Subject: [to-be-updated] mm-vmalloc-fix-show-vmap_area-information-race-with-vmap_area-tear-down.patch removed from -mm tree
To: liwanp@xxxxxxxxxxxxxxxxxx,iamjoonsoo.kim@xxxxxxx,kosaki.motohiro@xxxxxxxxxxxxxx,rientjes@xxxxxxxxxx,zhangyanfei@xxxxxxxxxxxxxx,mm-commits@xxxxxxxxxxxxxxx
From: akpm@xxxxxxxxxxxxxxxxxxxx
Date: Mon, 23 Sep 2013 16:18:51 -0700
The patch titled
Subject: mm/vmalloc: fix show vmap_area information race with vmap_area tear down
has been removed from the -mm tree. Its filename was
mm-vmalloc-fix-show-vmap_area-information-race-with-vmap_area-tear-down.patch
This patch was dropped because an updated version will be merged
------------------------------------------------------
From: Wanpeng Li <liwanp@xxxxxxxxxxxxxxxxxx>
Subject: mm/vmalloc: fix show vmap_area information race with vmap_area tear down
There is a race window between vmap_area tear down and show vmap_area
information.
A B
remove_vm_area
spin_lock(&vmap_area_lock);
va->vm = NULL;
va->flags &= ~VM_VM_AREA;
spin_unlock(&vmap_area_lock);
spin_lock(&vmap_area_lock);
if (va->flags & (VM_LAZY_FREE | VM_LAZY_FREEZING))
return 0;
if (!(va->flags & VM_VM_AREA)) {
seq_printf(m, "0x%pK-0x%pK %7ld vm_map_ram\n",
(void *)va->va_start, (void *)va->va_end,
va->va_end - va->va_start);
return 0;
}
free_unmap_vmap_area(va);
flush_cache_vunmap
free_unmap_vmap_area_noflush
unmap_vmap_area
free_vmap_area_noflush
va->flags |= VM_LAZY_FREE
The assumption !VM_VM_AREA represents vm_map_ram allocation is introduced
by commit: d4033afd ("mm, vmalloc: iterate vmap_area_list, instead of
vmlist, in vmallocinfo()"). However, !VM_VM_AREA also represents vmap_area
is being tear down in race window mentioned above.
This patch fixes it by not dumping any information for !VM_VM_AREA case
and also remove (VM_LAZY_FREE | VM_LAZY_FREEING) check since they are not
possible for !VM_VM_AREA case.
Signed-off-by: Wanpeng Li <liwanp@xxxxxxxxxxxxxxxxxx>
Suggested-by: Joonsoo Kim <iamjoonsoo.kim@xxxxxxx>
Cc: David Rientjes <rientjes@xxxxxxxxxx>
Cc: KOSAKI Motohiro <kosaki.motohiro@xxxxxxxxxxxxxx>
Cc: Zhang Yanfei <zhangyanfei@xxxxxxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---
mm/vmalloc.c | 13 +++++--------
1 file changed, 5 insertions(+), 8 deletions(-)
diff -puN mm/vmalloc.c~mm-vmalloc-fix-show-vmap_area-information-race-with-vmap_area-tear-down mm/vmalloc.c
--- a/mm/vmalloc.c~mm-vmalloc-fix-show-vmap_area-information-race-with-vmap_area-tear-down
+++ a/mm/vmalloc.c
@@ -2584,16 +2584,13 @@ static int s_show(struct seq_file *m, vo
struct vmap_area *va = p;
struct vm_struct *v;
- if (va->flags & (VM_LAZY_FREE | VM_LAZY_FREEING))
+ /*
+ * s_show can encounter race with remove_vm_area, !VM_VM_AREA on
+ * behalf of vmap area is being tear down or vm_map_ram allocation.
+ */
+ if (!(va->flags & VM_VM_AREA))
return 0;
- if (!(va->flags & VM_VM_AREA)) {
- seq_printf(m, "0x%pK-0x%pK %7ld vm_map_ram\n",
- (void *)va->va_start, (void *)va->va_end,
- va->va_end - va->va_start);
- return 0;
- }
-
v = va->vm;
seq_printf(m, "0x%pK-0x%pK %7ld",
_
Patches currently in -mm which might be from liwanp@xxxxxxxxxxxxxxxxxx are
revert-mm-memory-hotplug-fix-lowmem-count-overflow-when-offline-pages.patch
mm-compactionc-periodically-schedule-when-freeing-pages.patch
ksm-remove-redundant-__gfp_zero-from-kcalloc.patch
mm-huge_memoryc-fix-stale-comments-of-transparent_hugepage_flags.patch
mm-memory-failurec-move-set_migratetype_isolate-outside-get_any_page.patch
mm-drop-actor-argument-of-do_generic_file_read.patch
mm-drop-actor-argument-of-do_generic_file_read-fix.patch
--
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
