SMP Race in brelse

Daniel Phillips (phillips@innominate.de)
Fri, 2 Feb 2001 15:19:34 +0100

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Tigran Aivazian: "Re: SMP Race in brelse"
Previous message: Hans Reiser: "Re: ReiserFS Oops (2.4.1, deterministic, symlink"
Next in thread: Tigran Aivazian: "Re: SMP Race in brelse"
Reply: Tigran Aivazian: "Re: SMP Race in brelse"

There is a rare SMP race in brelse:

1138 void __brelse(struct buffer_head * buf)
1139 {
1140 if (atomic_read(&buf->b_count)) {
1141 atomic_dec(&buf->b_count);
1142 return;
1143 }
1144 printk("VFS: brelse: Trying to free free buffer\n");
1145 }

cpu1 cpu2

Starting with buf->b_count = 1, if we have:

if (atomic_read(&buf->b_count))
if (atomic_read(&buf->b_count))
atomic_dec(&buf->b_count);
atomic_dec(&buf->b_count);

buf->b_count is now 0, but it should be -1, we fail to to report
an erroneous extra brelse.

-- 
Daniel
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/

Next message: Tigran Aivazian: "Re: SMP Race in brelse"
Previous message: Hans Reiser: "Re: ReiserFS Oops (2.4.1, deterministic, symlink"
Next in thread: Tigran Aivazian: "Re: SMP Race in brelse"
Reply: Tigran Aivazian: "Re: SMP Race in brelse"