12:39 ` Hugh Dickins
2008-10-19 18:25 ` Linus Torvalds
2008-10-19 18:45 ` Peter Zijlstra
2008-10-19 19:00 ` Hugh Dickins
2008-10-20 4:03 ` Hugh Dickins
2008-10-20 15:17 ` Linus Torvalds
2008-10-20 18:21 ` Hugh Dickins
2008-10-21 2:56 ` Nick Piggin
2008-10-21 3:25 ` Linus Torvalds
2008-10-21 4:33 ` Nick Piggin
2008-10-21 12:58 ` Hugh Dickins
2008-10-21 15:59 ` Christoph Lameter
2008-10-22 9:29 ` Nick Piggin
2008-10-21 4:34 ` Nick Piggin
2008-10-21 13:55 ` Hugh Dickins
2008-10-21 2:44 ` Nick Piggin
2008-10-18 19:14 ` Hugh Dickins
2008-10-19 3:03 ` Nick Piggin
2008-10-19 7:07 ` Hugh Dickins
2008-10-20 3:26 ` Hugh Dickins
2008-10-21 2:45 ` Nick Piggin
2008-10-19 1:13 ` Hugh Dickins
2008-10-19 2:41 ` Nick Piggin
2008-10-19 9:45 ` Hugh Dickins
2008-10-21 3:59 ` Nick Piggin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1224413500.10548.55.camel@lappy.programming.kicks-ass.net \
--to=a.p.zijlstra@chello.nl \
--cc=hugh@veritas.com \
--cc=linux-mm@kvack.org \
--cc=npiggin@suse.de \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox