Re: Another VM race? (was: page_launder() bug)

Mikulas Patocka (mikulas@artax.karlin.mff.cuni.cz)
Mon, 14 May 2001 11:53:49 +0200 (CEST)


> > CPU 0 CPU 1
> > is executing the code marked is executing try_to_free_buffers on
> > above with ^^^^^^^: the same page (it can be, because CPU 0
> > did not lock the page)
> >
> > (page->buffers &&
> >
> > page->buffers = NULL
> >
> > MAJOR(page->buffers->b_dev) ==
> > RAMDISK_MAJOR)) ===> Oops, NULL pointer dereference!
> >
> >
> >
> > Maybe compiler CSE optimization will eliminate the double load of
> > page->buffers, but we must not rely on it. If the compiler doesn't
> > optimize it, it can produce random oopses.
>
> You're right, this should be fixed. Do you happen to have a
> patch ? ;)

You can apply this one.

Mikulas

--- linux/mm/vmscan.c_ Mon May 14 11:41:42 2001
+++ linux/mm/vmscan.c Mon May 14 11:44:54 2001
@@ -454,8 +454,7 @@

/* Page is or was in use? Move it to the active list. */
if (PageTestandClearReferenced(page) || page->age > 0 ||
- (!page->buffers && page_count(page) > 1) ||
- page_ramdisk(page)) {
+ (!page->buffers && page_count(page) > 1)) {
del_page_from_inactive_dirty_list(page);
add_page_to_active_list(page);
continue;
@@ -470,6 +469,9 @@
list_add(page_lru, &inactive_dirty_list);
continue;
}
+
+ /* M.P.: We must not call page_ramdisk for unlocked page */
+ if (page_ramdisk(page)) goto page_active;

/*
* Dirty swap-cache page? Write it out if

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/