mirrors/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2025-11-04 02:30:34 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

[PATCH] invalidate_complete_page() race fix

Browse source 
If a CPU faults this page into pagetables after invalidate_mapping_pages()
checked page_mapped(), invalidate_complete_page() will still proceed to remove
the page from pagecache.  This leaves the page-faulting process with a
detached page.  If it was MAP_SHARED then file data loss will ensue.

Fix that up by checking the page's refcount after taking tree_lock.

Cc: Nick Piggin <nickpiggin@yahoo.com.au>
Cc: Hugh Dickins <hugh@veritas.com>
Cc: <stable@kernel.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
This commit is contained in:
Andrew Morton 2006-09-08 09:48:38 -07:00 committed by Linus Torvalds
parent 3665d0e58f
commit 016eb4a0ed
1 changed files with 7 additions and 4 deletions
repo.diff.show_diff_stats Download patch file Download diff file Expand all files Collapse all files

11
mm/truncate.c
View file

@ -68,10 +68,10 @@ invalidate_complete_page(struct address_space *mapping, struct page *page)
return 0;
write_lock_irq(&mapping->tree_lock);
if (PageDirty(page)) {
write_unlock_irq(&mapping->tree_lock);
return 0;
}
if (PageDirty(page))
goto failed;
if (page_count(page) != 2) /* caller's ref + pagecache ref */
goto failed;
BUG_ON(PagePrivate(page));
__remove_from_page_cache(page);
@ -79,6 +79,9 @@ invalidate_complete_page(struct address_space *mapping, struct page *page)
ClearPageUptodate(page);
page_cache_release(page); /* pagecache ref */
return 1;
failed:
write_unlock_irq(&mapping->tree_lock);
return 0;
}
/**