Re: msync() bug

Andrew Morton (andrewm@uow.edu.au)
Mon, 09 Jul 2001 22:32:11 +1000


Abraham vd Merwe wrote:
>
> Hi!
>
> I was preparing some lecture last night and stumbled onto this bug. Maybe
> some of you can shed some light on it.
>
> Basically, I just memory map /dev/mem at 0xb8000 (text mode - yes I know you
> shouldn't do this, but it was to illustrate something), reads 4k, changes it
> writes it back.
>

The actual call trace is:

__set_page_dirty
filemap_sync_pte
filemap_sync_pte_range
filemap_sync_pmd_range
filemap_sync
msync_interval
sys_msync

We're crashing because __set_page_dirty dereferences page->mapping,
but pages from a mmap() of /dev/mem seem to have a NULL ->mapping.

One of the very frustrating things about Linux kernel development
is that the main source of tuition is merely the source code. You
can stare at that for months (as I have) and still not have a firm
grasp on the big-picture semantic *meaning* behind something as
simple as a page having a null ->mapping. Sigh.

So one is reduced to mimicry:

--- linux-2.4.7-pre3/mm/filemap.c Wed Jul 4 18:21:32 2001
+++ linux-akpm/mm/filemap.c Mon Jul 9 22:22:46 2001
@@ -1652,7 +1652,8 @@ static inline int filemap_sync_pte(pte_t
if (pte_present(pte) && ptep_test_and_clear_dirty(ptep)) {
struct page *page = pte_page(pte);
flush_tlb_page(vma, address);
- set_page_dirty(page);
+ if (page->mapping)
+ set_page_dirty(page);
}
return 0;
}

-
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/