On Mon, Sep 29, 2014 at 09:52:24PM -0700, Hugh Dickins wrote: > On Mon, 15 Sep 2014, Naoya Horiguchi wrote: > > When running the test which causes the race as shown in the previous patch, > > we can hit the BUG "get_page() on refcount 0 page" in hugetlb_fault(). > > Two minor comments... > > > @@ -3192,22 +3208,19 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, > > * Note that locking order is always pagecache_page -> page, > > * so no worry about deadlock. > > That sentence of comment is stale and should be deleted, > now that you're only doing a trylock_page(page) here. OK, I'll delete it. > > out_mutex: > > mutex_unlock(&htlb_fault_mutex_table[hash]); > > + if (need_wait_lock) > > + wait_on_page_locked(page); > > return ret; > > } > > It will be hard to trigger any problem from this (I guess it would > need memory hotremove), but you ought really to hold a reference to > page while doing a wait_on_page_locked(page). I'll do that. Thanks, Naoya Horiguchi -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html