Race in shrink_cache

Daniel Phillips (phillips@arcor.de)
Thu, 5 Sep 2002 07:04:28 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: George Toft: "PROBLEM: Kernel loses time - 1 min each 10 minutes"
Previous message: Rusty Russell: "Re: ip_conntrack_hash() problem"
Next in thread: Andrew Morton: "Re: Race in shrink_cache"
Next in thread: Andrew Morton: "Re: Race in shrink_cache"
Reply: Andrew Morton: "Re: Race in shrink_cache"
Reply: Andrew Morton: "Re: Race in shrink_cache"
Reply: Andrew Morton: "Re: Race in shrink_cache"
Reply: Andrew Morton: "Re: Race in shrink_cache"
Reply: Andrew Morton: "Re: Race in shrink_cache"

Hi Marcelo,

This looks really suspicious, vmscan.c#435:

spin_unlock(&pagemap_lru_lock);
if (put_page_testzero(page))
__free_pages_ok(page, 0);
/* avoid to free a locked page */
page_cache_get(page);

/* whoops, double free coming */

I suggest you bump the page count before releasing the lru lock. The race
shown above may not in fact be possible, but the current code is fragile.

-- 
Daniel
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Next message: George Toft: "PROBLEM: Kernel loses time - 1 min each 10 minutes"
Previous message: Rusty Russell: "Re: ip_conntrack_hash() problem"
Next in thread: Andrew Morton: "Re: Race in shrink_cache"
Next in thread: Andrew Morton: "Re: Race in shrink_cache"
Reply: Andrew Morton: "Re: Race in shrink_cache"
Reply: Andrew Morton: "Re: Race in shrink_cache"
Reply: Andrew Morton: "Re: Race in shrink_cache"
Reply: Andrew Morton: "Re: Race in shrink_cache"
Reply: Andrew Morton: "Re: Race in shrink_cache"