* Re: [PATCH] fs: jfs: fix a possible data race in metapage_writepage()
@ 2020-05-04 16:33 Markus Elfring
0 siblings, 0 replies; 2+ messages in thread
From: Markus Elfring @ 2020-05-04 16:33 UTC (permalink / raw)
To: Jia-Ju Bai, jfs-discussion; +Cc: linux-kernel, kernel-janitors, Dave Kleikamp
…
> To fix this data race, the spinlock mp->log->gclock is used in
> metapage_writepage().
>
> This data race is found by our concurrency fuzzer.
How do you think about a wording variant like the following?
Change description:
…
This data race was found by our concurrency fuzzer.
Thus use the spin lock “mp->log->gclock” for the assignment of
the data structure member “log->cflag” to a local variable
in this function implementation.
Would you like to add the tag “Fixes” to the commit message?
Regards,
Markus
^ permalink raw reply [flat|nested] 2+ messages in thread
* [PATCH] fs: jfs: fix a possible data race in metapage_writepage()
@ 2020-05-04 15:31 Jia-Ju Bai
0 siblings, 0 replies; 2+ messages in thread
From: Jia-Ju Bai @ 2020-05-04 15:31 UTC (permalink / raw)
To: shaggy; +Cc: jfs-discussion, linux-kernel, Jia-Ju Bai
The functions metapage_writepage() and lmPostGC() can be concurrently
executed in the following call contexts:
Thread1:
metapage_writepage()
Thread2:
lbmIODone()
lmPostGC()
In metapage_writepage():
if (mp->log && !(mp->log->cflag & logGC_PAGEOUT))
In lmPostGC():
spin_lock_irqsave(&log->gclock, flags);
...
log->cflag &= ~logGC_PAGEOUT
...
spin_unlock_irqrestore(&log->gclock, flags);
The memory addresses of mp->log->cflag and log->cflag can be identical,
and thus a data race can occur.
To fix this data race, the spinlock mp->log->gclock is used in
metapage_writepage().
This data race is found by our concurrency fuzzer.
Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com>
---
fs/jfs/jfs_metapage.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/fs/jfs/jfs_metapage.c b/fs/jfs/jfs_metapage.c
index a2f5338a5ea1..026c11b2572d 100644
--- a/fs/jfs/jfs_metapage.c
+++ b/fs/jfs/jfs_metapage.c
@@ -351,6 +351,7 @@ static int metapage_writepage(struct page *page, struct writeback_control *wbc)
unsigned long bio_offset = 0;
int offset;
int bad_blocks = 0;
+ uint cflag;
page_start = (sector_t)page->index <<
(PAGE_SHIFT - inode->i_blkbits);
@@ -370,8 +371,14 @@ static int metapage_writepage(struct page *page, struct writeback_control *wbc)
* Make sure this page isn't blocked indefinitely.
* If the journal isn't undergoing I/O, push it
*/
- if (mp->log && !(mp->log->cflag & logGC_PAGEOUT))
- jfs_flush_journal(mp->log, 0);
+
+ if (mp->log) {
+ spin_lock_irq(&mp->log->gclock);
+ cflag = mp->log->cflag;
+ spin_unlock_irq(&mp->log->gclock);
+ if (!(cflag & logGC_PAGEOUT))
+ jfs_flush_journal(mp->log, 0);
+ }
continue;
}
--
2.17.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-05-04 16:33 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-05-04 16:33 [PATCH] fs: jfs: fix a possible data race in metapage_writepage() Markus Elfring
-- strict thread matches above, loose matches on Subject: below --
2020-05-04 15:31 Jia-Ju Bai
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).