Linux-Fsdevel Archive on
 help / color / Atom feed
From: Jan Kara <>
To: <>
Cc: <>,
	Ross Zwisler <>,
	Dan Williams <>, <>,
	Dave Jiang <>, Jan Kara <>
Subject: [PATCH] mm: Fix warning in insert_pfn()
Date: Fri, 24 Aug 2018 17:45:42 +0200
Message-ID: <> (raw)

In DAX mode a write pagefault can race with write(2) in the following

CPU0                            CPU1
                                write fault for mapped zero page (hole)
      - allocates blocks
        - invalidates radix tree entries in given range
                                    - no entry found, creates empty
                                    - finds already allocated block
                                    - WARNs and does nothing because there
                                      is still zero page mapped in PTE

This race results in WARN_ON from insert_pfn() and is occasionally
triggered by fstest generic/344. Note that the race is otherwise
harmless as before write(2) on CPU0 is finished, we will invalidate page
tables properly and thus user of mmap will see modified data from
write(2) from that point on. So just restrict the warning only to the
case when the PFN in PTE is not zero page.

Signed-off-by: Jan Kara <>
 mm/memory.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/mm/memory.c b/mm/memory.c
index 83aef222f11b..e82cd2125d72 100644
--- a/mm/memory.c
+++ b/mm/memory.c
@@ -1787,10 +1787,15 @@ static int insert_pfn(struct vm_area_struct *vma, unsigned long addr,
 			 * in may not match the PFN we have mapped if the
 			 * mapped PFN is a writeable COW page.  In the mkwrite
 			 * case we are creating a writable PTE for a shared
-			 * mapping and we expect the PFNs to match.
+			 * mapping and we expect the PFNs to match. If they
+			 * don't match, we are likely racing with block
+			 * allocation and mapping invalidation so just skip the
+			 * update.
-			if (WARN_ON_ONCE(pte_pfn(*pte) != pfn_t_to_pfn(pfn)))
+			if (pte_pfn(*pte) != pfn_t_to_pfn(pfn)) {
+				WARN_ON_ONCE(!is_zero_pfn(pte_pfn(*pte)));
 				goto out_unlock;
+			}
 			entry = *pte;
 			goto out_mkwrite;
 		} else

             reply index

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-08-24 15:45 Jan Kara [this message]
2018-10-03 16:35 ` Theodore Y. Ts'o
2018-10-03 16:56   ` Dan Williams
2018-10-04 14:35     ` Theodore Y. Ts'o
2018-10-11  0:30 ` Andrew Morton
2018-10-11  0:46   ` Dan Williams

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \ \ \ \ \ \ \ \ \

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Linux-Fsdevel Archive on

Archives are clonable:
	git clone --mirror linux-fsdevel/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-fsdevel linux-fsdevel/ \
	public-inbox-index linux-fsdevel

Example config snippet for mirrors

Newsgroup available over NNTP:

AGPL code for this site: git clone