The functions txBegin() and txLazyCommit() can be concurrently executed
in the following call contexts:
Thread1:
jfs_write_inode()
jfs_commit_inode()
txBegin()
Thread2:
jfs_lazycommit()
txLazyCommit()
In txBegin():
tblk->next = tblk->last = tblk->xflag = tblk->flag = tblk->lsn = 0;
In txLazyCommit():
spin_lock_irq(&log->gclock);
...
tblk->flag |= tblkGC_COMMITTED;
...
spin_unlock_irq(&log->gclock);
Thus, a data race can occur for tblk->flag.
To fix this data race, the spinlock log->gclock is used in
txBegin().
This data race is found by our concurrency fuzzer.
Signed-off-by: Jia-Ju Bai <baijiaju1...@gmail.com>
---
fs/jfs/jfs_txnmgr.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/fs/jfs/jfs_txnmgr.c b/fs/jfs/jfs_txnmgr.c
index c8ce7f1bc594..a1f124aad2e0 100644
--- a/fs/jfs/jfs_txnmgr.c
+++ b/fs/jfs/jfs_txnmgr.c
@@ -415,7 +415,9 @@ tid_t txBegin(struct super_block *sb, int flag)
*
* memset(tblk, 0, sizeof(struct tblock));
*/
+ spin_lock_irq(&log->gclock);
tblk->next = tblk->last = tblk->xflag = tblk->flag = tblk->lsn = 0;
+ spin_unlock_irq(&log->gclock);
tblk->sb = sb;
++log->logtid;
--
2.17.1
