Race in wb_do_writeback() ???

From: Larry Woodman
Date: Tue Jun 29 2010 - 16:24:35 EST

Chistoph, I am seeing slabcache corruption. wb_do_writeback() calls
wb_clear_pending() which can queue up the freeing of the bdi_work. Then
it calls wb_writeback() which can block, resulting in using the bdi_work
after its freed.

* If this isn't a data integrity operation, just notify
* that we have seen this work and we are now starting it.
if (!test_bit(WS_ONSTACK, &work->state))
wb_clear_pending(wb, work);

wrote += wb_writeback(wb, &args);

* This is a data integrity writeback, so only do the
* notification when we have completed the work.
if (test_bit(WS_ONSTACK, &work->state))
wb_clear_pending(wb, work);

Can you have one unconditional call to wb_clear_pending() after the
calling wb_writeback()???


