Re: Possible dcache BUG

From: viro
Date: Thu Aug 05 2004 - 22:19:57 EST

Next message: Jeff Dike: "[PATCH] 2.6.8-rc3-mm1 - Fix missing backslash in asm-generic/bug.h"
Previous message: Michael Halcrow: "Re: [PATCH]"
In reply to: Linus Torvalds: "Re: Possible dcache BUG"
Next in thread: Linus Torvalds: "Re: Possible dcache BUG"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Aug 05, 2004 at 07:50:28PM -0700, Linus Torvalds wrote:

> So as far as I can tell, shrink_dcache_anon() will have _removed_ a dentry
> from the unused_list, but still left the dentry with wild pointers
> pointing to other dentries. Next time around we do a dput() on such a
> dentry, we'll be screwed, because we'll try to remove it again. Boom.

It doesn't even take a dput(). Look: we do list_del(), then notice that
sucker still has positive refcount and leave it alone. Now think what
happens on the next pass. That's right, we hit that dentry *again*.
And see that list_empty() is false. And do list_del() one more time.

However, what used to be e.g. next dentry might very well be freed by
now. *BOOM*.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Jeff Dike: "[PATCH] 2.6.8-rc3-mm1 - Fix missing backslash in asm-generic/bug.h"
Previous message: Michael Halcrow: "Re: [PATCH]"
In reply to: Linus Torvalds: "Re: Possible dcache BUG"
Next in thread: Linus Torvalds: "Re: Possible dcache BUG"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]