Re: BUG in writeback_inodes()?

From: Chris Mason
Date: Mon Sep 13 2004 - 15:37:18 EST

Next message: Neil Horman: "[PATCH] close race condition in shared memory mapping/unmapping"
Previous message: Pasi Savolainen: "Re: 2.6.9-rc1-mm5"
In reply to: Kirill Korotaev: "BUG in writeback_inodes()?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 2004-09-13 at 12:01, Kirill Korotaev wrote:

> The problem with it is that writeback_inodes() supposes that if
> __put_super() returns 0 then no super block was deleted from the list
> and we can safely traverse sb list further.
>
> But as it is obvious from the deactivate_super() it's not actually true.
> because at point Y we delete super block from the list and drop the
> lock. We do __put_super() very much later... So we can find sb with
> poisoned sb->s_list at point X and we won't be the last sb reference
> holders. The last reference will be dropped in point Z.
>
> So in case of the following sequence of execution Y -> X -> Z we'll get
> an oops after point X in writeback_inodes().
>
> Am I correct with it?

Hmmm, sure looks that way. Seems like it should be enough to switch to
list_del_init in deactivate_super, and then check for
list_empty(sb->s_list) in writeback_inodes.

-chris

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Neil Horman: "[PATCH] close race condition in shared memory mapping/unmapping"
Previous message: Pasi Savolainen: "Re: 2.6.9-rc1-mm5"
In reply to: Kirill Korotaev: "BUG in writeback_inodes()?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]