From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-ed1-f65.google.com ([209.85.208.65]:45141 "EHLO mail-ed1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727840AbeJQXHw (ORCPT ); Wed, 17 Oct 2018 19:07:52 -0400 Received: by mail-ed1-f65.google.com with SMTP id m6-v6so1710197eds.12 for ; Wed, 17 Oct 2018 08:11:43 -0700 (PDT) Date: Wed, 17 Oct 2018 17:11:34 +0200 From: Andrea Parri To: David Howells Cc: gregkh@linux-foundation.org, Kiran Kumar Modukuri , viro@zeniv.linux.org.uk, sandeen@redhat.com, linux-cachefs@redhat.com, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH 2/4] fscache: Fix race in fscache_op_complete() due to split atomic_sub & read Message-ID: <20181017151134.GA8966@andrea> References: <153978619457.8478.3813964117489247515.stgit@warthog.procyon.org.uk> <153978621809.8478.2198040871218302573.stgit@warthog.procyon.org.uk> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <153978621809.8478.2198040871218302573.stgit@warthog.procyon.org.uk> Sender: linux-fsdevel-owner@vger.kernel.org List-ID: Hi David, On Wed, Oct 17, 2018 at 03:23:38PM +0100, David Howells wrote: > From: kiran.modukuri > > The code in fscache_retrieval_complete is using atomic_sub followed by an > atomic_read: > > atomic_sub(n_pages, &op->n_pages); > if (atomic_read(&op->n_pages) <= 0) > fscache_op_complete(&op->op, true); > > This causes two threads doing a decrement of n_pages to race with each > other seeing the op->refcount 0 at same time - and they end up calling > fscache_op_complete() in both the threads leading to an assertion failure. > > Fix this by using atomic_sub_return() instead of two calls. Seems a case for atomic_sub_return_relaxed()... why not? Andrea