| commit | 3c249016aed25db602d4849c2690521cf5e1ff2f | |
| author | Hugh Dickins <hughd@google.com> | |
| Sat, 14 May 2011 19:06:42 +0000 (14 12:06 -0700) | ||
| committer | Greg Kroah-Hartman <gregkh@suse.de> | |
| Sat, 21 May 2011 22:13:23 +0000 (21 15:13 -0700) | ||
| tree | fab2efbc5acbba49a2d744ea722fd0795f0a98c8 | treesnapshot (tar.gz zip) |
| parent | a621088213d3272950a85875afc25cc87b01b560 | commitdiff |
tmpfs: fix race between swapoff and writepage
commit 05bf86b4ccfd0f197da61c67bd372111d15a6620 upstream.
Shame on me! Commit b1dea800ac39 "tmpfs: fix race between umount and
writepage" fixed the advertized race, but introduced another: as even
its comment makes clear, we cannot safely rely on a peek at list_empty()
while holding no lock - until info->swapped is set, shmem_unuse_inode()
may delete any formerly-swapped inode from the shmem_swaplist, which
in this case would leave a swap area impossible to swapoff.
Although I don't relish taking the mutex every time, I don't care much
for the alternatives either; and at least the peek at list_empty() in
shmem_evict_inode() (a hotter path since most inodes would never have
been swapped) remains safe, because we already truncated the whole file.
Signed-off-by: Hugh Dickins <hughd@google.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
commit 05bf86b4ccfd0f197da61c67bd372111d15a6620 upstream.
Shame on me! Commit b1dea800ac39 "tmpfs: fix race between umount and
writepage" fixed the advertized race, but introduced another: as even
its comment makes clear, we cannot safely rely on a peek at list_empty()
while holding no lock - until info->swapped is set, shmem_unuse_inode()
may delete any formerly-swapped inode from the shmem_swaplist, which
in this case would leave a swap area impossible to swapoff.
Although I don't relish taking the mutex every time, I don't care much
for the alternatives either; and at least the peek at list_empty() in
shmem_evict_inode() (a hotter path since most inodes would never have
been swapped) remains safe, because we already truncated the whole file.
Signed-off-by: Hugh Dickins <hughd@google.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
| mm/shmem.c | diffblobblamehistory |