Re: [PATCH]: Brown paper bag in fs/file.c?

[Dipankar Sarma]

On Wed, Sep 14, 2005 at 12:57:50PM -0700, David S. Miller wrote:
> From: Dipankar Sarma <dipankar@xxxxxxxxxx>
> Date: Thu, 15 Sep 2005 00:48:42 +0530
> 
> > __free_fdtable() is used only when the fdarray/fdset are vmalloced
> > (use of the workqueue) or there is a race between two expand_files().
> > That might be why we haven't seen this cause any explicit problem
> > so far.
> > 
> > This would be an appropriate patch - (untested). I will update
> > as soon as testing is done.
> 
> Thanks.
> 
> I still can't figure out what causes my sparc64 bug.  Somehow a
> kmalloc() chunk of file pointers gets freed too early, the SLAB is
> shrunk due to memory pressure so the page containing that object gets
> freed, that page ends up as an anonymous page in userspace, but filp
> writes from the older usage occurs and corrupts the page.
> 
> I wonder if we simply leave a stale pointer around to the older
> fd array in some case.

Are you running with preemption enabled ? If so, fyi, I had sent
out a patch earlier that fixes locking for preemption.
Also, what triggers this in your machine ? I can try to reproduce
this albeit on a non-sparc64 box.

Thanks
Dipankar
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/