From: David Chinner <dgc@sgi.com>
To: Takenori Nagano <t-nagano@ah.jp.nec.com>
Cc: xfs@oss.sgi.com
Subject: Re: [patch] Fix xfs_iunpin() sets I_DIRTY_SYNC after clear_inode().
Date: Wed, 18 Oct 2006 19:07:01 +1000 [thread overview]
Message-ID: <20061018090701.GU11034@melbourne.sgi.com> (raw)
In-Reply-To: <20061018023325.GL8394166@melbourne.sgi.com>
On Wed, Oct 18, 2006 at 12:33:25PM +1000, David Chinner wrote:
> On Tue, Oct 17, 2006 at 12:02:18PM +1000, David Chinner wrote:
> > So, here's another patch that doesn't have the performance problems,
> > but removes the iput/igrab while still (I think) fixing the use
> > after free problem. Can you try this one out, Takenori? I've
> > run it through some stress tests and haven't been able to trigger
> > problems.
>
> I just hit the BUG_ON(vp == NULL) that I put in xfs_iunpin()
> in this patch. The xfs inode had no link to the bhv_vnode, nor
> did it have either XFS_IRECLAIM* flag set, and hence it triggered
> the BUG.
And again. The xfs_iget_core change is valid - there's still a
race in xfs_iunpin (how many of them can we find?):
xfs_iunpin xfs_iget_core
if(atomic_dec_and_test(pincount))
if (vp == NULL)
if(IRECLAIMABLE)
if(pincount)
force+restart
.....
clear IRECLAIMABLE
spin_lock(i_flags_lock)
If (IRECLAIMABLE)
BUG_ON(vp == NULL)
So the solution is this:
---
fs/xfs/xfs_inode.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
Index: 2.6.x-xfs-new/fs/xfs/xfs_inode.c
===================================================================
--- 2.6.x-xfs-new.orig/fs/xfs/xfs_inode.c 2006-10-18 11:27:04.000000000 +1000
+++ 2.6.x-xfs-new/fs/xfs/xfs_inode.c 2006-10-18 16:45:12.658102093 +1000
@@ -2738,7 +2738,7 @@ xfs_iunpin(
{
ASSERT(atomic_read(&ip->i_pincount) > 0);
- if (atomic_dec_and_test(&ip->i_pincount)) {
+ if (atomic_dec_and_lock(&ip->i_pincount, &ip->i_flags_lock)) {
/*
* If the inode is currently being reclaimed, the link between
@@ -2757,7 +2757,6 @@ xfs_iunpin(
* unpinned.
*/
- spin_lock(&ip->i_flags_lock);
if (!__xfs_iflags_test(ip, XFS_IRECLAIM|XFS_IRECLAIMABLE)) {
bhv_vnode_t *vp = XFS_ITOV_NULL(ip);
struct inode *inode = NULL;
I'm running stress tests on this now - it it survives until morning
I'll send out a new set of patches for testing...
Cheers,
Dave.
--
Dave Chinner
Principal Engineer
SGI Australian Software Group
next prev parent reply other threads:[~2006-10-18 9:08 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-10-04 9:20 [patch] Fix xfs_iunpin() sets I_DIRTY_SYNC after clear_inode() Takenori Nagano
2006-10-06 3:26 ` David Chinner
2006-10-11 6:43 ` David Chinner
2006-10-12 12:20 ` Takenori Nagano
2006-10-13 1:46 ` David Chinner
2006-10-13 8:06 ` Timothy Shimmin
2006-10-13 12:17 ` Takenori Nagano
2006-10-17 2:02 ` David Chinner
2006-10-18 2:33 ` David Chinner
2006-10-18 9:07 ` David Chinner [this message]
2006-10-19 2:23 ` Takenori Nagano
2006-10-19 4:58 ` David Chinner
2006-10-20 4:25 ` Takenori Nagano
2006-10-23 6:53 ` Takenori Nagano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20061018090701.GU11034@melbourne.sgi.com \
--to=dgc@sgi.com \
--cc=t-nagano@ah.jp.nec.com \
--cc=xfs@oss.sgi.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.