futex: Fix uninterruptible loop due to gate_area
authorHugh Dickins <hughd@google.com>
Sat, 31 Dec 2011 19:44:01 +0000 (11:44 -0800)
committerRohan Somvanshi <rsomvanshi@nvidia.com>
Wed, 11 Jan 2012 18:12:19 +0000 (10:12 -0800)
commit2a2e703c7c8639a8c53439add0722877eeefabfb
tree134c3e78e7ad7ad75941a95b45c1a011ee792ca1
parent17562612f4bad26f29235f46843afa6f2b7397d4
futex: Fix uninterruptible loop due to gate_area

commit e6780f7243eddb133cc20ec37fa69317c218b709 upstream.

It was found (by Sasha) that if you use a futex located in the gate
area we get stuck in an uninterruptible infinite loop, much like the
ZERO_PAGE issue.

While looking at this problem, PeterZ realized you'll get into similar
trouble when hitting any install_special_pages() mapping.  And are there
still drivers setting up their own special mmaps without page->mapping,
and without special VM or pte flags to make get_user_pages fail?

In most cases, if page->mapping is NULL, we do not need to retry at all:
Linus points out that even /proc/sys/vm/drop_caches poses no problem,
because it ends up using remove_mapping(), which takes care not to
interfere when the page reference count is raised.

But there is still one case which does need a retry: if memory pressure
called shmem_writepage in between get_user_pages_fast dropping page
table lock and our acquiring page lock, then the page gets switched from
filecache to swapcache (and ->mapping set to NULL) whatever the refcount.
Fault it back in to get the page->mapping needed for key->shared.inode.

Reported-by: Sasha Levin <levinsasha928@gmail.com>
Signed-off-by: Hugh Dickins <hughd@google.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

Change-Id: I04a763aed3c611460ef4888d14a1f5101e8373bc
Reviewed-on: http://git-master/r/74198
Reviewed-by: Varun Wadekar <vwadekar@nvidia.com>
Tested-by: Varun Wadekar <vwadekar@nvidia.com>
kernel/futex.c