Hi All,
mm/swapfile.c seems to have three potential races.
The first two are in
linux-2.5.62/mm/swap_state.c:87:add_to_swap_cache
which seems reachable without a lock from the callchain:
mm/swapfile.c:sys_swapoff:998->
sys_swapoff:1026->
try_to_unuse:591->
mm/swap_state.c:read_swap_cache_async:377->
add_to_swap_cache
add_to_swap_cache increments two global variables without a lock:
INC_CACHE_INFO(add_total);
and
INC_CACHE_INFO(exist_race);
The final one is in
linux-2.5.62/mm/swapfile.c:213:swap_entry_free
which seems to increment
nr_swap_pages++;
without a lock.
Are these real races? Or are these just stats variables? (Or is
there some implicit locking that protects these?)
Regards,
Dawson
Dawson Engler <[email protected]> wrote:
>
> Hi All,
>
> mm/swapfile.c seems to have three potential races.
>
> The first two are in
> linux-2.5.62/mm/swap_state.c:87:add_to_swap_cache
>
> which seems reachable without a lock from the callchain:
>
> mm/swapfile.c:sys_swapoff:998->
> sys_swapoff:1026->
> try_to_unuse:591->
> mm/swap_state.c:read_swap_cache_async:377->
> add_to_swap_cache
>
> add_to_swap_cache increments two global variables without a lock:
> INC_CACHE_INFO(add_total);
> and
> INC_CACHE_INFO(exist_race);
These are just instrumentation. If they're a bit inaccurate nobody cares,
and they're not worth locking.
So yes, that is a positive.
> The final one is in
> linux-2.5.62/mm/swapfile.c:213:swap_entry_free
> which seems to increment
> nr_swap_pages++;
> without a lock.
swap_entry_free() is called after swap_info_get(), which locks the swap
device list and the particular swap device.