Re: [PATCH -alternative] mm: hugetlbfs: Close race during teardown of hugetlbfs shared page tables V2 (resend)

[Rik van Riel]

On 07/20/2012 10:36 AM, Michal Hocko wrote:

--- a/arch/x86/mm/hugetlbpage.c
+++ b/arch/x86/mm/hugetlbpage.c
@@ -81,7 +81,12 @@ static void huge_pmd_share(struct mm_struct *mm, unsigned 
long addr, pud_t *pud)
                if (saddr) {
                        spte = huge_pte_offset(svma->vm_mm, saddr);
                        if (spte) {
-                               get_page(virt_to_page(spte));
+                               struct page *spte_page = virt_to_page(spte);
+                               if (!is_hugetlb_pmd_page_valid(spte_page)) {

What prevents somebody else from marking the hugetlb
pmd invalid, between here...

+                                       spte = NULL;
+                                       continue;
+                               }

... and here?

+                               get_page(spte_page);
                                break;
                        }

I think need to take the refcount before checking whether
the hugetlb pmd is still valid.

Also, disregard my previous email in this thread, I just
read Mel's detailed explanation and wrapped my brain
around the bug :)
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/