On Thu, 2 Jun 2011, Chris Wright wrote: > Andrea Righi reported a case where an exiting task can race against > ksmd. > > ksm_scan.mm_slot == the only registered mm > CPU 1 (bug program) CPU 2 (ksmd) > list_empty() is false > lock > ksm_scan.mm_slot > list_del > unlock > slot == &ksm_mm_head (but list is now empty_) > > Close this race by revalidating that the new slot is not simply the list > head again. Remarkably similar to my patch: it must be good! But yours appears to be more popular - thanks, Chris. > > Reported-by: Andrea Righi <andrea@xxxxxxxxxxxxxxx> > Cc: Hugh Dickins <hughd@xxxxxxxxxx> Acked-by: Hugh Dickins <hughd@xxxxxxxxxx> > Cc: Andrea Arcangeli <aarcange@xxxxxxxxxx> > Signed-off-by: Chris Wright <chrisw@xxxxxxxxxxxx> Cc: stable@xxxxxxxxxx > --- > mm/ksm.c | 3 +++ > 1 files changed, 3 insertions(+), 0 deletions(-) > > diff --git a/mm/ksm.c b/mm/ksm.c > index 942dfc7..0373ce4 100644 > --- a/mm/ksm.c > +++ b/mm/ksm.c > @@ -1301,6 +1301,9 @@ static struct rmap_item *scan_get_next_rmap_item(struct page **page) > slot = list_entry(slot->mm_list.next, struct mm_slot, mm_list); > ksm_scan.mm_slot = slot; > spin_unlock(&ksm_mmlist_lock); > + /* We raced against exit of last slot on the list */ > + if (slot == &ksm_mm_head) > + return NULL; > next_mm: > ksm_scan.address = 0; > ksm_scan.rmap_list = &slot->rmap_list; -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxxx For more info on Linux MM, see: http://www.linux-mm.org/ . Fight unfair telecom internet charges in Canada: sign http://stopthemeter.ca/ Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>