From: Chris Wright <chrisw@osdl.org>
To: linux-kernel@vger.kernel.org, stable@kernel.org
Cc: Justin Forbes <jmforbes@linuxtx.org>,
Zwane Mwaikambo <zwane@arm.linux.org.uk>,
"Theodore Ts'o" <tytso@mit.edu>,
Randy Dunlap <rdunlap@xenotime.net>,
Chuck Wolber <chuckw@quantumlinux.com>,
torvalds@osdl.org, akpm@osdl.org, alan@lxorguk.ukuu.org.uk,
cmm@us.ibm.com
Subject: [patch 04/16] ext3: fix race between ext3 make block reservation and reservation window discard
Date: Mon, 23 May 2005 16:20:16 -0700 [thread overview]
Message-ID: <20050523232016.GP27549@shell0.pdx.osdl.net> (raw)
In-Reply-To: <20050523231529.GL27549@shell0.pdx.osdl.net>
This patch fixed a race between ext3_discard_reservation() and
ext3_try_to_allocate_with_rsv().
There is a window where ext3_discard_reservation will remove an already
unlinked reservation window node from the filesystem reservation tree:
It thinks the reservation is still linked in the filesystem reservation
tree, but it is actually temperately removed from the tree by
allocate_new_reservation() when it failed to make a new reservation from
the current group and try to make a new reservation from next block
group.
Here is how it could happen:
CPU 1
try to allocate a block in group1 with given reservation window my_rsv
ext3_try_to_allocate_with_rsv(group
----copy reservation window my_rsv into local rsv_copy
ext3_try_to_allocate(...rsv_copy)
----no free block in existing reservation window,
----need a new reservation window
spin_lock(&rsv_lock);
CPU 2
ext3_discard_reservation
if (!rsv_is_empty()
----this is true
spin_lock(&rsv_lock)
----waiting for thread 1
CPU 1:
allocate_new_reservation
failed to reserve blocks in this group
remove the window from the tree
rsv_window_remove(my_rsv)
----window node is unlinked from the tree here
return -1
spin_unlock(&rsv_lock)
ext3_try_to_allocate_with_rsv() failed in this group
group++
CPU 2
spin_lock(&rsv_lock) succeed
rsv_remove_window ()
---------------break, trying to remove a unlinked node from the tree
....
CPU 1:
ext3_try_to_allocate_with_rsv(group, my_rsv)
rsv_is_empty is true, need a new reservation window
spin_lock(&rsv_lock);
^--------------- spinning forever
We need to re-check whether the reservation window is still linked to
the tree after grab the rsv_lock spin lock in ext3_discard_reservation,
to prevent panic in rsv_remove_window->rb_erase.
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
fs/ext3/balloc.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletion(-)
--- linux-2.6.11.10.orig/fs/ext3/balloc.c 2005-05-16 10:50:46.000000000 -0700
+++ linux-2.6.11.10/fs/ext3/balloc.c 2005-05-20 09:36:22.628733736 -0700
@@ -268,7 +268,8 @@
if (!rsv_is_empty(&rsv->rsv_window)) {
spin_lock(rsv_lock);
- rsv_window_remove(inode->i_sb, rsv);
+ if (!rsv_is_empty(&rsv->rsv_window))
+ rsv_window_remove(inode->i_sb, rsv);
spin_unlock(rsv_lock);
}
}
next prev parent reply other threads:[~2005-05-23 23:31 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-05-23 23:15 [00/16] -stable review Chris Wright
2005-05-23 23:17 ` [patch 01/16] Fix get_unmapped_area sanity tests Chris Wright
2005-05-23 23:18 ` [patch 02/16] 3c59x: only put the device into D3 when we're actually using WOL Chris Wright
2005-05-25 17:30 ` Daniel Ritz
2005-05-23 23:19 ` [patch 03/16] [EBTABLES]: Fix smp race Chris Wright
2005-05-23 23:20 ` Chris Wright [this message]
2005-05-30 13:28 ` [patch 04/16] ext3: fix race between ext3 make block reservation and reservation window discard Rodrigo Steinmüller Wanderley
2005-05-31 6:23 ` Mingming Cao
2005-05-23 23:21 ` [patch 05/16] PPC64: Fix LPAR IOMMU setup code for p630 Chris Wright
2005-05-23 23:22 ` [patch 06/16] Fix matroxfb on big-endian hardware Chris Wright
2005-05-23 23:50 ` Al Viro
2005-05-24 1:17 ` Chris Wright
2005-05-24 10:15 ` Petr Vandrovec
2005-05-23 23:24 ` [patch 07/16] ide-disk: Fix LBA8 DMA Chris Wright
2005-05-23 23:25 ` [patch 08/16] [ROSE]: Fix minor security hole Chris Wright
2005-05-23 23:26 ` [patch 09/16] usbaudio: prevent oops & dead keyboard on usb unplugging Chris Wright
2005-05-23 23:27 ` [patch 10/16] usbusx2y: " Chris Wright
2005-05-23 23:28 ` [patch 11/16] USB: fix bug in visor driver with throttle/unthrottle causing oopses Chris Wright
2005-05-23 23:29 ` [patch 12/16] x86_64: check if ptrace RIP is canonical Chris Wright
2005-05-23 23:30 ` [patch 13/16] x86_64: Fix canonical checking for segment registers in ptrace Chris Wright
2005-05-23 23:30 ` [patch 14/16] x86_64: Add a guard page at the end of the 47bit address space Chris Wright
2005-05-23 23:31 ` [patch 15/16] x86_64: When checking vmalloc mappings don't use pte_page Chris Wright
2005-05-23 23:32 ` [patch 16/16] x86_64: Don't look up struct page pointer of physical address in iounmap Chris Wright
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20050523232016.GP27549@shell0.pdx.osdl.net \
--to=chrisw@osdl.org \
--cc=akpm@osdl.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=chuckw@quantumlinux.com \
--cc=cmm@us.ibm.com \
--cc=jmforbes@linuxtx.org \
--cc=linux-kernel@vger.kernel.org \
--cc=rdunlap@xenotime.net \
--cc=stable@kernel.org \
--cc=torvalds@osdl.org \
--cc=tytso@mit.edu \
--cc=zwane@arm.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.