From: Nick Piggin <nickpiggin@yahoo.com.au>
To: linux-kernel <linux-kernel@vger.kernel.org>,
Linux Memory Management <linux-mm@kvack.org>,
David Howells <dhowells@redhat.com>,
Hugh Dickins <hugh@veritas.com>, Andrew Morton <akpm@osdl.org>
Subject: page_mkwrite caller is racy?
Date: Mon, 29 Jan 2007 21:20:58 +1100 [thread overview]
Message-ID: <45BDCA8A.4050809@yahoo.com.au> (raw)
Hi,
After do_wp_page calls page_mkwrite on its target (old_page), it then drops the
reference to the page before locking the ptl and verifying that the pte points
to old_page.
Unfortunately, old_page may have been truncated and freed, or reclaimed, then
re-allocated and used again for the same pagecache position and faulted in
read-only into the same pte by another thread. Then you will have a situation
where page_mkwrite succeeds but the page we use is actually a readonly one.
Moving page_cache_release(old_page) to below the next statement will fix that
problem.
But it is sad that this thing got merged without any callers to even know how it
is intended to work. Must it be able to sleep?
Nick
--
SUSE Labs, Novell Inc.
Send instant messages to your online friends http://au.messenger.yahoo.com
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next reply other threads:[~2007-01-29 10:20 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-01-29 10:20 Nick Piggin [this message]
2007-01-29 16:08 ` Hugh Dickins
2007-01-29 20:41 ` Anton Altaparmakov
2007-01-30 1:14 ` Nick Piggin
2007-01-30 1:51 ` Mark Fasheh
2007-01-30 14:58 ` Anton Altaparmakov
2007-01-31 1:18 ` Nick Piggin
2007-01-29 20:00 ` Mark Fasheh
2007-02-01 11:44 ` David Howells
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=45BDCA8A.4050809@yahoo.com.au \
--to=nickpiggin@yahoo.com.au \
--cc=akpm@osdl.org \
--cc=dhowells@redhat.com \
--cc=hugh@veritas.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox