From mboxrd@z Thu Jan 1 00:00:00 1970 Date: Thu, 14 Jun 2007 16:00:47 +0900 From: KAMEZAWA Hiroyuki Subject: [RFC] memory unplug v5 [2/6] isolate lru page race fix Message-Id: <20070614160047.c7c8d5e9.kamezawa.hiroyu@jp.fujitsu.com> In-Reply-To: <20070614155630.04f8170c.kamezawa.hiroyu@jp.fujitsu.com> References: <20070614155630.04f8170c.kamezawa.hiroyu@jp.fujitsu.com> Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-linux-mm@kvack.org Return-Path: To: KAMEZAWA Hiroyuki Cc: linux-mm@kvack.org, mel@csn.ul.ie, y-goto@jp.fujitsu.com, clameter@sgi.com, hugh@veritas.com List-ID: release_pages() in mm/swap.c changes page_count() to be 0 without removing PageLRU flag... This means isolate_lru_page() can see a page, PageLRU() && page_count(page)==0.. This is BUG. (get_page() will be called against count=0 page.) Signed-Off-By: KAMEZAWA Hiroyuki --- mm/migrate.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) Index: devel-2.6.22-rc4-mm2/mm/migrate.c =================================================================== --- devel-2.6.22-rc4-mm2.orig/mm/migrate.c +++ devel-2.6.22-rc4-mm2/mm/migrate.c @@ -49,9 +49,8 @@ int isolate_lru_page(struct page *page, struct zone *zone = page_zone(page); spin_lock_irq(&zone->lru_lock); - if (PageLRU(page)) { + if (PageLRU(page) && get_page_unless_zero(page)) { ret = 0; - get_page(page); ClearPageLRU(page); if (PageActive(page)) del_page_from_active_list(zone, page); -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: email@kvack.org