Received: by 2002:a25:23cc:0:0:0:0:0 with SMTP id j195csp810702ybj;
        Tue, 5 May 2020 07:54:15 -0700 (PDT)
X-Google-Smtp-Source: APiQypLDy0jqTDAF2IdvdcanhFqUXT2oDKQu1KIAUuzx2YoVfeU07yrM3W4ScKEN6MjMYpGMOpVt
X-Received: by 2002:aa7:dd84:: with SMTP id g4mr3079344edv.257.1588690455031;
        Tue, 05 May 2020 07:54:15 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1588690455; cv=none;
        d=google.com; s=arc-20160816;
        b=qzUqS6hr0OMD8bLAJl0tLFRf8a282uYwLZD7ooLqiKbQH6AAgmVjYh4ZGHDThhX0ok
         0+r4TH9Z6Q7G91pDnHCQvkVsJxZs0SUHA3+J6CnoZhNaXmJ8ZneRMLVuUTfQQDIxsnrv
         QBMir/wus/u6N4l/JoQ2UrXTc0IRvQxPWVSp+dZpCTrETYeFmQacPuG21sou6S7AufO5
         DEXFgHYzgDIMgGKd3ba5irNl/cALnIFN2a1JhZpS6fAwYPbDFlGJG6yiZ0URK6g/Qt/f
         VuCFIsrgkn058Un9Sgp9hI3r/Tkz5kdxrfF7X7PIuHJL+sruIZaC6/amI+xOOA/runFz
         8+Ng==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:message-id:date:subject:cc:to:from
         :dkim-signature;
        bh=gqMtkzsSoPZBMMdRPapCy9u7s4SBqp2jU6yXsz651xs=;
        b=ulrFj3wwrKx0TZ3R98NtidYn9bKbXYcBTKiRDwuwO8SGz7CL7ljOhGlpOQfnMiQF1o
         WPnWfxKO+d6HZ5hqpXZfE1x5XDmy1Xe/QXax2rto5OPd1g3LxRVqNc4r4X05BJ54FVQT
         p06Pi47l4qHMacr7NzOTz2JV9GqOuQSZmCy+jynznxkJRdLFrNLWs1KhhZNa1IdF+Er9
         kjDouvIlAMd6uLIPuIH+O0tWeCeSoO7HMA9tdSL6LZExwx0DVyLy1h1ri7w2WIXiSMoU
         ibiruyJ34hinrAnpphdKJ9YnTP10h0f6IbfSEV/2sfTZe4TivdniyFK8enCY5ZuM6UW2
         7ZAw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=sBavfMWd;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id f15si1198836ejf.515.2020.05.05.07.53.51;
        Tue, 05 May 2020 07:54:15 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=sBavfMWd;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1729573AbgEEOvA (ORCPT <rfc822;radocaj.bane@gmail.com>
        + 99 others); Tue, 5 May 2020 10:51:00 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54672 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-FAIL-OK-FAIL)
        by vger.kernel.org with ESMTP id S1729183AbgEEOvA (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 5 May 2020 10:51:00 -0400
Received: from mail-pl1-x643.google.com (mail-pl1-x643.google.com [IPv6:2607:f8b0:4864:20::643])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 262CBC061A0F
        for <linux-kernel@vger.kernel.org>; Tue,  5 May 2020 07:51:00 -0700 (PDT)
Received: by mail-pl1-x643.google.com with SMTP id u10so912381pls.8
        for <linux-kernel@vger.kernel.org>; Tue, 05 May 2020 07:51:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=from:to:cc:subject:date:message-id;
        bh=gqMtkzsSoPZBMMdRPapCy9u7s4SBqp2jU6yXsz651xs=;
        b=sBavfMWdGoIANOSSLVXfXxC83qThaa0PpqS7Gu0n+50OKtn9f0tzizOmIqG2aTxtZ2
         xp3HubkEHyBYGfLwk9sdggL6flPiZUZvKKQwy8GsCM8yTZ7LaNtDSwpxZpNzwSNfv6u0
         H1Pio9FUQcYG/lkYk30Ywst5VEoF6G/Zt5DsgQxlGCZJevYunPeUUrixpsa1Sf8j6TQB
         H2ruHWKzH0i8PhmCWp67lXb1UO+erKSBQAj5FlgOew7zF2kHf5BvBQzv0TmlWGewcqFq
         Js+WWOGfBGVCGQTcfvhaZoqleU+outnnSDhigFJ1WXwhQCEvUdpPv4rpIH/3QZzcOH2G
         IcBQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id;
        bh=gqMtkzsSoPZBMMdRPapCy9u7s4SBqp2jU6yXsz651xs=;
        b=LPHN+9ldeoTlk+Mcw7H0VbbBVHGhQ0Mpec+/HWRTZ4IS+ZeM7kq459B7rwvLMPq3fC
         ODC6yGoHMFV2ugiN7yrQ+S996SaxCvApZRpN2stWU6CYVsTO1c/OE5em3vNFxx1pZmMW
         Zmsh+j/axTedaJAZZTmyc/e1Z5/iHtjx0UhpA+ZPReXILky+YXhgNMFFC5lKYqHJ4+TZ
         21TswNNV1y8ddp3ZTPXWWz9/NI2PPCBTO52j6+6p7cxlgLC0FbY1lMZzVamyA1jpCrSV
         26AwEOSwM+OFCU5KxLxaMrDLEKHoMYbOxjyzwbgxcMAj0NCs52ER9noieHIzULZfV6zq
         3ZLw==
X-Gm-Message-State: AGi0PuYGM1brGjGkMNo40FVXH1/UuL58FvQ4P0cQNlW3obulVfmmghs4
        fpCvjyP0BFieqLR9NLbXxaI=
X-Received: by 2002:a17:90b:93:: with SMTP id bb19mr3545245pjb.134.1588690259719;
        Tue, 05 May 2020 07:50:59 -0700 (PDT)
Received: from localhost.localdomain ([120.244.110.63])
        by smtp.gmail.com with ESMTPSA id l16sm1727711pgh.35.2020.05.05.07.50.56
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 05 May 2020 07:50:58 -0700 (PDT)
From:   Jia-Ju Bai <baijiaju1990@gmail.com>
To:     shaggy@kernel.org, Markus.Elfring@web.de
Cc:     jfs-discussion@lists.sourceforge.net, linux-kernel@vger.kernel.org,
        Jia-Ju Bai <baijiaju1990@gmail.com>
Subject: [PATCH v2] fs: jfs: fix a possible data race in txBegin()
Date:   Tue,  5 May 2020 22:50:13 +0800
Message-Id: <20200505145013.8040-1-baijiaju1990@gmail.com>
X-Mailer: git-send-email 2.17.1
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

The functions txBegin() and txLazyCommit() can be concurrently executed
in the following call contexts:

Thread1:
  jfs_write_inode()
    jfs_commit_inode()
      txBegin()

Thread2:
  jfs_lazycommit()
    txLazyCommit()

In txBegin():
  tblk->next = tblk->last = tblk->xflag = tblk->flag = tblk->lsn = 0;

In txLazyCommit():
  spin_lock_irq(&log->gclock);
  ...
  tblk->flag |= tblkGC_COMMITTED;
  ...
  spin_unlock_irq(&log->gclock);

A data race can occur for the data structure member "flag". 
This data race was found by our concurrency fuzzer.

Thus use the spin lock "gclock" for the resetting of five 
data structure members in this function implementation.

Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com>
---
v2:
* Change the description.
  Thank Markus Elfring for good advice.

 fs/jfs/jfs_txnmgr.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/fs/jfs/jfs_txnmgr.c b/fs/jfs/jfs_txnmgr.c
index c8ce7f1bc594..a1f124aad2e0 100644
--- a/fs/jfs/jfs_txnmgr.c
+++ b/fs/jfs/jfs_txnmgr.c
@@ -415,7 +415,9 @@ tid_t txBegin(struct super_block *sb, int flag)
 	 *
 	 * memset(tblk, 0, sizeof(struct tblock));
 	 */
+	spin_lock_irq(&log->gclock);
 	tblk->next = tblk->last = tblk->xflag = tblk->flag = tblk->lsn = 0;
+	spin_unlock_irq(&log->gclock);
 
 	tblk->sb = sb;
 	++log->logtid;
-- 
2.17.1