2.4, 2.5: SMP race: __sync_single_inode vs. __mark_inode_dirty

From: Mikulas Patocka (mikulas@artax.karlin.mff.cuni.cz)
Date: Sun Feb 02 2003 - 18:32:30 EST

Hi.

there's a SMP race condition between __sync_single_inode (or __sync_one on
2.4.20) and __mark_inode_dirty. __mark_inode_dirty doesn't take inode
spinlock. As we know -- unless you take a spinlock or use barrier,
processor can change order of instructions.

CPU 1

modify inode
(but modifications are in cpu-local
buffer and do not go to bus)

calls
__mark_inode_dirty
it sees I_DIRTY and exits immediatelly
                                        CPU 2
                                        takes spinlock
                                        calls __sync_single_inode
                                        inode->i_state &= ~I_DIRTY
                                        writes the inode (but does not see
                                        modifications by CPU 1 yet)

CPU 1 flushes its write buffer to the bus
inode is already written, clean, modifications
done by CPU1 are lost

The easiest fix would be to move the test inside spinlock in
__mark_inode_dirty; if you do not want to suffer from performance loss,
use the attached patches that use memory barriers to ensure ordering of
reads and writes.

Mikulas



-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

This archive was generated by hypermail 2b29 : Fri Feb 07 2003 - 22:00:09 EST