* [BUG-2.4.10] deadlock in do_truncate() and shmem_getpage()
@ 2001-10-02 6:14 Tachino Nobuhiro
2001-10-02 6:33 ` Andrew Morton
0 siblings, 1 reply; 2+ messages in thread
From: Tachino Nobuhiro @ 2001-10-02 6:14 UTC (permalink / raw)
To: linux-kernel
Hello,
I found a a deadlock bug in v2.4.10 due to invert locking order between
inode->i_truncate_sem and inode->i_sem.
Sequence is following.
do_truncate()
down(&inode->i_sem);
down_write(&inode->i_truncate_sem);
do_no_page()
down_read(&inode->i_truncate_sem);
shmem_nopage();
shmem_getpage();
down(&inode->i_sem);
Following patch works for me.
diff -r -u -N linux.org/fs/open.c linux/fs/open.c
--- linux.org/fs/open.c Tue Oct 2 11:35:47 2001
+++ linux/fs/open.c Tue Oct 2 11:45:33 2001
@@ -81,13 +81,13 @@
if (length < 0)
return -EINVAL;
- down(&inode->i_sem);
down_write(&inode->i_truncate_sem);
+ down(&inode->i_sem);
newattrs.ia_size = length;
newattrs.ia_valid = ATTR_SIZE | ATTR_CTIME;
error = notify_change(dentry, &newattrs);
- up_write(&inode->i_truncate_sem);
up(&inode->i_sem);
+ up_write(&inode->i_truncate_sem);
return error;
}
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [BUG-2.4.10] deadlock in do_truncate() and shmem_getpage()
2001-10-02 6:14 [BUG-2.4.10] deadlock in do_truncate() and shmem_getpage() Tachino Nobuhiro
@ 2001-10-02 6:33 ` Andrew Morton
0 siblings, 0 replies; 2+ messages in thread
From: Andrew Morton @ 2001-10-02 6:33 UTC (permalink / raw)
To: Tachino Nobuhiro; +Cc: linux-kernel, ext2-devel
Tachino Nobuhiro wrote:
>
> Hello,
>
> I found a a deadlock bug in v2.4.10 due to invert locking order between
> inode->i_truncate_sem and inode->i_sem.
> Sequence is following.
>
> do_truncate()
> down(&inode->i_sem);
> down_write(&inode->i_truncate_sem);
>
> do_no_page()
> down_read(&inode->i_truncate_sem);
>
> shmem_nopage();
> shmem_getpage();
> down(&inode->i_sem);
>
i_truncate_sem is introduced in the ext3 patch - it's not in
the standard 2.4.10.
> Following patch works for me.
>
> diff -r -u -N linux.org/fs/open.c linux/fs/open.c
> --- linux.org/fs/open.c Tue Oct 2 11:35:47 2001
> +++ linux/fs/open.c Tue Oct 2 11:45:33 2001
> @@ -81,13 +81,13 @@
> if (length < 0)
> return -EINVAL;
>
> - down(&inode->i_sem);
> down_write(&inode->i_truncate_sem);
> + down(&inode->i_sem);
> newattrs.ia_size = length;
> newattrs.ia_valid = ATTR_SIZE | ATTR_CTIME;
> error = notify_change(dentry, &newattrs);
> - up_write(&inode->i_truncate_sem);
> up(&inode->i_sem);
> + up_write(&inode->i_truncate_sem);
> return error;
> }
Indeed. That's been there for months! Thanks.
-
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2001-10-02 6:32 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2001-10-02 6:14 [BUG-2.4.10] deadlock in do_truncate() and shmem_getpage() Tachino Nobuhiro
2001-10-02 6:33 ` Andrew Morton
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox