From: Mikulas Patocka <mikulas@artax.karlin.mff.cuni.cz>
To: torvalds@linux-foundation.org
Cc: viro@zeniv.linux.org.uk, linux-kernel@vger.kernel.org
Subject: [PATCH]: Fix SMP-reordering race in mark_buffer_dirty
Date: Wed, 2 Apr 2008 21:20:33 +0200 (CEST) [thread overview]
Message-ID: <Pine.LNX.4.64.0804022058530.13737@artax.karlin.mff.cuni.cz> (raw)
Hi
It looks like someone overoptimized mark_buffer_dirty().
mark_buffer_dirty() is
void mark_buffer_dirty(struct buffer_head *bh)
{
WARN_ON_ONCE(!buffer_uptodate(bh));
if (!buffer_dirty(bh) && !test_set_buffer_dirty(bh))
__set_page_dirty(bh->b_page, page_mapping(bh->b_page), 0);
}
That buffer_dirty() test is not atomic, it may be reordered with whatever
else.
So suppose this race
CPU1:
write to buffer data
call mark_buffer_dirty()
test for !buffer_dirty(bh)
--- there is no synchronizing operation, so inside CPU it may get
reordered to:
test for !buffer_dirty(bh)
write to buffer data
CPU2:
clear_buffer_dirty(bh);
submit_bh(WRITE, bh);
The resulting operations may end up in this order:
CPU1: test for !buffer_dirty(bh) --- sees that the bit is set
CPU2: clear_buffer_dirty(bh);
CPU2: submit_bh(WRITE, bh);
CPU1: write to buffer data
So we have a clean buffer with modified data and this modification is
going to be lost.
Mikulas
Signed-off-by: Mikulas Patocka <mikulas@artax.karlin.mff.cuni.cz>
--- linux-2.6.25-rc8/fs/buffer.c_ 2008-04-02 21:08:36.000000000 +0200
+++ linux-2.6.25-rc8/fs/buffer.c 2008-04-02 21:10:25.000000000 +0200
@@ -1180,6 +1180,12 @@
*/
void mark_buffer_dirty(struct buffer_head *bh)
{
+ /*
+ * Make sure that the test for buffer_dirty(bh) is not reordered with
+ * previous modifications to the buffer data.
+ * -- mikulas
+ */
+ smp_mb();
WARN_ON_ONCE(!buffer_uptodate(bh));
if (!buffer_dirty(bh) && !test_set_buffer_dirty(bh))
__set_page_dirty(bh->b_page, page_mapping(bh->b_page), 0);
next reply other threads:[~2008-04-02 19:20 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-04-02 19:20 Mikulas Patocka [this message]
2008-04-02 19:44 ` [PATCH]: Fix SMP-reordering race in mark_buffer_dirty Linus Torvalds
2008-04-02 21:03 ` Mikulas Patocka
2008-04-02 21:31 ` Linus Torvalds
2008-04-02 21:35 ` Linus Torvalds
2008-04-02 22:39 ` Mikulas Patocka
2008-04-02 22:51 ` Linus Torvalds
2008-04-02 22:35 ` Mikulas Patocka
2008-04-02 22:01 ` Andrew Morton
2008-04-02 22:07 ` Linus Torvalds
2008-04-02 22:53 ` Mikulas Patocka
2008-04-02 23:52 ` Linus Torvalds
2008-04-03 2:12 ` Andrew Morton
2008-04-03 14:34 ` Linus Torvalds
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Pine.LNX.4.64.0804022058530.13737@artax.karlin.mff.cuni.cz \
--to=mikulas@artax.karlin.mff.cuni.cz \
--cc=linux-kernel@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).