Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1750928AbWJLUHi (ORCPT ); Thu, 12 Oct 2006 16:07:38 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1750951AbWJLUHi (ORCPT ); Thu, 12 Oct 2006 16:07:38 -0400 Received: from mx1.redhat.com ([66.187.233.31]:40382 "EHLO mx1.redhat.com") by vger.kernel.org with ESMTP id S1750904AbWJLUHh (ORCPT ); Thu, 12 Oct 2006 16:07:37 -0400 Message-ID: <452EA06F.4060701@redhat.com> Date: Thu, 12 Oct 2006 15:07:11 -0500 From: Eric Sandeen User-Agent: Thunderbird 1.5.0.7 (X11/20060913) MIME-Version: 1.0 To: Andrew Morton CC: Jan Kara , Badari Pulavarty , Eric Sandeen , Dave Jones , Linux Kernel Subject: Re: 2.6.18 ext3 panic. References: <20061009225036.GC26728@redhat.com> <20061010141145.GM23622@atrey.karlin.mff.cuni.cz> <452C18A6.3070607@redhat.com> <1160519106.28299.4.camel@dyn9047017100.beaverton.ibm.com> <452C4C47.2000107@sandeen.net> <20061011103325.GC6865@atrey.karlin.mff.cuni.cz> <452CF523.5090708@sandeen.net> <20061011142205.GB24508@atrey.karlin.mff.cuni.cz> <1160589284.1447.19.camel@dyn9047017100.beaverton.ibm.com> <452DAA26.6080200@redhat.com> <20061012122820.GK9495@atrey.karlin.mff.cuni.cz> <20061012094036.e1a3f9f1.akpm@osdl.org> In-Reply-To: <20061012094036.e1a3f9f1.akpm@osdl.org> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2068 Lines: 60 Andrew Morton wrote: > On Thu, 12 Oct 2006 14:28:20 +0200 > Jan Kara wrote: > > >> Where can we call >> journal_dirty_data() without PageLock? >> > > block_write_full_page() will unlock the page, so ext3_writepage() > will run journal_dirty_data_fn() against an unlocked page. > > I haven't looked into the exact details of the race, but it should > be addressable via jbd_lock_bh_state() or j_list_lock coverage I'm testing with something like this now; seem sane? journal_dirty_data & journal_unmap_data both check do jbd_lock_bh_state(bh) close to the top... journal_dirty_data_fn has checked buffer_mapped before getting into journal_dirty_data, but that state may change before the lock is grabbed. Similarly re-check after we drop the lock. -Eric Index: linux-2.6.18-1.2737.fc6/fs/jbd/transaction.c =================================================================== --- linux-2.6.18-1.2737.fc6.orig/fs/jbd/transaction.c +++ linux-2.6.18-1.2737.fc6/fs/jbd/transaction.c @@ -967,6 +967,13 @@ int journal_dirty_data(handle_t *handle, */ jbd_lock_bh_state(bh); spin_lock(&journal->j_list_lock); + + /* Now that we have bh_state locked, are we really still mapped? */ + if (!buffer_mapped(bh)) { + JBUFFER_TRACE(jh, "unmapped, bailing out"); + goto no_journal; + } + if (jh->b_transaction) { JBUFFER_TRACE(jh, "has transaction"); if (jh->b_transaction != handle->h_transaction) { @@ -1028,6 +1036,11 @@ int journal_dirty_data(handle_t *handle, sync_dirty_buffer(bh); jbd_lock_bh_state(bh); spin_lock(&journal->j_list_lock); + /* Since we dropped the lock... */ + if (!buffer_mapped(bh)) { + JBUFFER_TRACE(jh, "Got unmapped"); + goto no_journal; + } /* The buffer may become locked again at any time if it is redirtied */ } - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/