[PATCH v2] fs: jfs: fix a possible data race in txBegin()
The functions txBegin() and txLazyCommit() can be concurrently executed in the following call contexts: Thread1: jfs_write_inode() jfs_commit_inode() txBegin() Thread2: jfs_lazycommit() txLazyCommit() In txBegin(): tblk->next = tblk->last = tblk->xflag = tblk->flag = tblk->lsn = 0; In txLazyCommit(): spin_lock_irq(>gclock); ... tblk->flag |= tblkGC_COMMITTED; ... spin_unlock_irq(>gclock); A data race can occur for the data structure member "flag". This data race was found by our concurrency fuzzer. Thus use the spin lock "gclock" for the resetting of five data structure members in this function implementation. Signed-off-by: Jia-Ju Bai --- v2: * Change the description. Thank Markus Elfring for good advice. fs/jfs/jfs_txnmgr.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/fs/jfs/jfs_txnmgr.c b/fs/jfs/jfs_txnmgr.c index c8ce7f1bc594..a1f124aad2e0 100644 --- a/fs/jfs/jfs_txnmgr.c +++ b/fs/jfs/jfs_txnmgr.c @@ -415,7 +415,9 @@ tid_t txBegin(struct super_block *sb, int flag) * * memset(tblk, 0, sizeof(struct tblock)); */ + spin_lock_irq(>gclock); tblk->next = tblk->last = tblk->xflag = tblk->flag = tblk->lsn = 0; + spin_unlock_irq(>gclock); tblk->sb = sb; ++log->logtid; -- 2.17.1
[PATCH v2] fs: jfs: fix a possible data race in txBegin()
The functions txBegin() and txLazyCommit() can be concurrently executed in the following call contexts: Thread1: jfs_write_inode() jfs_commit_inode() txBegin() Thread2: jfs_lazycommit() txLazyCommit() In txBegin(): tblk->next = tblk->last = tblk->xflag = tblk->flag = tblk->lsn = 0; In txLazyCommit(): spin_lock_irq(>gclock); ... tblk->flag |= tblkGC_COMMITTED; ... spin_unlock_irq(>gclock); A data race can occur for the data structure member "flag". This data race was found by our concurrency fuzzer. Thus use the spin lock "gclock" for the resetting of five data structure members in this function implementation. Signed-off-by: Jia-Ju Bai --- v2: * Change the description. Thank Markus Elfring for good advice. --- fs/jfs/jfs_txnmgr.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/fs/jfs/jfs_txnmgr.c b/fs/jfs/jfs_txnmgr.c index c8ce7f1bc594..a1f124aad2e0 100644 --- a/fs/jfs/jfs_txnmgr.c +++ b/fs/jfs/jfs_txnmgr.c @@ -415,7 +415,9 @@ tid_t txBegin(struct super_block *sb, int flag) * * memset(tblk, 0, sizeof(struct tblock)); */ + spin_lock_irq(>gclock); tblk->next = tblk->last = tblk->xflag = tblk->flag = tblk->lsn = 0; + spin_unlock_irq(>gclock); tblk->sb = sb; ++log->logtid; -- 2.17.1
Re: fs: jfs: fix a possible data race in txBegin()
On 2020/5/5 21:23, Dave Kleikamp wrote: On 5/5/20 12:12 AM, Markus Elfring wrote: I am not sure how to add the tag "Fixes"... How helpful do you find the available software documentation? https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/process/submitting-patches.rst?id=47cf1b422e6093aee2a3e55d5e162112a2c69870#n183 I need to find which previous commit add the code about txBegin()? I suggest to take another look at corresponding source code places by a command like “git blame”. https://git-scm.com/book/en/v2/Git-Tools-Debugging-with-Gits I suspect that the problem was in the code much longer than it has been under git source control. I agree, because "git blame" shows the last change to txBegin() is commit 1da177e4c3f4, which was submitted in 2005... And this commit just added or merged the filesystem to the Linux kernel. Thus, adding the tag "Fixes" of this commit should be useless... Best wishes, Jia-Ju Bai
Re: fs: jfs: fix a possible data race in txBegin()
On 5/5/20 12:12 AM, Markus Elfring wrote: >> I am not sure how to add the tag "Fixes"... > > How helpful do you find the available software documentation? > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/process/submitting-patches.rst?id=47cf1b422e6093aee2a3e55d5e162112a2c69870#n183 > > >> I need to find which previous commit add the code about txBegin()? > > I suggest to take another look at corresponding source code places > by a command like “git blame”. > https://git-scm.com/book/en/v2/Git-Tools-Debugging-with-Gits I suspect that the problem was in the code much longer than it has been under git source control. > > Regards, > Markus >
Re: fs: jfs: fix a possible data race in txBegin()
On 2020/5/5 13:12, Markus Elfring wrote: I am not sure how to add the tag "Fixes"... How helpful do you find the available software documentation? https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/process/submitting-patches.rst?id=47cf1b422e6093aee2a3e55d5e162112a2c69870#n183 I need to find which previous commit add the code about txBegin()? I suggest to take another look at corresponding source code places by a command like “git blame”. https://git-scm.com/book/en/v2/Git-Tools-Debugging-with-Gits Thanks a lot, Markus. I have used "git blame" to find the last change on the related source code. I will send V2 patches, thanks again :) Best wishes, Jia-Ju Bai
Re: fs: jfs: fix a possible data race in txBegin()
> I am not sure how to add the tag "Fixes"... How helpful do you find the available software documentation? https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/process/submitting-patches.rst?id=47cf1b422e6093aee2a3e55d5e162112a2c69870#n183 > I need to find which previous commit add the code about txBegin()? I suggest to take another look at corresponding source code places by a command like “git blame”. https://git-scm.com/book/en/v2/Git-Tools-Debugging-with-Gits Regards, Markus
Re: [PATCH] fs: jfs: fix a possible data race in txBegin()
On 2020/5/5 0:15, Markus Elfring wrote: Thus, a data race can occur for tblk->flag. To fix this data race, the spinlock log->gclock is used in txBegin(). This data race is found by our concurrency fuzzer. How do you think about a wording variant like the following? Change description: A data race can occur for the data structure member “flag”. This data race was found by our concurrency fuzzer. Thus use the spin lock “gclock” for the resetting of five data structure members in this function implementation. Would you like to add the tag “Fixes” to the commit message? Thanks, Markus. I am not sure how to add the tag "Fixes"... I need to find which previous commit add the code about txBegin()? Best wishes, Jia-Ju Bai
Re: [PATCH] fs: jfs: fix a possible data race in txBegin()
> Thus, a data race can occur for tblk->flag. > > To fix this data race, the spinlock log->gclock is used in > txBegin(). > > This data race is found by our concurrency fuzzer. How do you think about a wording variant like the following? Change description: A data race can occur for the data structure member “flag”. This data race was found by our concurrency fuzzer. Thus use the spin lock “gclock” for the resetting of five data structure members in this function implementation. Would you like to add the tag “Fixes” to the commit message? Regards, Markus
[PATCH] fs: jfs: fix a possible data race in txBegin()
The functions txBegin() and txLazyCommit() can be concurrently executed in the following call contexts: Thread1: jfs_write_inode() jfs_commit_inode() txBegin() Thread2: jfs_lazycommit() txLazyCommit() In txBegin(): tblk->next = tblk->last = tblk->xflag = tblk->flag = tblk->lsn = 0; In txLazyCommit(): spin_lock_irq(>gclock); ... tblk->flag |= tblkGC_COMMITTED; ... spin_unlock_irq(>gclock); Thus, a data race can occur for tblk->flag. To fix this data race, the spinlock log->gclock is used in txBegin(). This data race is found by our concurrency fuzzer. Signed-off-by: Jia-Ju Bai --- fs/jfs/jfs_txnmgr.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/fs/jfs/jfs_txnmgr.c b/fs/jfs/jfs_txnmgr.c index c8ce7f1bc594..a1f124aad2e0 100644 --- a/fs/jfs/jfs_txnmgr.c +++ b/fs/jfs/jfs_txnmgr.c @@ -415,7 +415,9 @@ tid_t txBegin(struct super_block *sb, int flag) * * memset(tblk, 0, sizeof(struct tblock)); */ + spin_lock_irq(>gclock); tblk->next = tblk->last = tblk->xflag = tblk->flag = tblk->lsn = 0; + spin_unlock_irq(>gclock); tblk->sb = sb; ++log->logtid; -- 2.17.1
