[PATCH] cgroup, writeback: add smp_mb() to inode_prepare_wbs_switch()

From: Roman Gushchin
Date: Wed Jun 09 2021 - 17:14:26 EST

Next message: Pawan Gupta: "[PATCH 4/4] x86/tsx: Add cmdline tsx=fake to not clear CPUID bits RTM and HLE"
Previous message: Jerome Brunet: "Re: [PATCH] clk: meson: g12a: Add missing NNA source clocks for g12b"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Add a memory barrier between incrementing isw_nr_in_flight
and checking the sb's SB_ACTIVE flag and grabbing an inode in
inode_prepare_wbs_switch(). It's required to prevent grabbing
an inode before incrementing isw_nr_in_flight, otherwise
0 can be obtained as isw_nr_in_flight in cgroup_writeback_umount()
and isw_wq will not be flushed, potentially leading to a memory
corruption.

Added smp_mb() will work in pair with smp_mb() in
cgroup_writeback_umount().

Suggested-by: Ming Lei <ming.lei@xxxxxxxxxx>
Signed-off-by: Roman Gushchin <guro@xxxxxx>
---
fs/fs-writeback.c | 8 ++++++++
1 file changed, 8 insertions(+)

diff --git a/fs/fs-writeback.c b/fs/fs-writeback.c
index 545fce68e919..6332b86ca4ed 100644
--- a/fs/fs-writeback.c
+++ b/fs/fs-writeback.c
@@ -513,6 +513,14 @@ static void inode_switch_wbs_work_fn(struct work_struct *work)
static bool inode_prepare_wbs_switch(struct inode *inode,
struct bdi_writeback *new_wb)
{
+ /*
+ * Paired with smp_mb() in cgroup_writeback_umount().
+ * isw_nr_in_flight must be increased before checking SB_ACTIVE and
+ * grabbing an inode, otherwise isw_nr_in_flight can be observed as 0
+ * in cgroup_writeback_umount() and the isw_wq will be not flushed.
+ */
+ smp_mb();
+
/* while holding I_WB_SWITCH, no one else can update the association */
spin_lock(&inode->i_lock);
if (!(inode->i_sb->s_flags & SB_ACTIVE) ||
--
2.31.1

Next message: Pawan Gupta: "[PATCH 4/4] x86/tsx: Add cmdline tsx=fake to not clear CPUID bits RTM and HLE"
Previous message: Jerome Brunet: "Re: [PATCH] clk: meson: g12a: Add missing NNA source clocks for g12b"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]