Linus, looks like the logics with "if we got stale buffer_heads -
no problem, grow_dev_page() will get rid of them" is broken.
Look at block_read_full_page(). If it sees ->buffers != NULL, it
assumes that buffer size corresponds to ->i_blkbits. IOW, if we ever
trigger the "let's free old buffer heads" path in grow_dev_page() - we
were in trouble; if somebody would read(2) from that place he'd end up
calling block_read_full_page() and it would screw up.
So either we need to replace if (!try_to_free_buffers(page, GFP_NOFS))
with unconditional BUG() and make sure that it doesn't get triggered, or
we need to start pulling similar bh resizing code into block_read_full_page()
and friends.
Comments?
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Fri Nov 23 2001 - 21:00:21 EST