Commit 016eb4a0 authored by Andrew Morton's avatar Andrew Morton Committed by Linus Torvalds
Browse files

[PATCH] invalidate_complete_page() race fix

If a CPU faults this page into pagetables after invalidate_mapping_pages()
checked page_mapped(), invalidate_complete_page() will still proceed to remove
the page from pagecache.  This leaves the page-faulting process with a
detached page.  If it was MAP_SHARED then file data loss will ensue.

Fix that up by checking the page's refcount after taking tree_lock.

Cc: Nick Piggin <>
Cc: Hugh Dickins <>
Cc: <>
Signed-off-by: default avatarAndrew Morton <>
Signed-off-by: default avatarLinus Torvalds <>
parent 3665d0e5
......@@ -68,10 +68,10 @@ invalidate_complete_page(struct address_space *mapping, struct page *page)
return 0;
if (PageDirty(page)) {
return 0;
if (PageDirty(page))
goto failed;
if (page_count(page) != 2) /* caller's ref + pagecache ref */
goto failed;
......@@ -79,6 +79,9 @@ invalidate_complete_page(struct address_space *mapping, struct page *page)
page_cache_release(page); /* pagecache ref */
return 1;
return 0;
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment