From: Greg KH <gregkh@suse.de>
To: linux-kernel@vger.kernel.org, stable@kernel.org, torvalds@osdl.org
Cc: Justin Forbes <jmforbes@linuxtx.org>,
Zwane Mwaikambo <zwane@arm.linux.org.uk>,
"Theodore Ts'o" <tytso@mit.edu>,
Randy Dunlap <rdunlap@xenotime.net>,
Dave Jones <davej@redhat.com>,
Chuck Wolber <chuckw@quantumlinux.com>,
Chris Wedgwood <reviews@ml.cw.f00f.org>,
Michael Krufky <mkrufky@linuxtv.org>,
akpm@osdl.org, alan@lxorguk.ukuu.org.uk, hugh@veritas.com,
Nick Piggin <nickpiggin@yahoo.com.au>,
Greg Kroah-Hartman <gregkh@suse.de>
Subject: [patch 07/19] invalidate_complete_page() race fix
Date: Tue, 10 Oct 2006 10:14:51 -0700 [thread overview]
Message-ID: <20061010171451.GH6339@kroah.com> (raw)
In-Reply-To: <20061010171350.GA6339@kroah.com>
[-- Attachment #1: invalidate_complete_page-race-fix.patch --]
[-- Type: text/plain, Size: 1435 bytes --]
-stable review patch. If anyone has any objections, please let us know.
------------------
From: Andrew Morton <akpm@osdl.org>
If a CPU faults this page into pagetables after invalidate_mapping_pages()
checked page_mapped(), invalidate_complete_page() will still proceed to remove
the page from pagecache. This leaves the page-faulting process with a
detached page. If it was MAP_SHARED then file data loss will ensue.
Fix that up by checking the page's refcount after taking tree_lock.
Cc: Nick Piggin <nickpiggin@yahoo.com.au>
Cc: Hugh Dickins <hugh@veritas.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
mm/truncate.c | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
--- linux-2.6.17.13.orig/mm/truncate.c
+++ linux-2.6.17.13/mm/truncate.c
@@ -68,10 +68,10 @@ invalidate_complete_page(struct address_
return 0;
write_lock_irq(&mapping->tree_lock);
- if (PageDirty(page)) {
- write_unlock_irq(&mapping->tree_lock);
- return 0;
- }
+ if (PageDirty(page))
+ goto failed;
+ if (page_count(page) != 2) /* caller's ref + pagecache ref */
+ goto failed;
BUG_ON(PagePrivate(page));
__remove_from_page_cache(page);
@@ -79,6 +79,9 @@ invalidate_complete_page(struct address_
ClearPageUptodate(page);
page_cache_release(page); /* pagecache ref */
return 1;
+failed:
+ write_unlock_irq(&mapping->tree_lock);
+ return 0;
}
/**
--
next prev parent reply other threads:[~2006-10-10 17:15 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20061010165621.394703368@quad.kroah.org>
2006-10-10 17:13 ` [patch 00/19] 2.6.17-stable review Greg KH
2006-10-10 17:14 ` [patch 01/19] dvb-core: Proper handling ULE SNDU length of 0 (CVE-2006-4623) Greg KH
2006-10-10 17:14 ` [patch 02/19] NFS: Fix a potential deadlock in nfs_release_page Greg KH
2006-10-10 17:14 ` [patch 03/19] SUNRPC: avoid choosing an IPMI port for RPC traffic Greg KH
2006-10-10 18:59 ` Jan Engelhardt
2006-10-11 23:45 ` Trond Myklebust
2006-10-12 1:12 ` Alan Cox
2006-10-12 1:35 ` Trond Myklebust
2006-10-12 1:53 ` Matt Domsch
2006-10-12 2:04 ` Trond Myklebust
2006-10-12 10:16 ` Alan Cox
2006-10-12 10:15 ` Alan Cox
2006-10-12 15:15 ` Trond Myklebust
2006-10-12 7:58 ` Jan Engelhardt
2006-10-12 8:35 ` Bernd Petrovitsch
2006-10-12 12:28 ` Jan Engelhardt
2006-10-12 15:01 ` Trond Myklebust
2006-10-12 15:49 ` Jan Engelhardt
2006-10-10 17:14 ` [patch 04/19] LOCKD: Fix a deadlock in nlm_traverse_files() Greg KH
2006-10-10 17:14 ` [patch 05/19] NFS: More page cache revalidation fixups Greg KH
2006-10-10 17:14 ` [patch 06/19] Backport: Old IDE, fix SATA detection for cabling Greg KH
2006-10-10 17:14 ` Greg KH [this message]
2006-10-10 18:12 ` [patch 07/19] invalidate_complete_page() race fix Hugh Dickins
2006-10-10 19:14 ` [stable] " Greg KH
2006-10-10 19:30 ` Andrew Morton
2006-10-10 17:14 ` [patch 08/19] ext3 sequential read regression fix Greg KH
2006-10-10 17:14 ` [patch 09/19] sysfs: remove duplicated dput in sysfs_update_file Greg KH
2006-10-10 17:15 ` [patch 10/19] Video: Fix msp343xG handling regression Greg KH
2006-10-10 17:15 ` [patch 11/19] Video: cx24123: fix PLL divisor setup Greg KH
2006-10-10 17:15 ` [patch 12/19] SPARC64: Fix serious bug in sched_clock() on sparc64 Greg KH
2006-10-10 17:15 ` [patch 13/19] Fix sparc64 ramdisk handling Greg KH
2006-10-10 17:15 ` [patch 14/19] PKT_SCHED: cls_basic: Use unsigned int when generating handle Greg KH
2006-10-10 17:15 ` [patch 15/19] xirc2ps_cs: Cannot reset card in atomic context Greg KH
2006-10-10 17:15 ` [patch 16/19] Add PIIX4 APCI quirk for the 440MX chipset too Greg KH
2006-10-10 17:15 ` [patch 17/19] MMC: Always use a sector size of 512 bytes Greg KH
2006-10-10 17:15 ` [patch 18/19] ahci: do not fail softreset if PHY reports no device Greg KH
2006-10-10 17:15 ` [patch 19/19] Input: logips2pp - fix button mapping for MX300 Greg KH
2006-10-10 17:59 ` [stable] [patch 00/19] 2.6.17-stable review Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20061010171451.GH6339@kroah.com \
--to=gregkh@suse.de \
--cc=akpm@osdl.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=chuckw@quantumlinux.com \
--cc=davej@redhat.com \
--cc=hugh@veritas.com \
--cc=jmforbes@linuxtx.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mkrufky@linuxtv.org \
--cc=nickpiggin@yahoo.com.au \
--cc=rdunlap@xenotime.net \
--cc=reviews@ml.cw.f00f.org \
--cc=stable@kernel.org \
--cc=torvalds@osdl.org \
--cc=tytso@mit.edu \
--cc=zwane@arm.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox