[PATCH]: Fix SMP-reordering race in mark_buffer_dirty
From: Mikulas Patocka
Date: Wed Apr 02 2008 - 15:20:43 EST
Hi
It looks like someone overoptimized mark_buffer_dirty().
mark_buffer_dirty() is
void mark_buffer_dirty(struct buffer_head *bh)
{
WARN_ON_ONCE(!buffer_uptodate(bh));
if (!buffer_dirty(bh) && !test_set_buffer_dirty(bh))
__set_page_dirty(bh->b_page, page_mapping(bh->b_page), 0);
}
That buffer_dirty() test is not atomic, it may be reordered with whatever
else.
So suppose this race
CPU1:
write to buffer data
call mark_buffer_dirty()
test for !buffer_dirty(bh)
--- there is no synchronizing operation, so inside CPU it may get
reordered to:
test for !buffer_dirty(bh)
write to buffer data
CPU2:
clear_buffer_dirty(bh);
submit_bh(WRITE, bh);
The resulting operations may end up in this order:
CPU1: test for !buffer_dirty(bh) --- sees that the bit is set
CPU2: clear_buffer_dirty(bh);
CPU2: submit_bh(WRITE, bh);
CPU1: write to buffer data
So we have a clean buffer with modified data and this modification is
going to be lost.
Mikulas
Signed-off-by: Mikulas Patocka <mikulas@xxxxxxxxxxxxxxxxxxxxxxxx>
--- linux-2.6.25-rc8/fs/buffer.c_ 2008-04-02 21:08:36.000000000 +0200
+++ linux-2.6.25-rc8/fs/buffer.c 2008-04-02 21:10:25.000000000 +0200
@@ -1180,6 +1180,12 @@
*/
void mark_buffer_dirty(struct buffer_head *bh)
{
+ /*
+ * Make sure that the test for buffer_dirty(bh) is not reordered with
+ * previous modifications to the buffer data.
+ * -- mikulas
+ */
+ smp_mb();
WARN_ON_ONCE(!buffer_uptodate(bh));
if (!buffer_dirty(bh) && !test_set_buffer_dirty(bh))
__set_page_dirty(bh->b_page, page_mapping(bh->b_page), 0);
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/