From: Jens Axboe <jens.axboe@oracle.com>
To: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org
Cc: chris.mason@oracle.com, hch@infradead.org, tytso@mit.edu,
akpm@linux-foundation.org, jack@suse.cz,
trond.myklebust@fys.uio.no, Nick Piggin <npiggin@suse.de>,
Jens Axboe <jens.axboe@oracle.com>
Subject: [PATCH 16/16] writeback: fix possible bdi writeback refcounting problem
Date: Wed, 16 Sep 2009 15:24:54 +0200 [thread overview]
Message-ID: <1253107494-20160-17-git-send-email-jens.axboe@oracle.com> (raw)
In-Reply-To: <1253107494-20160-1-git-send-email-jens.axboe@oracle.com>
From: Nick Piggin <npiggin@suse.de>
wb_clear_pending AFAIKS should not be called after the item has been
put on the list, except by the worker threads. It could lead to the
situation where the refcount is decremented below 0 and cause lots of
problems.
Presumably the !wb_has_dirty_io case is not a common one, so it can
be discovered when the thread wakes up to check?
Also add a comment in bdi_work_clear.
Signed-off-by: Nick Piggin <npiggin@suse.de>
Signed-off-by: Jens Axboe <jens.axboe@oracle.com>
---
fs/fs-writeback.c | 13 ++++++-------
1 files changed, 6 insertions(+), 7 deletions(-)
diff --git a/fs/fs-writeback.c b/fs/fs-writeback.c
index 7eba732..8e1e5e1 100644
--- a/fs/fs-writeback.c
+++ b/fs/fs-writeback.c
@@ -97,6 +97,11 @@ static void bdi_work_clear(struct bdi_work *work)
{
clear_bit(WS_USED_B, &work->state);
smp_mb__after_clear_bit();
+ /*
+ * work can have disappeared at this point. bit waitq functions
+ * should be able to tolerate this, provided bdi_sched_wait does
+ * not dereference it's pointer argument.
+ */
wake_up_bit(&work->state, WS_USED_B);
}
@@ -169,13 +174,7 @@ static void bdi_queue_work(struct backing_dev_info *bdi, struct bdi_work *work)
else {
struct bdi_writeback *wb = &bdi->wb;
- /*
- * End work now if this wb has no dirty IO pending. Otherwise
- * wakeup the handling thread
- */
- if (!wb_has_dirty_io(wb))
- wb_clear_pending(wb, work);
- else if (wb->task)
+ if (wb->task)
wake_up_process(wb->task);
}
}
--
1.6.4.1.207.g68ea
prev parent reply other threads:[~2009-09-16 13:24 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-09-16 13:24 [PATCH 0/16] Post merge per-bdi writeback patches v4 Jens Axboe
2009-09-16 13:24 ` [PATCH 01/16] fs: remove bdev->bd_inode_backing_dev_info Jens Axboe
2009-09-16 13:24 ` [PATCH 02/16] writeback: get rid of wbc->for_writepages Jens Axboe
2009-09-16 13:24 ` [PATCH 03/16] writeback: merely wakeup flusher thread if work allocation fails for WB_SYNC_NONE Jens Axboe
2009-09-16 13:24 ` [PATCH 04/16] writeback: make wb_writeback() take an argument structure Jens Axboe
2009-09-16 13:32 ` Jan Kara
2009-09-16 13:24 ` [PATCH 05/16] fs: Assign bdi in super_block Jens Axboe
2009-09-16 13:34 ` Jan Kara
2009-09-16 13:24 ` [PATCH 06/16] writeback: only use bdi_writeback_all() for WB_SYNC_NONE writeout Jens Axboe
2009-09-16 13:24 ` [PATCH 07/16] writeback: use RCU to protect bdi_list Jens Axboe
2009-09-16 13:24 ` [PATCH 08/16] writeback: inline allocation failure handling in bdi_alloc_queue_work() Jens Axboe
2009-09-16 13:24 ` [PATCH 09/16] writeback: separate starting of sync vs opportunistic writeback Jens Axboe
2009-09-16 13:36 ` Jan Kara
2009-09-16 13:24 ` [PATCH 10/16] writeback: splice dirty inode entries to default bdi on bdi_destroy() Jens Axboe
2009-09-16 13:43 ` Jan Kara
2009-09-16 18:29 ` Jens Axboe
2009-09-17 9:22 ` Jan Kara
2009-09-16 13:24 ` [PATCH 11/16] writeback: add comments to bdi_work structure Jens Axboe
2009-09-16 13:24 ` [PATCH 12/16] writeback: use schedule_timeout_interruptible() Jens Axboe
2009-09-16 13:24 ` [PATCH 13/16] writeback: remove smp_mb(), it's not needed with list_add_tail_rcu() Jens Axboe
2009-09-16 13:24 ` [PATCH 14/16] writeback: improve scalability of bdi writeback work queues Jens Axboe
2009-09-16 13:24 ` [PATCH 15/16] writeback: Fix bdi use after free in wb_work_complete() Jens Axboe
2009-09-16 13:24 ` Jens Axboe [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1253107494-20160-17-git-send-email-jens.axboe@oracle.com \
--to=jens.axboe@oracle.com \
--cc=akpm@linux-foundation.org \
--cc=chris.mason@oracle.com \
--cc=hch@infradead.org \
--cc=jack@suse.cz \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=npiggin@suse.de \
--cc=trond.myklebust@fys.uio.no \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).