github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-10 15:42:19 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
8301e7e348
linux/include
History
Nick Piggin 8301e7e348 radix-tree: fix RCU bug 
commit 27d20fddc8 upstream.

Salman Qazi describes the following radix-tree bug:

In the following case, we get can get a deadlock:

0.  The radix tree contains two items, one has the index 0.
1.  The reader (in this case find_get_pages) takes the rcu_read_lock.
2.  The reader acquires slot(s) for item(s) including the index 0 item.
3.  The non-zero index item is deleted, and as a consequence the other item is
    moved to the root of the tree. The place where it used to be is queued for
    deletion after the readers finish.
3b. The zero item is deleted, removing it from the direct slot, it remains in
    the rcu-delayed indirect node.
4.  The reader looks at the index 0 slot, and finds that the page has 0 ref
    count
5.  The reader looks at it again, hoping that the item will either be freed or
    the ref count will increase. This never happens, as the slot it is looking
    at will never be updated. Also, this slot can never be reclaimed because
    the reader is holding rcu_read_lock and is in an infinite loop.

The fix is to re-use the same "indirect" pointer case that requires a slot
lookup retry into a general "retry the lookup" bit.

Signed-off-by: Nick Piggin <npiggin@kernel.dk>
Reported-by: Salman Qazi <sqazi@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2010-12-09 13:32:53 -08:00
..
acpi ACPI: Fix typos 2010-09-28 21:38:19 -04:00
asm-generic gpio: doc updates 2010-09-09 18:57:24 -07:00
crypto
drm drm/ttm: Fix two race conditions + fix busy codepaths 2010-10-06 09:04:43 +10:00
keys DNS: Separate out CIFS DNS Resolver code 2010-08-05 17:17:51 +00:00
linux radix-tree: fix RCU bug 2010-12-09 13:32:53 -08:00
math-emu
media V4L/DVB: videobuf-dma-sg: set correct size in last sg element 2010-09-27 22:22:01 -03:00
mtd mtd: Update copyright notices 2010-08-08 20:58:20 +01:00
net mac80211: clear txflags for ps-filtered frames 2010-12-09 13:32:12 -08:00
pcmcia pcmcia: use struct resource for PCMCIA devices, part 2 2010-08-03 09:04:16 +02:00
rdma IB: Rename RAW_ETY to RAW_ETHERTYPE 2010-08-04 10:44:19 -07:00
rxrpc
scsi scsi: use __uX types for headers exported to user space 2010-08-11 08:59:01 -07:00
sound ALSA: emu10k1 - delay the PCM interrupts (add pcm_irq_delay parameter) 2010-08-18 15:10:59 +02:00
trace Merge branch 'perf-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip 2010-08-24 12:21:49 -07:00
video include: replace unifdef-y with header-y 2010-08-14 22:26:51 +02:00
xen xen: pvhvm: make it clearer that XEN_UNPLUG_* define bits in a bitfield 2010-08-23 12:01:35 +01:00
Kbuild