From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.5 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_SANE_1 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id BF8CCC4740A for ; Mon, 9 Sep 2019 14:59:16 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 9DCE52196E for ; Mon, 9 Sep 2019 14:59:16 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732794AbfIIO7Q (ORCPT ); Mon, 9 Sep 2019 10:59:16 -0400 Received: from zeniv.linux.org.uk ([195.92.253.2]:60344 "EHLO ZenIV.linux.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726164AbfIIO7P (ORCPT ); Mon, 9 Sep 2019 10:59:15 -0400 Received: from viro by ZenIV.linux.org.uk with local (Exim 4.92.2 #3 (Red Hat Linux)) id 1i7L8I-0000cd-Fy; Mon, 09 Sep 2019 14:59:10 +0000 Date: Mon, 9 Sep 2019 15:59:10 +0100 From: Al Viro To: "zhengbin (A)" Cc: jack@suse.cz, akpm@linux-foundation.org, linux-fsdevel@vger.kernel.org, "zhangyi (F)" , renxudong1@huawei.com, Hou Tao Subject: Re: Possible FS race condition between iterate_dir and d_alloc_parallel Message-ID: <20190909145910.GG1131@ZenIV.linux.org.uk> References: <20190903154007.GJ1131@ZenIV.linux.org.uk> <20190903154114.GK1131@ZenIV.linux.org.uk> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.12.0 (2019-05-25) Sender: linux-fsdevel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org On Mon, Sep 09, 2019 at 10:10:00PM +0800, zhengbin (A) wrote: Hmm... So your theory is that what you are seeing is the insertion into the list done by list_add() exposing an earlier ->next pointer to those who might be doing lockless walk through the list. Potentially up to the last barrier done before the list_add()... > We can solute it in 2 ways: > > 1. add a smp_wmb between __d_alloc and list_add(&dentry->d_child, &parent->d_subdirs) > 2. revert commit ebaaa80e8f20 ("lockless next_positive()") I want to take another look at the ->d_subdirs/->d_child readers... I agree that the above sounds plausible, but I really want to be sure about the exclusion we have for those accesses. I'm not sure that smp_wmb() alone would suffice, BTW - the reader side loop would need to be careful as well. Which architecture it was, again? arm64?