• Hugh Dickins's avatar
    tmpfs: fix race between swapoff and writepage · 05bf86b4
    Hugh Dickins authored
    Shame on me!  Commit b1dea800 "tmpfs: fix race between umount and
    writepage" fixed the advertized race, but introduced another: as even
    its comment makes clear, we cannot safely rely on a peek at list_empty()
    while holding no lock - until info->swapped is set, shmem_unuse_inode()
    may delete any formerly-swapped inode from the shmem_swaplist, which
    in this case would leave a swap area impossible to swapoff.
    
    Although I don't relish taking the mutex every time, I don't care much
    for the alternatives either; and at least the peek at list_empty() in
    shmem_evict_inode() (a hotter path since most inodes would never have
    been swapped) remains safe, because we already truncated the whole file.
    Signed-off-by: default avatarHugh Dickins <hughd@google.com>
    Cc: stable@kernel.org
    Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    05bf86b4
shmem.c 72.6 KB