Re: [PATCH] tmpfs symlink corrupts mempolicy

From: Andrea Arcangeli
Date: Mon Nov 15 2004 - 17:36:18 EST


On Mon, Nov 15, 2004 at 08:41:12PM +0000, Hugh Dickins wrote:
> Andrea discovered that short symlinks on tmpfs, stored within the inode
> itself, overwrote the NUMA mempolicy field which shmem_destroy_inode
> expected to find there. His fix was good, but Hugh changed it around a
> little, to match existing shmem.c practice (now mpol_init in cases which
> might allocate a page, mpol_free in shmem_truncate_inode), and allow for
> possibility that mpol_init for a long symlink might one day do something
> which really needs mpol_free.
>
> Signed-off-by: Hugh Dickins <hugh@xxxxxxxxxxx>
> ---
>
> Thanks a lot for working that out, Andrea: is this version okay with you?
> I've not studied the mempolicy.c part of the patch you posted, which
> seemed to be an entirely separate (and less urgent) patch,
> better reviewed by Andi.
>
> --- 2.6.10-rc2/mm/shmem.c 2004-11-15 16:21:24.000000000 +0000
> +++ linux/mm/shmem.c 2004-11-15 19:08:58.366829456 +0000
> @@ -672,6 +672,7 @@ static void shmem_delete_inode(struct in
> shmem_unacct_size(info->flags, inode->i_size);
> inode->i_size = 0;
> shmem_truncate(inode);
> + mpol_free_shared_policy(&info->policy);
> if (!list_empty(&info->swaplist)) {
> spin_lock(&shmem_swaplist_lock);
> list_del_init(&info->swaplist);

this patch is completely broken, delete_inode isn't going to be called
when the inode is being shrunk. delete_inode is only good for truncate,
mpol_free_shared_policy has nothing to do with the nlink value.

this patch will tend to work until the vm shrink the dcache, then it'll
crash, sorry.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/