• Andrew Morton's avatar
    [PATCH] fix set_page_dirty vs truncate&free races · 5ba2948d
    Andrew Morton authored
    set_page_dirty() is racy if the caller has no reference against
    page->mapping->host, and if the page is unlocked.  This is because
    another CPU could truncate the page off the mapping and then free the
    mapping.
    
    Usually, the page _is_ locked, or the caller is a user-space process which
    holds a reference on the inode by having an open file.
    
    The exceptional cases are where the page was obtained via
    get_user_pages().  The patch changes those to lock the page around the
    set_page_dirty() call.
    5ba2948d
page-writeback.c 17 KB