[BUG-2.4.10] deadlock in do_truncate() and shmem

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

* [BUG-2.4.10] deadlock in do_truncate() and shmem_getpage()
@ 2001-10-02  6:14 Tachino Nobuhiro
  2001-10-02  6:33 ` Andrew Morton
  0 siblings, 1 reply; 2+ messages in thread
From: Tachino Nobuhiro @ 2001-10-02  6:14 UTC (permalink / raw)
  To: linux-kernel


Hello, 

I found a a deadlock bug in v2.4.10 due to invert locking order between
inode->i_truncate_sem and inode->i_sem.
Sequence is following.

do_truncate()
	down(&inode->i_sem);
	down_write(&inode->i_truncate_sem);


do_no_page()
	down_read(&inode->i_truncate_sem);

	shmem_nopage();
		shmem_getpage();
			down(&inode->i_sem);
	

Following patch works for me.


diff -r -u -N linux.org/fs/open.c linux/fs/open.c
--- linux.org/fs/open.c	Tue Oct  2 11:35:47 2001
+++ linux/fs/open.c	Tue Oct  2 11:45:33 2001
@@ -81,13 +81,13 @@
 	if (length < 0)
 		return -EINVAL;
 
-	down(&inode->i_sem);
 	down_write(&inode->i_truncate_sem);
+	down(&inode->i_sem);
 	newattrs.ia_size = length;
 	newattrs.ia_valid = ATTR_SIZE | ATTR_CTIME;
 	error = notify_change(dentry, &newattrs);
-	up_write(&inode->i_truncate_sem);
 	up(&inode->i_sem);
+	up_write(&inode->i_truncate_sem);
 	return error;
 }
 

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [BUG-2.4.10] deadlock in do_truncate() and shmem_getpage()
  2001-10-02  6:14 [BUG-2.4.10] deadlock in do_truncate() and shmem_getpage() Tachino Nobuhiro
@ 2001-10-02  6:33 ` Andrew Morton
  0 siblings, 0 replies; 2+ messages in thread
From: Andrew Morton @ 2001-10-02  6:33 UTC (permalink / raw)
  To: Tachino Nobuhiro; +Cc: linux-kernel, ext2-devel

Tachino Nobuhiro wrote:
> 
> Hello,
> 
> I found a a deadlock bug in v2.4.10 due to invert locking order between
> inode->i_truncate_sem and inode->i_sem.
> Sequence is following.
> 
> do_truncate()
>         down(&inode->i_sem);
>         down_write(&inode->i_truncate_sem);
> 
> do_no_page()
>         down_read(&inode->i_truncate_sem);
> 
>         shmem_nopage();
>                 shmem_getpage();
>                         down(&inode->i_sem);
> 

i_truncate_sem is introduced in the ext3 patch - it's not in
the standard 2.4.10.

> Following patch works for me.
> 
> diff -r -u -N linux.org/fs/open.c linux/fs/open.c
> --- linux.org/fs/open.c Tue Oct  2 11:35:47 2001
> +++ linux/fs/open.c     Tue Oct  2 11:45:33 2001
> @@ -81,13 +81,13 @@
>         if (length < 0)
>                 return -EINVAL;
> 
> -       down(&inode->i_sem);
>         down_write(&inode->i_truncate_sem);
> +       down(&inode->i_sem);
>         newattrs.ia_size = length;
>         newattrs.ia_valid = ATTR_SIZE | ATTR_CTIME;
>         error = notify_change(dentry, &newattrs);
> -       up_write(&inode->i_truncate_sem);
>         up(&inode->i_sem);
> +       up_write(&inode->i_truncate_sem);
>         return error;
>  }

Indeed.  That's been there for months!  Thanks.

-

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2001-10-02  6:32 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2001-10-02  6:14 [BUG-2.4.10] deadlock in do_truncate() and shmem_getpage() Tachino Nobuhiro
2001-10-02  6:33 ` Andrew Morton

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox