| User: | Jiri Slaby |
| Error type: | Double Unlock |
| Error type description: | Some lock is unlocked twice unintentionally in a sequence |
| File location: | mm/memory.c |
| Line in file: | 1961 |
| Project: | Linux Kernel |
| Project version: | 2.6.28 |
| Tools: |
Smatch
(1.59)
|
| Entered: | 2013-09-10 15:16:58 UTC |
1931 * here still points into it and can be read by other 1932 * threads. 1933 * 1934 * The critical issue is to order this 1935 * page_remove_rmap with the ptp_clear_flush above. 1936 * Those stores are ordered by (if nothing else,) 1937 * the barrier present in the atomic_add_negative 1938 * in page_remove_rmap. 1939 * 1940 * Then the TLB flush in ptep_clear_flush ensures that 1941 * no process can access the old page before the 1942 * decremented mapcount is visible. And the old page 1943 * cannot be reused until after the decremented 1944 * mapcount is visible. So transitively, TLBs to 1945 * old page will be flushed before it can be reused. 1946 */ 1947 page_remove_rmap(old_page, vma); 1948 } 1949 1950 /* Free the old page.. */ 1951 new_page = old_page; 1952 ret |= VM_FAULT_WRITE; 1953 } else 1954 mem_cgroup_uncharge_page(new_page); 1955 1956 if (new_page) 1957 page_cache_release(new_page); 1958 if (old_page) 1959 page_cache_release(old_page); 1960unlock: 1961 pte_unmap_unlock(page_table, ptl); 1962 if (dirty_page) { 1963 if (vma->vm_file) 1964 file_update_time(vma->vm_file); 1965 1966 /* 1967 * Yes, Virginia, this is actually required to prevent a race 1968 * with clear_page_dirty_for_io() from clearing the page dirty 1969 * bit after it clear all dirty ptes, but before a racing 1970 * do_wp_page installs a dirty pte. 1971 *