2.4.14 + Bug in swap_out. - Eric W. Biederman

linux-mm.kvack.org archive mirror
 help / color / mirror / Atom feed

From: ebiederm@xmission.com (Eric W. Biederman)
To: Linus Torvalds <torvalds@transmeta.com>,
	linux-mm@kvack.org, linux-kernel@vger.kernel.org
Subject: 2.4.14 + Bug in swap_out.
Date: 20 Nov 2001 23:01:06 -0700	[thread overview]
Message-ID: <m1vgg41x3x.fsf@frodo.biederman.org> (raw)

In swap_out we have the following code:

	spin_lock(&mmlist_lock);
	mm = swap_mm;
	while (mm->swap_address == TASK_SIZE || mm == &init_mm) {
		mm->swap_address = 0;
		mm = list_entry(mm->mmlist.next, struct mm_struct, mmlist);
		if (mm == swap_mm)
			goto empty;
		swap_mm = mm;
	}

	/* Make sure the mm doesn't disappear when we drop the lock.. */
	atomic_inc(&mm->mm_users);
	spin_unlock(&mmlist_lock);

	nr_pages = swap_out_mm(mm, nr_pages, &counter, classzone);

	mmput(mm);

And looking in fork.c mmput under with right circumstances becomes.
kmem_cache_free(mm_cachep, (mm)))

So it appears that there is nothing that keeps the mm_struct that
swap_mm points to as being valid. 

I guess the easy fix would be to increment the count on swap_mm,
and then do an mmput we assign something else to the value of swap_mm.  But
I don't know if that is what we want.

Thoughts?

Eric

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org.  For more info on Linux MM,
see: http://www.linux-mm.org/

next             reply	other threads:[~2001-11-21  6:01 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2001-11-21  6:01 Eric W. Biederman [this message]
2001-11-21  6:29 ` David S. Miller
2001-11-21  6:37   ` Eric W. Biederman
2001-11-21 12:17     ` Rik van Riel
2001-11-21 13:31       ` Eric W. Biederman
2001-11-21 14:20         ` Rik van Riel
2001-11-21 14:21           ` Eric W. Biederman
2001-11-21 12:13 ` Rik van Riel
     [not found] <Pine.LNX.4.21.0111211515210.1357-100000@localhost.localdomain>
2001-11-21 15:39 ` Rik van Riel
     [not found] <Pine.LNX.4.21.0111211558160.1394-100000@localhost.localdomain>
2001-11-21 16:26 ` Eric W. Biederman

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=m1vgg41x3x.fsf@frodo.biederman.org \
    --to=ebiederm@xmission.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-mm@kvack.org \
    --cc=torvalds@transmeta.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox