From: Andrew Morton <akpm@osdl.org>
To: dedekind@infradead.org
Cc: miklos@szeredi.hu, linux-kernel@vger.kernel.org,
dwmw2@infradead.org, linux-fsdevel@vger.kernel.org
Subject: Re: [PATCH] VFS bugfix: two read_inode() calles without clear_inode() call between
Date: Wed, 4 May 2005 13:04:50 -0700 [thread overview]
Message-ID: <20050504130450.7c90a422.akpm@osdl.org> (raw)
In-Reply-To: <1115209055.8559.12.camel@sauron.oktetlabs.ru>
"Artem B. Bityuckiy" <dedekind@infradead.org> wrote:
>
> Bug symptoms
> ~~~~~~~~~~~~
> For the same inode VFS calls read_inode() twice and doesn't call
> clear_inode() between the two read_inode() invocations.
>
> Bug description
> ~~~~~~~~~~~~~~~
> Suppose we have an inode which has zero reference count but is still in
> the inode cache. Suppose kswapd invokes shrink_icache_memory() to free
> some RAM. In prune_icache() inodes are removed from i_hash. prune_icache
> () is then going to call clear_inode(), but drops the inode_lock
> spinlock before this. If in this moment another task calls iget() for an
> inode which was just removed from i_hash by prune_icache(), then iget()
> invokes read_inode() for this inode, because it is *already removed*
> from i_hash.
This sounds more like a bug in the iget() caller to me.
Question is: if the inode has zero refcount and is unhashed then how did
the caller get its sticky paws onto the inode* in the first place?
If the caller had saved a copy of the inode* in local storage then the
caller should have taken a ref against the inode.
If the caller had just looked up the inode via hastable lookup via
iget_whatever() then again the caller will have a ref on the inode.
So. Please tell us more about how the caller got into this situation.
next prev parent reply other threads:[~2005-05-04 20:04 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-04-27 13:15 [PATCH] VFS bugfix: two read_inode() calles without clear_inode() call between Artem B. Bityuckiy
2005-04-27 13:42 ` Jan Harkes
2005-04-27 14:22 ` Miklos Szeredi
2005-04-27 15:57 ` Miklos Szeredi
2005-04-27 16:19 ` Artem B. Bityuckiy
[not found] ` <E1DQqZu-0002Rf-00@dorka.pomaz.szeredi.hu>
2005-04-28 7:32 ` Artem B. Bityuckiy
2005-04-28 7:34 ` Andrew Morton
2005-05-04 12:17 ` Artem B. Bityuckiy
2005-05-04 20:04 ` Andrew Morton [this message]
2005-05-04 21:35 ` David Woodhouse
2005-05-04 21:58 ` Andrew Morton
2005-05-05 9:10 ` David Woodhouse
2005-05-05 16:18 ` Miklos Szeredi
2005-05-06 11:08 ` David Woodhouse
2005-06-13 14:45 ` Synchronous FAT Artem B. Bityuckiy
2005-06-14 1:06 ` Coywolf Qi Hunt
2005-06-14 12:16 ` Artem B. Bityuckiy
2005-06-15 1:19 ` Coywolf Qi Hunt
2005-04-28 7:41 ` [PATCH] VFS bugfix: two read_inode() calles without clear_inode() call between Miklos Szeredi
2005-04-28 7:47 ` Artem B. Bityuckiy
-- strict thread matches above, loose matches on Subject: below --
2005-04-19 12:38 Artem B. Bityuckiy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20050504130450.7c90a422.akpm@osdl.org \
--to=akpm@osdl.org \
--cc=dedekind@infradead.org \
--cc=dwmw2@infradead.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=miklos@szeredi.hu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).