| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 16 Dec 2011 19:26:41 -0800 From: Andrew Morton <akpm@...ux-foundation.org> To: nai.xia@...il.com Cc: Mel Gorman <mgorman@...e.de>, Andrea Arcangeli <aarcange@...hat.com>, Minchan Kim <minchan.kim@...il.com>, Dave Jones <davej@...hat.com>, Jan Kara <jack@...e.cz>, Andy Isaacson <adi@...apodia.org>, Johannes Weiner <jweiner@...hat.com>, Rik van Riel <riel@...hat.com>, "Linux-MM" <linux-mm@...ck.org>, LKML <linux-kernel@...r.kernel.org> Subject: Re: [PATCH 05/11] mm: compaction: Determine if dirty pages can be migrated without blocking within ->migratepage On Sat, 17 Dec 2011 11:03:01 +0800 Nai Xia <nai.xia@...il.com> wrote: > On Saturday 17 December 2011 07:20:54 Andrew Morton wrote: > > > > I hadn't paid a lot of attention to buffer_migrate_page() before. > > Scary function. I'm rather worried about its interactions with ext3 > > journal commit which locks buffers then plays with them while leaving > > the page unlocked. How vigorously has this been whitebox-tested? > > buffer_migrate_page() is done under page lock & buffer head locks. > > I had assumed that anyone who has locked the buffer_heads should > also have a stable relationship between buffer_head <---> page, > otherwise, the buffer_head locking semantics should be broken itself ? > > I am actually using the similar logic for some other stuff, > it will make me cry if it can really crash ext3.... It's complicated ;) JBD attaches a journal_head to the buffer_head and thereby largely increases the amount of metadata in the buffer_head. Locking the buffer_head isn't considered to have locked the journal_head, although it might often work out that way. I don't see anything in the journal_head which refers to the page contents (b_committed_data points to a JBD-private copy of the data), and buffer_migrate_page() migrates the buffers to a new page, rather than migrating new buffers to the new page. We should check that the b_committed_data copy is taken under lock_buffer() (surely true). The core writeback code will initiate writeback against buffer_heads and will then unlock the page. But in that case the buffer_heads are locked and come unlocked after writeback has completed. So that should be OK. set_page_dirty() and friends can sometimes play with an unlocked page and even unlocked buffers, from IRQ context iirc. If there are problems around this, taking ->private_lock in buffer_migrate_page() will help... It's just ... scary. Whether there are gremlins in there (or in other filesystems!) I just don't know. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists