| Message ID | 1304597439-7185-1-git-send-email-jack@suse.cz |
|---|---|
| State | Accepted, archived |
| Headers | show |
On 5/5/11 7:10 AM, Jan Kara wrote: > In do_get_write_access() we wait on BH_Unshadow bit for buffer to get > from shadow state. The waking code in journal_commit_transaction() has > a bug because it does not issue a memory barrier after the buffer is moved > from the shadow state and before wake_up_bit() is called. Thus a waitqueue > check can happen before the buffer is actually moved from the shadow state > and waiting process may never be woken. Fix the problem by issuing proper > barrier. needed for jbd/commit.c as well, I guess? -Eric > Reported-by: Tao Ma <boyu.mt@taobao.com> > Signed-off-by: Jan Kara <jack@suse.cz> > --- > fs/jbd2/commit.c | 9 +++++++-- > 1 files changed, 7 insertions(+), 2 deletions(-) > > Analogous JBD fix has been queued in my tree... > > diff --git a/fs/jbd2/commit.c b/fs/jbd2/commit.c > index 2e5d370..3a958c7 100644 > --- a/fs/jbd2/commit.c > +++ b/fs/jbd2/commit.c > @@ -768,8 +768,13 @@ wait_for_iobuf: > required. */ > JBUFFER_TRACE(jh, "file as BJ_Forget"); > jbd2_journal_file_buffer(jh, commit_transaction, BJ_Forget); > - /* Wake up any transactions which were waiting for this > - IO to complete */ > + /* > + * Wake up any transactions which were waiting for this IO to > + * complete. The barrier must be here so that changes by > + * jbd2_journal_file_buffer() take effect before wake_up_bit() > + * does the waitqueue check. > + */ > + smp_mb(); > wake_up_bit(&bh->b_state, BH_Unshadow); > JBUFFER_TRACE(jh, "brelse shadowed buffer"); > __brelse(bh); -- To unsubscribe from this list: send the line "unsubscribe linux-ext4" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Thu 05-05-11 08:49:14, Eric Sandeen wrote: > On 5/5/11 7:10 AM, Jan Kara wrote: > > In do_get_write_access() we wait on BH_Unshadow bit for buffer to get > > from shadow state. The waking code in journal_commit_transaction() has > > a bug because it does not issue a memory barrier after the buffer is moved > > from the shadow state and before wake_up_bit() is called. Thus a waitqueue > > check can happen before the buffer is actually moved from the shadow state > > and waiting process may never be woken. Fix the problem by issuing proper > > barrier. > > needed for jbd/commit.c as well, I guess? Yes, I was already queued in my tree. I just sent it to the list as well. Honza > > diff --git a/fs/jbd2/commit.c b/fs/jbd2/commit.c > > index 2e5d370..3a958c7 100644 > > --- a/fs/jbd2/commit.c > > +++ b/fs/jbd2/commit.c > > @@ -768,8 +768,13 @@ wait_for_iobuf: > > required. */ > > JBUFFER_TRACE(jh, "file as BJ_Forget"); > > jbd2_journal_file_buffer(jh, commit_transaction, BJ_Forget); > > - /* Wake up any transactions which were waiting for this > > - IO to complete */ > > + /* > > + * Wake up any transactions which were waiting for this IO to > > + * complete. The barrier must be here so that changes by > > + * jbd2_journal_file_buffer() take effect before wake_up_bit() > > + * does the waitqueue check. > > + */ > > + smp_mb(); > > wake_up_bit(&bh->b_state, BH_Unshadow); > > JBUFFER_TRACE(jh, "brelse shadowed buffer"); > > __brelse(bh); >
On 5/5/11 9:11 AM, Jan Kara wrote: > On Thu 05-05-11 08:49:14, Eric Sandeen wrote: >> On 5/5/11 7:10 AM, Jan Kara wrote: >>> In do_get_write_access() we wait on BH_Unshadow bit for buffer to get >>> from shadow state. The waking code in journal_commit_transaction() has >>> a bug because it does not issue a memory barrier after the buffer is moved >>> from the shadow state and before wake_up_bit() is called. Thus a waitqueue >>> check can happen before the buffer is actually moved from the shadow state >>> and waiting process may never be woken. Fix the problem by issuing proper >>> barrier. >> >> needed for jbd/commit.c as well, I guess? > Yes, I was already queued in my tree. I just sent it to the list as well. sorry, sometimes "we" forget :) Thanks! -Eric -- To unsubscribe from this list: send the line "unsubscribe linux-ext4" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Thu, May 05, 2011 at 02:10:39PM +0200, Jan Kara wrote: > In do_get_write_access() we wait on BH_Unshadow bit for buffer to get > from shadow state. The waking code in journal_commit_transaction() has > a bug because it does not issue a memory barrier after the buffer is moved > from the shadow state and before wake_up_bit() is called. Thus a waitqueue > check can happen before the buffer is actually moved from the shadow state > and waiting process may never be woken. Fix the problem by issuing proper > barrier. > > Reported-by: Tao Ma <boyu.mt@taobao.com> > Signed-off-by: Jan Kara <jack@suse.cz> Thanks, I've added this to the ext4 tree. (Currently in the dev branch, pending testing.) - Ted -- To unsubscribe from this list: send the line "unsubscribe linux-ext4" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/fs/jbd2/commit.c b/fs/jbd2/commit.c index 2e5d370..3a958c7 100644 --- a/fs/jbd2/commit.c +++ b/fs/jbd2/commit.c @@ -768,8 +768,13 @@ wait_for_iobuf: required. */ JBUFFER_TRACE(jh, "file as BJ_Forget"); jbd2_journal_file_buffer(jh, commit_transaction, BJ_Forget); - /* Wake up any transactions which were waiting for this - IO to complete */ + /* + * Wake up any transactions which were waiting for this IO to + * complete. The barrier must be here so that changes by + * jbd2_journal_file_buffer() take effect before wake_up_bit() + * does the waitqueue check. + */ + smp_mb(); wake_up_bit(&bh->b_state, BH_Unshadow); JBUFFER_TRACE(jh, "brelse shadowed buffer"); __brelse(bh);
In do_get_write_access() we wait on BH_Unshadow bit for buffer to get from shadow state. The waking code in journal_commit_transaction() has a bug because it does not issue a memory barrier after the buffer is moved from the shadow state and before wake_up_bit() is called. Thus a waitqueue check can happen before the buffer is actually moved from the shadow state and waiting process may never be woken. Fix the problem by issuing proper barrier. Reported-by: Tao Ma <boyu.mt@taobao.com> Signed-off-by: Jan Kara <jack@suse.cz> --- fs/jbd2/commit.c | 9 +++++++-- 1 files changed, 7 insertions(+), 2 deletions(-) Analogous JBD fix has been queued in my tree...