[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <45BDCA8A.4050809@yahoo.com.au>
Date: Mon, 29 Jan 2007 21:20:58 +1100
From: Nick Piggin <nickpiggin@...oo.com.au>
To: linux-kernel <linux-kernel@...r.kernel.org>,
Linux Memory Management <linux-mm@...ck.org>,
David Howells <dhowells@...hat.com>,
Hugh Dickins <hugh@...itas.com>, Andrew Morton <akpm@...l.org>
Subject: page_mkwrite caller is racy?
Hi,
After do_wp_page calls page_mkwrite on its target (old_page), it then drops the
reference to the page before locking the ptl and verifying that the pte points
to old_page.
Unfortunately, old_page may have been truncated and freed, or reclaimed, then
re-allocated and used again for the same pagecache position and faulted in
read-only into the same pte by another thread. Then you will have a situation
where page_mkwrite succeeds but the page we use is actually a readonly one.
Moving page_cache_release(old_page) to below the next statement will fix that
problem.
But it is sad that this thing got merged without any callers to even know how it
is intended to work. Must it be able to sleep?
Nick
--
SUSE Labs, Novell Inc.
Send instant messages to your online friends http://au.messenger.yahoo.com
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists