Received: by 2002:a25:23cc:0:0:0:0:0 with SMTP id j195csp741404ybj;
        Tue, 5 May 2020 06:57:17 -0700 (PDT)
X-Google-Smtp-Source: APiQypJsz2cohgQRI+TolIJCXWLTYJJ3AYSJjXXKleol9V0fbBkdpmqIpjUoFWl8F/gqg9J0zSZr
X-Received: by 2002:aa7:d689:: with SMTP id d9mr2782911edr.22.1588687037021;
        Tue, 05 May 2020 06:57:17 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1588687037; cv=none;
        d=google.com; s=arc-20160816;
        b=c/9t9RpOTs+pAyGYhwtSttvikpVKHWw+NmHJNnj7VaxiP28D2W1+oIHut/qP7j466T
         0acXFs64s8ivDHoSLSTkkmsd0/sxbiZJyrHnY71F7/In5OnWTabDmw3tkNPOreX0rkA0
         IEh1BSSTW5TTe0xx1zf03U9dvaGZ8xvvjh3EYi/SXR5tYLGlzZPmH/1TmdCtwQACz332
         6/1b5NVHqnY7P1bJv4y1cja72Ka3hNYJlAKI5pCB1na7epoyYGvJrPzs31/djmWbqxLN
         da03RbivmzCFD9JdqEq39UnXzPHuIPsN0ZLnWH+jQn0StVuOX5B6rQhUWtZOXXy3WrGy
         Ez1g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:message-id:date:subject:cc:to:from
         :dkim-signature;
        bh=Jsy+vFKG2w3TRg1if2OaNR87RH1NyplF73zGSyvE/Rs=;
        b=08A/qk9zohY9xajn0xXZF5cqEfchjHWS86dw4EeOhmzJHce7wLxzU4Hm5gm7DpXhp6
         5QQjHdooc12iSYAXo8vsQ/kUfZFX5mAPbJEYnchJpK1LQ77mfL289dDlO2HS6R9qAcui
         aFAvrAbkaARJ/fJPMbL5PaumuSpIVzVPaHfnV2qteCz8poHnUNGHRyaanLkyy5BEcz2B
         erEZUreBTFZ4pwnXxNzmYzqOq/gZN9IXvs6l0b/ck+rl6Gv9m67bPm8RJMa2wFFiF2Iv
         Qiljd8HIqeJCdpFS+/vlm6HPu/vkM7cDPBcj/ayHD3NCcVtbgzigtAcwLX8ReGctZWux
         dxfw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=TG31h2lH;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id l9si1105401ejc.237.2020.05.05.06.56.54;
        Tue, 05 May 2020 06:57:17 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=TG31h2lH;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1729158AbgEENyp (ORCPT <rfc822;radocaj.bane@gmail.com>
        + 99 others); Tue, 5 May 2020 09:54:45 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45476 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-FAIL-OK-FAIL)
        by vger.kernel.org with ESMTP id S1728180AbgEENyn (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 5 May 2020 09:54:43 -0400
Received: from mail-pj1-x1042.google.com (mail-pj1-x1042.google.com [IPv6:2607:f8b0:4864:20::1042])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 496A0C061A0F
        for <linux-kernel@vger.kernel.org>; Tue,  5 May 2020 06:54:43 -0700 (PDT)
Received: by mail-pj1-x1042.google.com with SMTP id q24so382893pjd.1
        for <linux-kernel@vger.kernel.org>; Tue, 05 May 2020 06:54:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=from:to:cc:subject:date:message-id;
        bh=Jsy+vFKG2w3TRg1if2OaNR87RH1NyplF73zGSyvE/Rs=;
        b=TG31h2lHvlOV32idvIopV8FeDNBzrpP6uSBMRXYGBhlacTbKQbgLAB7yW1s+OghDa7
         p80TzukpfZQ19ZLwiJ1jn/Cc2p9RKJaSQ3GZW2ASGloYUa97EdTDal19QwGCIxBpE3/v
         IO3Tj3rhSHZhNqexHH0yuCvznft9zvVxjahrk6LxQP40yD3aUb8+Q6lrtsuHRVA4WpEQ
         muyOvYHbwJ79uQ+jg29fNECEFPVytJ7vHf8kSB7CuV88f1wTVmu52Wy7WBmzVi3RS2Pf
         na4soy+wKmWzasJfamrOzFvXquCB06vSUxanrnN8dPRrjsSZMa3lLJeC43Y6aPx8TlEO
         4rGw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id;
        bh=Jsy+vFKG2w3TRg1if2OaNR87RH1NyplF73zGSyvE/Rs=;
        b=RpLzfrMBUZfJL2R0aHFLigU1g3HGavyh0XfdicmKmaFzG/na8DXFyGp448wN7hcCxQ
         cOkvucMFrl8m2/t8kbYG1XwoCa0YP1rNdABHfne4uTG7uUSYjg78+PrtRu8wJZDaX6yb
         aCPNDfNMQH3DY1baBTe/afs6VE+KFIiasSh+QSbr2U0hyTfjN8i3zsjVniBgW/ZeKw0k
         UNVn2tN4P0NlHG12TGBSLuLw7W5AVMSCdNhtmeXs3/VVEPkcsub7cj7+YBKI2Urn+bDz
         AUwFU+7douv5OIASNYsEhPPZqmI7EHAaCRVrgcKmLMbwuAMlPhLGeHEFRWimrAHW+rgn
         QW9A==
X-Gm-Message-State: AGi0PubJY6ba30Pu/fBhn2xgQpXiizKnbcJhvRcXOnlYpofcVgWF+CpH
        wbrHqlOWGndlVP6gNwVEW1Y=
X-Received: by 2002:a17:90a:f302:: with SMTP id ca2mr895545pjb.223.1588686882864;
        Tue, 05 May 2020 06:54:42 -0700 (PDT)
Received: from localhost.localdomain ([120.244.110.63])
        by smtp.gmail.com with ESMTPSA id m63sm2221920pfb.101.2020.05.05.06.54.39
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 05 May 2020 06:54:42 -0700 (PDT)
From:   Jia-Ju Bai <baijiaju1990@gmail.com>
To:     shaggy@kernel.org, Markus.Elfring@web.de
Cc:     jfs-discussion@lists.sourceforge.net, linux-kernel@vger.kernel.org,
        Jia-Ju Bai <baijiaju1990@gmail.com>
Subject: [PATCH v2] fs: jfs: fix a possible data race in txBegin()
Date:   Tue,  5 May 2020 21:54:11 +0800
Message-Id: <20200505135411.28893-1-baijiaju1990@gmail.com>
X-Mailer: git-send-email 2.17.1
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

The functions txBegin() and txLazyCommit() can be concurrently executed
in the following call contexts:

Thread1:
  jfs_write_inode()
    jfs_commit_inode()
      txBegin()

Thread2:
  jfs_lazycommit()
    txLazyCommit()

In txBegin():
  tblk->next = tblk->last = tblk->xflag = tblk->flag = tblk->lsn = 0;

In txLazyCommit():
  spin_lock_irq(&log->gclock);
  ...
  tblk->flag |= tblkGC_COMMITTED;
  ...
  spin_unlock_irq(&log->gclock);

A data race can occur for the data structure member "flag". 
This data race was found by our concurrency fuzzer.

Thus use the spin lock "gclock" for the resetting of five 
data structure members in this function implementation.

Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com>
---
v2:
* Change the description.
  Thank Markus Elfring for good advice.

---
 fs/jfs/jfs_txnmgr.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/fs/jfs/jfs_txnmgr.c b/fs/jfs/jfs_txnmgr.c
index c8ce7f1bc594..a1f124aad2e0 100644
--- a/fs/jfs/jfs_txnmgr.c
+++ b/fs/jfs/jfs_txnmgr.c
@@ -415,7 +415,9 @@ tid_t txBegin(struct super_block *sb, int flag)
 	 *
 	 * memset(tblk, 0, sizeof(struct tblock));
 	 */
+	spin_lock_irq(&log->gclock);
 	tblk->next = tblk->last = tblk->xflag = tblk->flag = tblk->lsn = 0;
+	spin_unlock_irq(&log->gclock);
 
 	tblk->sb = sb;
 	++log->logtid;
-- 
2.17.1