* [CHECKER] races in 2.5.65/mm/swapfile.c?
@ 2003-03-22 11:45 ` Dawson Engler
0 siblings, 0 replies; 4+ messages in thread
From: Dawson Engler @ 2003-03-22 11:45 UTC (permalink / raw)
To: linux-kernel, linux-mm; +Cc: Dawson Engler
Hi All,
mm/swapfile.c seems to have three potential races.
The first two are in
linux-2.5.62/mm/swap_state.c:87:add_to_swap_cache
which seems reachable without a lock from the callchain:
mm/swapfile.c:sys_swapoff:998->
sys_swapoff:1026->
try_to_unuse:591->
mm/swap_state.c:read_swap_cache_async:377->
add_to_swap_cache
add_to_swap_cache increments two global variables without a lock:
INC_CACHE_INFO(add_total);
and
INC_CACHE_INFO(exist_race);
The final one is in
linux-2.5.62/mm/swapfile.c:213:swap_entry_free
which seems to increment
nr_swap_pages++;
without a lock.
Are these real races? Or are these just stats variables? (Or is
there some implicit locking that protects these?)
Regards,
Dawson
^ permalink raw reply [flat|nested] 4+ messages in thread
* [CHECKER] races in 2.5.65/mm/swapfile.c?
@ 2003-03-22 11:45 ` Dawson Engler
0 siblings, 0 replies; 4+ messages in thread
From: Dawson Engler @ 2003-03-22 11:45 UTC (permalink / raw)
To: linux-kernel, linux-mm; +Cc: Dawson Engler
Hi All,
mm/swapfile.c seems to have three potential races.
The first two are in
linux-2.5.62/mm/swap_state.c:87:add_to_swap_cache
which seems reachable without a lock from the callchain:
mm/swapfile.c:sys_swapoff:998->
sys_swapoff:1026->
try_to_unuse:591->
mm/swap_state.c:read_swap_cache_async:377->
add_to_swap_cache
add_to_swap_cache increments two global variables without a lock:
INC_CACHE_INFO(add_total);
and
INC_CACHE_INFO(exist_race);
The final one is in
linux-2.5.62/mm/swapfile.c:213:swap_entry_free
which seems to increment
nr_swap_pages++;
without a lock.
Are these real races? Or are these just stats variables? (Or is
there some implicit locking that protects these?)
Regards,
Dawson
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"aart@kvack.org">aart@kvack.org</a>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [CHECKER] races in 2.5.65/mm/swapfile.c?
2003-03-22 11:45 ` Dawson Engler
@ 2003-03-22 12:12 ` Andrew Morton
-1 siblings, 0 replies; 4+ messages in thread
From: Andrew Morton @ 2003-03-22 12:12 UTC (permalink / raw)
To: Dawson Engler; +Cc: linux-kernel, linux-mm
Dawson Engler <engler@csl.stanford.edu> wrote:
>
> Hi All,
>
> mm/swapfile.c seems to have three potential races.
>
> The first two are in
> linux-2.5.62/mm/swap_state.c:87:add_to_swap_cache
>
> which seems reachable without a lock from the callchain:
>
> mm/swapfile.c:sys_swapoff:998->
> sys_swapoff:1026->
> try_to_unuse:591->
> mm/swap_state.c:read_swap_cache_async:377->
> add_to_swap_cache
>
> add_to_swap_cache increments two global variables without a lock:
> INC_CACHE_INFO(add_total);
> and
> INC_CACHE_INFO(exist_race);
These are just instrumentation. If they're a bit inaccurate nobody cares,
and they're not worth locking.
So yes, that is a positive.
> The final one is in
> linux-2.5.62/mm/swapfile.c:213:swap_entry_free
> which seems to increment
> nr_swap_pages++;
> without a lock.
swap_entry_free() is called after swap_info_get(), which locks the swap
device list and the particular swap device.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [CHECKER] races in 2.5.65/mm/swapfile.c?
@ 2003-03-22 12:12 ` Andrew Morton
0 siblings, 0 replies; 4+ messages in thread
From: Andrew Morton @ 2003-03-22 12:12 UTC (permalink / raw)
To: Dawson Engler; +Cc: linux-kernel, linux-mm
Dawson Engler <engler@csl.stanford.edu> wrote:
>
> Hi All,
>
> mm/swapfile.c seems to have three potential races.
>
> The first two are in
> linux-2.5.62/mm/swap_state.c:87:add_to_swap_cache
>
> which seems reachable without a lock from the callchain:
>
> mm/swapfile.c:sys_swapoff:998->
> sys_swapoff:1026->
> try_to_unuse:591->
> mm/swap_state.c:read_swap_cache_async:377->
> add_to_swap_cache
>
> add_to_swap_cache increments two global variables without a lock:
> INC_CACHE_INFO(add_total);
> and
> INC_CACHE_INFO(exist_race);
These are just instrumentation. If they're a bit inaccurate nobody cares,
and they're not worth locking.
So yes, that is a positive.
> The final one is in
> linux-2.5.62/mm/swapfile.c:213:swap_entry_free
> which seems to increment
> nr_swap_pages++;
> without a lock.
swap_entry_free() is called after swap_info_get(), which locks the swap
device list and the particular swap device.
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"aart@kvack.org">aart@kvack.org</a>
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2003-03-22 12:12 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2003-03-22 11:45 [CHECKER] races in 2.5.65/mm/swapfile.c? Dawson Engler
2003-03-22 11:45 ` Dawson Engler
2003-03-22 12:12 ` Andrew Morton
2003-03-22 12:12 ` Andrew Morton
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.