Re: MM patches against 2.5.31

Daniel Phillips (phillips@arcor.de)
Thu, 29 Aug 2002 00:57:06 +0200


On Thursday 29 August 2002 00:39, Andrew Morton wrote:
> Daniel Phillips wrote:
> >
> > ...
> > So there's no question that the race is lurking in 2.4. I noticed several
> > more paths besides the one above that look suspicious as well. The bottom
> > line is, 2.4 needs a fix along the lines of my suggestion or Christian's,
> > something that can actually be proved.
> >
> > It's a wonder that this problem manifests so rarely in practice.
>
> I sort-of glanced through the 2.4 paths and it appears that in all of the
> places where it could do a page_cache_get/release, that would never happen
> because of other parts of the page state.
>
> Like: it can't be in pagecache, so we won't run writepage, and
> it can't have buffers, so we won't run try_to_release_page().
>
> Of course, I might have missed a path. And, well, generally: ugh.

I think it is happening. I just went sifting searching through the archives
on 'oops' and '2.4'. The first one I found was:

2.4.18-xfs (xfs related?) oops report

which fits the description nicely.

The race I showed actually causes the page->count to go negative, avoiding
a double free on a technicality. That doesn't make me feel much better about
it. Have you got a BUG_ON(!page_count(page)) in put_page_testzero? I think
we might see some action.

-- 
Daniel
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/