Re: inode_unused list corruption in 2.4.26 - spin_lock problem?

From: Marcelo Tosatti
Date: Mon Jun 21 2004 - 13:33:11 EST

Next message: Takashi Iwai: "Re: [BUG] 2.6.x ALSA sound is pretty broken"
Previous message: Ronald Bultje: "Re: [Mjpeg-users] [2.6 patch] let VIDEO_ZORAN depend on I2C_ALGOBIT"
In reply to: Trond Myklebust: "Re: inode_unused list corruption in 2.4.26 - spin_lock problem?"
Next in thread: Chris Caputo: "Re: inode_unused list corruption in 2.4.26 - spin_lock problem?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Jun 21, 2004 at 01:10:21PM -0400, Trond Myklebust wrote:
> På su , 20/06/2004 klokka 20:45, skreiv Marcelo Tosatti:
> > Lets see if I get this right, while we drop the lock in iput to call
> > write_inode_now() an iget happens, possibly from write_inode_now itself
> > (sync_one->__iget) causing the inode->i_list to be added to to inode_in_use.
> > But then the call returns, locks inode_lock, decreases inodes_stat.nr_unused--
> > and deletes the inode from the inode_in_use and adds to inode_unused.
> >
> > AFAICS its an inode with i_count==1 in the unused list, which does not
> > mean "list corruption", right? Am I missing something here?
>
> Yes. Please don't forget that the inode is still hashed and is not yet
> marked as FREEING: find_inode() can grab it on behalf of some other
> process as soon as we drop that spinlock inside iput(). Then we have the
> calls to clear_inode() + destroy_inode() just a few lines further down.
> ;-)
>
> If the above scenario ever does occur, it will cause random Oopses for
> third party processes. Since we do not see this too often, my guess is
> that the write_inode_now() path must be very rarely (or never?) called.

Thats what I though: That if the scenario you described really happens, we
would see random oopses (processes using a deleted inode) instead of
Chris's list corruption.

Chris, _please_ post your full oopses.

> > If you are indeed right all 2.4.x versions contain this bug.
>
> ...and all 2.6.x versions...
>
> I'm not saying this is the same problem that Chris is seeing, but I am
> failing to see how iput() is safe as it stands right now. Please
> enlighten me if I'm missing something.

For me your analysis looks right and we have a problem here.

I think Al Viro knows iput() very well. Maybe he should take a look
at your patched. CC'ed.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Takashi Iwai: "Re: [BUG] 2.6.x ALSA sound is pretty broken"
Previous message: Ronald Bultje: "Re: [Mjpeg-users] [2.6 patch] let VIDEO_ZORAN depend on I2C_ALGOBIT"
In reply to: Trond Myklebust: "Re: inode_unused list corruption in 2.4.26 - spin_lock problem?"
Next in thread: Chris Caputo: "Re: inode_unused list corruption in 2.4.26 - spin_lock problem?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]