* BUG? a suspected race bug at check_journal_end()
@ 2009-11-03 13:08 홍신 shin hong
2009-11-03 13:27 ` Sergey Senozhatsky
0 siblings, 1 reply; 2+ messages in thread
From: 홍신 shin hong @ 2009-11-03 13:08 UTC (permalink / raw)
To: reiserfs-devel
Hello. I am reporting atomic instructions usages
which are suspected to be misused in reiserfs/journal.c
of Linux 2.6.31
I do not have much background on reiserfs
so that I am not certain whether it is correct or not.
But I hope this report is helpful. Please examine the code.
In check_journal_end(), there are following codes:
if (atomic_read(&(journal->j_wcount)) > 0) {
atomic_dec(&(journal->j_wcount)) ;
It first checks journal->j_wcount and then increments its value by one.
If a function which changes journal->j_wcount executes concurrently
for the same journal->j_wcount, race condition might be possible.
I think it would be better to combine two atomic operations
into one atomic operation (e.g. atomic_dec_and_test)
Thank you.
Sincerely
Shin Hong
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: BUG? a suspected race bug at check_journal_end()
2009-11-03 13:08 BUG? a suspected race bug at check_journal_end() 홍신 shin hong
@ 2009-11-03 13:27 ` Sergey Senozhatsky
0 siblings, 0 replies; 2+ messages in thread
From: Sergey Senozhatsky @ 2009-11-03 13:27 UTC (permalink / raw)
To: 홍신 shin hong; +Cc: reiserfs-devel
[-- Attachment #1: Type: text/plain, Size: 990 bytes --]
On (11/03/09 22:08), 홍신 shin hong wrote:
> Hello. I am reporting atomic instructions usages
> which are suspected to be misused in reiserfs/journal.c
> of Linux 2.6.31
>
> I do not have much background on reiserfs
> so that I am not certain whether it is correct or not.
> But I hope this report is helpful. Please examine the code.
>
> In check_journal_end(), there are following codes:
>
> if (atomic_read(&(journal->j_wcount)) > 0) {
> atomic_dec(&(journal->j_wcount)) ;
>
>
> It first checks journal->j_wcount and then increments its value by one.
>
> If a function which changes journal->j_wcount executes concurrently
> for the same journal->j_wcount, race condition might be possible.
>
> I think it would be better to combine two atomic operations
> into one atomic operation (e.g. atomic_dec_and_test)
>
Hello,
Isn't it performed on locked journal?
journal.c:3973:
lock_journal(sb);
...
Sergey
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 315 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2009-11-03 13:27 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2009-11-03 13:08 BUG? a suspected race bug at check_journal_end() 홍신 shin hong
2009-11-03 13:27 ` Sergey Senozhatsky
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.