Re: [RFC] ext3/jbd race: releasing in-use journal_heads

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Andrew Morton <akpm@osdl.org>
To: "Stephen C. Tweedie" <sct@redhat.com>
Cc: ext2-devel@lists.sourceforge.net, sct@redhat.com,
	linux-kernel@vger.kernel.org
Subject: Re: [RFC] ext3/jbd race: releasing in-use journal_heads
Date: Fri, 4 Mar 2005 16:04:51 -0800	[thread overview]
Message-ID: <20050304160451.4c33919c.akpm@osdl.org> (raw)
In-Reply-To: <1109966084.5309.3.camel@sisko.sctweedie.blueyonder.co.uk>

"Stephen C. Tweedie" <sct@redhat.com> wrote:
>
> For the past few months there has been a slow but steady trickle of
> reports of oopses in kjournald.

Yes, really tenuous stuff.  Very glad if this is the fix!

>  Recently I got a couple of reports that
> were repeatable enough to rerun with extra debugging code.
> 
> It turns out that we're releasing a journal_head while it is still
> linked onto the transaction's t_locked_list.  The exact location is in
> journal_unmap_buffer().  On several exit paths, that does:
> 
> 		spin_unlock(&journal->j_list_lock); 
> 		jbd_unlock_bh_state(bh);
> 		spin_unlock(&journal->j_state_lock);
> 		journal_put_journal_head(jh);
> 
> releasing the jh *after* dropping the j_list_lock and j_state_lock.
> 
> kjournald can then be doing journal_commit_transaction():
> 
> 	spin_lock(&journal->j_list_lock);
> ...
> 		if (buffer_locked(bh)) {
> 			BUFFER_TRACE(bh, "locked");
> 			if (!inverted_lock(journal, bh))
> 				goto write_out_data;
> 			__journal_unfile_buffer(jh);
> 			__journal_file_buffer(jh, commit_transaction,
> 						BJ_Locked);
> 			jbd_unlock_bh_state(bh);
> 
> The problem happens if journal_unmap_buffer()'s own put_journal_head()
> manages to get in between kjournald's *unfile_buffer and the following
> *file_buffer.  Because journal_unmap_buffer() has dropped its bh_state
> lock by this point, there's nothing to prevent this, leading to a
> variety of unpleasant situations.  In particular, the jh is unfiled at
> this point, so there's nothing to stop the put_journal_head() from
> freeing the memory we're just about to link onto the BJ_Locked list.

Right.  I don't know why journal_put_journal_head() looks at
->b_transaction, really.  Should have made presence on a list contribute to
b_jcount.  Oh well, it's been that way since 2.5.0 or older..

Don't we have the same race anywhere where we're doing a
journal_refile_buffer() (or equiv) in parallel with a
journal_put_journal_head() outside locks?  There seem to be many such.

Perhaps we could also fix this by elevating b_jcount whenever the jh is
being moved between lists?

next prev parent reply	other threads:[~2005-03-05  0:36 UTC|newest]

Thread overview: 27+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-03-04 19:54 [RFC] ext3/jbd race: releasing in-use journal_heads Stephen C. Tweedie
2005-03-04 23:17 ` [Ext2-devel] " Badari Pulavarty
2005-03-07 14:28   ` Stephen C. Tweedie
2005-03-05  0:04 ` Andrew Morton [this message]
2005-03-07 14:50   ` Jan Kara
2005-03-07 16:01     ` Stephen C. Tweedie
2005-03-07 16:40   ` Stephen C. Tweedie
2005-03-07 17:05     ` Stephen C. Tweedie
2005-03-07 20:31     ` Andrew Morton
2005-03-07 21:08       ` Stephen C. Tweedie
2005-03-07 21:11         ` Andrew Morton
2005-03-07 21:22           ` Stephen C. Tweedie
2005-03-07 23:13             ` Stephen C. Tweedie
2005-03-07 23:50               ` Andrew Morton
2005-03-08  6:28                 ` [Ext2-devel] " Suparna Bhattacharya
2005-03-08  6:39                   ` Suparna Bhattacharya
2005-03-08  6:46                   ` Andrew Morton
2005-03-08  7:26                     ` Suparna Bhattacharya
2005-03-08  7:37                       ` Andrew Morton
2005-03-08  8:15                         ` Suparna Bhattacharya
2005-03-08  9:28                 ` Stephen C. Tweedie
2005-03-08 12:40                   ` [PATCH] invalidate/o_direct livelock {was Re: [RFC] ext3/jbd race: releasing in-use journal_heads} Stephen C. Tweedie
2005-03-08 12:53         ` [RFC] ext3/jbd race: releasing in-use journal_heads Stephen C. Tweedie
2005-03-08 15:12           ` Jan Kara
2005-03-09 13:10             ` Stephen C. Tweedie
2005-03-09 13:28               ` Jan Kara
2005-03-09 15:12                 ` Stephen C. Tweedie

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20050304160451.4c33919c.akpm@osdl.org \
    --to=akpm@osdl.org \
    --cc=ext2-devel@lists.sourceforge.net \
    --cc=linux-kernel@vger.kernel.org \
    --cc=sct@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.