From: Jia-Ju Bai <baijiaju1990@gmail.com>
To: shaggy@kernel.org
Cc: jfs-discussion@lists.sourceforge.net,
linux-kernel@vger.kernel.org, Jia-Ju Bai <baijiaju1990@gmail.com>
Subject: [PATCH] fs: jfs: fix a possible data race in metapage_writepage()
Date: Mon, 4 May 2020 23:31:38 +0800 [thread overview]
Message-ID: <20200504153138.13464-1-baijiaju1990@gmail.com> (raw)
The functions metapage_writepage() and lmPostGC() can be concurrently
executed in the following call contexts:
Thread1:
metapage_writepage()
Thread2:
lbmIODone()
lmPostGC()
In metapage_writepage():
if (mp->log && !(mp->log->cflag & logGC_PAGEOUT))
In lmPostGC():
spin_lock_irqsave(&log->gclock, flags);
...
log->cflag &= ~logGC_PAGEOUT
...
spin_unlock_irqrestore(&log->gclock, flags);
The memory addresses of mp->log->cflag and log->cflag can be identical,
and thus a data race can occur.
To fix this data race, the spinlock mp->log->gclock is used in
metapage_writepage().
This data race is found by our concurrency fuzzer.
Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com>
---
fs/jfs/jfs_metapage.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/fs/jfs/jfs_metapage.c b/fs/jfs/jfs_metapage.c
index a2f5338a5ea1..026c11b2572d 100644
--- a/fs/jfs/jfs_metapage.c
+++ b/fs/jfs/jfs_metapage.c
@@ -351,6 +351,7 @@ static int metapage_writepage(struct page *page, struct writeback_control *wbc)
unsigned long bio_offset = 0;
int offset;
int bad_blocks = 0;
+ uint cflag;
page_start = (sector_t)page->index <<
(PAGE_SHIFT - inode->i_blkbits);
@@ -370,8 +371,14 @@ static int metapage_writepage(struct page *page, struct writeback_control *wbc)
* Make sure this page isn't blocked indefinitely.
* If the journal isn't undergoing I/O, push it
*/
- if (mp->log && !(mp->log->cflag & logGC_PAGEOUT))
- jfs_flush_journal(mp->log, 0);
+
+ if (mp->log) {
+ spin_lock_irq(&mp->log->gclock);
+ cflag = mp->log->cflag;
+ spin_unlock_irq(&mp->log->gclock);
+ if (!(cflag & logGC_PAGEOUT))
+ jfs_flush_journal(mp->log, 0);
+ }
continue;
}
--
2.17.1
next reply other threads:[~2020-05-04 15:32 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-04 15:31 Jia-Ju Bai [this message]
2020-05-04 16:33 [PATCH] fs: jfs: fix a possible data race in metapage_writepage() Markus Elfring
2020-05-04 16:33 ` Markus Elfring
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200504153138.13464-1-baijiaju1990@gmail.com \
--to=baijiaju1990@gmail.com \
--cc=jfs-discussion@lists.sourceforge.net \
--cc=linux-kernel@vger.kernel.org \
--cc=shaggy@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.