mirror of
https://github.com/followmsi/android_kernel_google_msm.git
synced 2024-09-21 20:21:39 +00:00
tmpfs: fix race between swapoff and writepage
Shame on me! Commit b1dea800ac
"tmpfs: fix race between umount and
writepage" fixed the advertized race, but introduced another: as even
its comment makes clear, we cannot safely rely on a peek at list_empty()
while holding no lock - until info->swapped is set, shmem_unuse_inode()
may delete any formerly-swapped inode from the shmem_swaplist, which
in this case would leave a swap area impossible to swapoff.
Although I don't relish taking the mutex every time, I don't care much
for the alternatives either; and at least the peek at list_empty() in
shmem_evict_inode() (a hotter path since most inodes would never have
been swapped) remains safe, because we already truncated the whole file.
Signed-off-by: Hugh Dickins <hughd@google.com>
Cc: stable@kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
parent
afa49791ca
commit
05bf86b4cc
1 changed files with 4 additions and 6 deletions
10
mm/shmem.c
10
mm/shmem.c
|
@ -1037,7 +1037,6 @@ static int shmem_writepage(struct page *page, struct writeback_control *wbc)
|
||||||
struct address_space *mapping;
|
struct address_space *mapping;
|
||||||
unsigned long index;
|
unsigned long index;
|
||||||
struct inode *inode;
|
struct inode *inode;
|
||||||
bool unlock_mutex = false;
|
|
||||||
|
|
||||||
BUG_ON(!PageLocked(page));
|
BUG_ON(!PageLocked(page));
|
||||||
mapping = page->mapping;
|
mapping = page->mapping;
|
||||||
|
@ -1072,15 +1071,14 @@ static int shmem_writepage(struct page *page, struct writeback_control *wbc)
|
||||||
* we've taken the spinlock, because shmem_unuse_inode() will
|
* we've taken the spinlock, because shmem_unuse_inode() will
|
||||||
* prune a !swapped inode from the swaplist under both locks.
|
* prune a !swapped inode from the swaplist under both locks.
|
||||||
*/
|
*/
|
||||||
if (swap.val && list_empty(&info->swaplist)) {
|
if (swap.val) {
|
||||||
mutex_lock(&shmem_swaplist_mutex);
|
mutex_lock(&shmem_swaplist_mutex);
|
||||||
/* move instead of add in case we're racing */
|
if (list_empty(&info->swaplist))
|
||||||
list_move_tail(&info->swaplist, &shmem_swaplist);
|
list_add_tail(&info->swaplist, &shmem_swaplist);
|
||||||
unlock_mutex = true;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
spin_lock(&info->lock);
|
spin_lock(&info->lock);
|
||||||
if (unlock_mutex)
|
if (swap.val)
|
||||||
mutex_unlock(&shmem_swaplist_mutex);
|
mutex_unlock(&shmem_swaplist_mutex);
|
||||||
|
|
||||||
if (index >= info->next_index) {
|
if (index >= info->next_index) {
|
||||||
|
|
Loading…
Reference in a new issue