Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S261482AbUKOWer (ORCPT ); Mon, 15 Nov 2004 17:34:47 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S261440AbUKOWer (ORCPT ); Mon, 15 Nov 2004 17:34:47 -0500 Received: from mail-relay-2.tiscali.it ([213.205.33.42]:31715 "EHLO mail-relay-2.tiscali.it") by vger.kernel.org with ESMTP id S261482AbUKOWeb (ORCPT ); Mon, 15 Nov 2004 17:34:31 -0500 Date: Mon, 15 Nov 2004 23:34:30 +0100 From: Andrea Arcangeli To: Hugh Dickins Cc: Andrew Morton , Andi Kleen , Christoph Rohland , linux-kernel@vger.kernel.org Subject: Re: [PATCH] tmpfs symlink corrupts mempolicy Message-ID: <20041115223430.GF4758@dualathlon.random> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-GPG-Key: 1024D/68B9CB43 13D9 8355 295F 4823 7C49 C012 DFA1 686E 68B9 CB43 X-PGP-Key: 1024R/CB4660B9 CC A0 71 81 F4 A0 63 AC C0 4B 81 1D 8C 15 C8 E5 User-Agent: Mutt/1.5.6i Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1829 Lines: 39 On Mon, Nov 15, 2004 at 08:41:12PM +0000, Hugh Dickins wrote: > Andrea discovered that short symlinks on tmpfs, stored within the inode > itself, overwrote the NUMA mempolicy field which shmem_destroy_inode > expected to find there. His fix was good, but Hugh changed it around a > little, to match existing shmem.c practice (now mpol_init in cases which > might allocate a page, mpol_free in shmem_truncate_inode), and allow for > possibility that mpol_init for a long symlink might one day do something > which really needs mpol_free. > > Signed-off-by: Hugh Dickins > --- > > Thanks a lot for working that out, Andrea: is this version okay with you? > I've not studied the mempolicy.c part of the patch you posted, which > seemed to be an entirely separate (and less urgent) patch, > better reviewed by Andi. > > --- 2.6.10-rc2/mm/shmem.c 2004-11-15 16:21:24.000000000 +0000 > +++ linux/mm/shmem.c 2004-11-15 19:08:58.366829456 +0000 > @@ -672,6 +672,7 @@ static void shmem_delete_inode(struct in > shmem_unacct_size(info->flags, inode->i_size); > inode->i_size = 0; > shmem_truncate(inode); > + mpol_free_shared_policy(&info->policy); > if (!list_empty(&info->swaplist)) { > spin_lock(&shmem_swaplist_lock); > list_del_init(&info->swaplist); this patch is completely broken, delete_inode isn't going to be called when the inode is being shrunk. delete_inode is only good for truncate, mpol_free_shared_policy has nothing to do with the nlink value. this patch will tend to work until the vm shrink the dcache, then it'll crash, sorry. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/