On Wednesday 18 June 2008 11:54, KAMEZAWA Hiroyuki wrote: > On Wed, 18 Jun 2008 10:13:49 +0900 > > KAMEZAWA Hiroyuki <kamezawa.hiroyu@xxxxxxxxxxxxxx> wrote: > > + if (!page_cache_get_speculative()) > > + goto out; > > This is obviously buggy....sorry..quilt refresh miss.. > > == > In speculative page cache lookup protocol, page_count(page) is set to 0 > while radix-tree modification is going on, truncation, migration, etc... These tend to all happen while the page is locked, and in particular while the page does not have any references other than the current code path and the pagecache. So no page tables should point to it. So migration_entry_wait should not find pages with a refcount of zero. > While page migration, a page fault to page under migration should wait > unlock_page() and migration_entry_wait() waits for the page from its > pte entry. It does get_page() -> wait_on_page_locked() -> put_page() now. > > In page migration, page_freeze_refs() -> page_unfreeze_refs() is called. > > Here, page_unfreeze_refs() expects page_count(page) == 0 and panics > if page_count(page) != 0. To avoid this, we shouldn't touch page_count() > if it is zero. This patch uses page_cache_get_speculative() to avoid > the panic. At any rate, page_cache_get_speculative() should not be used for this purpose, but for when we _really_ don't have any references to a page. -- To unsubscribe from this list: send the line "unsubscribe kernel-testers" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html