From: Rik van Riel <riel@conectiva.com.br>
To: Linus Torvalds <torvalds@transmeta.com>
Cc: linux-mm@kvack.org, "Stephen C. Tweedie" <sct@redhat.com>,
Andrea Arcangeli <andrea@suse.de>,
Marcelo Tosatti <marcelo@conectiva.com.br>
Subject: Re: filemap.c SMP bug in 2.4.0-test*
Date: Wed, 16 Aug 2000 00:40:47 -0300 (BRST) [thread overview]
Message-ID: <Pine.LNX.4.21.0008160031330.3400-100000@duckman.distro.conectiva> (raw)
In-Reply-To: <Pine.LNX.4.10.10008152018100.3600-100000@penguin.transmeta.com>
On Tue, 15 Aug 2000, Linus Torvalds wrote:
> On Tue, 15 Aug 2000, Rik van Riel wrote:
> >
> > The backtrace I got points to some place deep inside
> > mm/filemap.c, in code I really didn't touch and I
> > wouldn't want to touch if this bug wasn't here ;)
> >
> > >>EIP; c012e370 <lru_cache_add+5c/d4> <=====
> > Trace; c021b33e <tvecs+1dde/19f60>
> > Trace; c021b579 <tvecs+2019/19f60>
> > Trace; c0127823 <add_to_page_cache_locked+cb/dc>
> > Trace; c0130a3c <add_to_swap_cache+84/8c>
> > Trace; c0130d00 <read_swap_cache_async+68/98>
> > Trace; c0125c8b <handle_mm_fault+143/1c0>
> > Trace; c0113d33 <do_page_fault+143/3f0>
>
> Look at this back-trace again.
>
> In particular, look at which page read_swap_cache_async() adds
> to the swap cache.
> ***** new_page_addr = __get_free_page(GFP_USER); *******
> In short, read_swap_cache_async() allocates a new page that
> nobody else has access to. There's no way in hell that page is
> going to be on any LRU lists.
*nod*
> The bug pretty much has to be in the new page flag handling. No,
> I don't see anything wrong in your patch, but we're talking
> about a code-path that has it's own very private page that
> cannot be shared unless there are some pretty major bugs (if
> __get_free_page() returns a page that is still in use somewhere,
> we're _soo_ screwed).
I've seen the call trace with sys_write and sys_read
too, so I assume that it's indeed __alloc_pages() which
hands over a page with one of the flags still set.
Question is, how did that thing get on the free list
in the first place? __free_pages_ok() checks for the
flags and reclaim_page() also checks for all of the
flags (inside the del_page_from_inactive_clean_list
macro)...
I've been looking at this code very closely over the
last week and fail to see any possibility for this
to happen, but where there's a bug there's a way ;)
regards,
Rik
--
"What you're running that piece of shit Gnome?!?!"
-- Miguel de Icaza, UKUUG 2000
http://www.conectiva.com/ http://www.surriel.com/
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux.eu.org/Linux-MM/
next prev parent reply other threads:[~2000-08-16 3:40 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2000-08-15 22:10 Rik van Riel
2000-08-16 2:43 ` Linus Torvalds
2000-08-16 2:46 ` Rik van Riel
2000-08-16 3:26 ` Linus Torvalds
2000-08-16 3:40 ` Rik van Riel [this message]
2000-08-16 4:09 ` Rik van Riel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Pine.LNX.4.21.0008160031330.3400-100000@duckman.distro.conectiva \
--to=riel@conectiva.com.br \
--cc=andrea@suse.de \
--cc=linux-mm@kvack.org \
--cc=marcelo@conectiva.com.br \
--cc=sct@redhat.com \
--cc=torvalds@transmeta.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox