From: npiggin@suse.de
To: Jens Axboe <jens.axboe@oracle.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
Andrew Morton <akpm@linux-foundation.org>,
linux-kernel@vger.kernel.org
Subject: [patch 4/5] fs: fix possible bdi writeback refcounting problem
Date: Wed, 16 Sep 2009 05:19:07 +1000 [thread overview]
Message-ID: <20090915192243.099602430@suse.de> (raw)
In-Reply-To: 20090915191903.290006007@suse.de
[-- Attachment #1: fs-bdiwb-refcount-fix.patch --]
[-- Type: text/plain, Size: 1352 bytes --]
wb_clear_pending AFAIKS should not be called after the item has been
put on the list, except by the worker threads. It could lead to the
situation where the refcount is decremented below 0 and cause lots of
problems.
Presumably the !wb_has_dirty_io case is not a common one, so it can
be discovered when the thread wakes up to check?
Also add a comment in bdi_work_clear.
Signed-off-by: Nick Piggin <npiggin@suse.de>
---
fs/fs-writeback.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
Index: linux-2.6/fs/fs-writeback.c
===================================================================
--- linux-2.6.orig/fs/fs-writeback.c
+++ linux-2.6/fs/fs-writeback.c
@@ -98,6 +98,11 @@ static void bdi_work_clear(struct bdi_wo
{
clear_bit(WS_USED_B, &work->state);
smp_mb__after_clear_bit();
+ /*
+ * work can have disappeared at this point. bit waitq functions
+ * should be able to tolerate this, provided bdi_sched_wait does
+ * not dereference it's pointer argument.
+ */
wake_up_bit(&work->state, WS_USED_B);
}
@@ -172,10 +177,7 @@ static void bdi_queue_work(struct backin
* thread always. As a safety precaution, it'll flush out
* everything
*/
- if (!wb_has_dirty_io(wb)) {
- if (work)
- wb_clear_pending(wb, work);
- } else if (wb->task)
+ if (wb->task)
wake_up_process(wb->task);
}
}
next prev parent reply other threads:[~2009-09-15 19:26 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-09-15 19:19 [patch 0/5] bdi writeback fixes npiggin
2009-09-15 19:19 ` [patch 1/5] fs: make use of rcu helpers npiggin
2009-09-15 19:31 ` Jens Axboe
2009-09-15 19:19 ` [patch 2/5] fs: improve scalability of bdi writeback work queues npiggin
2009-09-15 19:31 ` Jens Axboe
2009-09-15 19:19 ` [patch 3/5] fs: fix bdi writeback use after free 1 npiggin
2009-09-15 19:32 ` Jens Axboe
2009-09-15 19:19 ` npiggin [this message]
2009-09-15 19:30 ` [patch 4/5] fs: fix possible bdi writeback refcounting problem Jens Axboe
2009-09-15 19:19 ` [patch 5/5] fs: fix bdi writeback use after free 2 npiggin
2009-09-15 19:29 ` Jens Axboe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090915192243.099602430@suse.de \
--to=npiggin@suse.de \
--cc=akpm@linux-foundation.org \
--cc=jens.axboe@oracle.com \
--cc=linux-kernel@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox