(cc's reinstated)
I assume you refer to this:
		 * FIXME! We still have a race here: if somebody

		 * adds the page back to the page tables in

		 * between the "page_mkclean()" and the "TestClearPageDirty()",

		 * we might have it mapped without the dirty bit set.

		 */

		if (page_mkclean(page))

			set_page_dirty(page);

		if (TestClearPageDirty(page)) {

			dec_zone_page_state(page, NR_FILE_DIRTY);

			return 1;

		}
I guess the comment actually refers to a writefault after the

set_page_dirty() and before the TestClearPageDirty().  The fault handler

will run set_page_dirty() and will return to userspace to rerun the write.

The page then gets set pte-dirty but this thread of control will now make

the page !PageDirty() and will write it out.
With Nick's proposed lock-the-page-in-pagefaults patches, we have

lock_page() synchronisation between pagefaults and

clear_page_dirty_for_io() which I think will fix this.
-

After a quick look, I don't think it does.  It locks the page in

do_no_page(), but not for the whole fault.  In particular do_wp_page()

is not affected.  But I haven't yet looked closely at that patch, so I

could be wrong.
Miklos

-