From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail202.messagelabs.com (mail202.messagelabs.com [216.82.254.227]) by kanga.kvack.org (Postfix) with ESMTP id 6526B62008B for ; Wed, 5 May 2010 14:04:44 -0400 (EDT) Date: Wed, 5 May 2010 11:02:25 -0700 (PDT) From: Linus Torvalds Subject: Re: [PATCH 1/2] mm,migration: Prevent rmap_walk_[anon|ksm] seeing the wrong VMA information In-Reply-To: <20100505175311.GU20979@csn.ul.ie> Message-ID: References: <1273065281-13334-1-git-send-email-mel@csn.ul.ie> <1273065281-13334-2-git-send-email-mel@csn.ul.ie> <20100505145620.GP20979@csn.ul.ie> <20100505175311.GU20979@csn.ul.ie> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-linux-mm@kvack.org To: Mel Gorman Cc: Andrew Morton , Linux-MM , LKML , Minchan Kim , KAMEZAWA Hiroyuki , Christoph Lameter , Andrea Arcangeli , Rik van Riel List-ID: On Wed, 5 May 2010, Mel Gorman wrote: > > If the same_vma list is properly ordered then maybe something like the > following is allowed? Heh. This is the same logic I just sent out. However: > + anon_vma = page_rmapping(page); > + if (!anon_vma) > + return NULL; > + > + spin_lock(&anon_vma->lock); RCU should guarantee that this spin_lock() is valid, but: > + /* > + * Get the oldest anon_vma on the list by depending on the ordering > + * of the same_vma list setup by __page_set_anon_rmap > + */ > + avc = list_entry(&anon_vma->head, struct anon_vma_chain, same_anon_vma); We're not guaranteed that the 'anon_vma->head' list is non-empty. Somebody could have freed the list and the anon_vma and we have a stale 'page->anon_vma' (that has just not been _released_ yet). And shouldn't that be 'list_first_entry'? Or &anon_vma->head.next? How did that line actually work for you? Or was it just a "it boots", but no actual testing of the rmap walk? Linus -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: email@kvack.org