From mboxrd@z Thu Jan 1 00:00:00 1970 Date: Fri, 17 Oct 2008 19:53:49 -0700 (PDT) From: Linus Torvalds Subject: Re: [patch] mm: fix anon_vma races In-Reply-To: <20081018022541.GA19018@wotan.suse.de> Message-ID: References: <20081016041033.GB10371@wotan.suse.de> <1224285222.10548.22.camel@lappy.programming.kicks-ass.net> <20081018013258.GA3595@wotan.suse.de> <20081018022541.GA19018@wotan.suse.de> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-linux-mm@kvack.org Return-Path: To: Nick Piggin Cc: Peter Zijlstra , Hugh Dickins , Linux Memory Management List List-ID: On Sat, 18 Oct 2008, Nick Piggin wrote: > @@ -171,6 +181,10 @@ static struct anon_vma *page_lock_anon_v > > anon_vma = (struct anon_vma *) (anon_mapping - PAGE_MAPPING_ANON); > spin_lock(&anon_vma->lock); > + > + if (anon_mapping != (unsigned long)page->mapping) > + goto out; > + > return anon_vma; > out: > rcu_read_unlock(); I see why you'd like to try to do this, but look a bit closer, and you'll realize that this is *really* wrong. So there's the brown-paper-bag-reason why it's wrong: you need to unlock in this case, but there's a subtler reason why I doubt the whole approach works: I don't think we actually hold the anon_vma lock when we set page->mapping. So I don't think you really fixed the race that you want to fix, and I don't think that does what you wanted to do. But I might have missed something. I'm off to play poker. It's Friday night, there's only so many memory ordering and locking issues I can take in one day. I'm hoping that by the time I look at this again, you and Hugh will have sorted it out. Linus -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: email@kvack.org