SMP Race in brelse

Daniel Phillips Fri, 02 Feb 2001 09:56:04 -0800

There is a rare SMP race in brelse:

1138 void __brelse(struct buffer_head * buf)
1139 {
1140         if (atomic_read(&buf->b_count)) {
1141                 atomic_dec(&buf->b_count);
1142                 return;
1143         }
1144         printk("VFS: brelse: Trying to free free buffer\n");
1145 }

                cpu1                                 cpu2

Starting with buf->b_count = 1, if we have:

   if (atomic_read(&buf->b_count))
                                         if (atomic_read(&buf->b_count))
       atomic_dec(&buf->b_count);
                                              atomic_dec(&buf->b_count);

buf->b_count is now 0, but it should be -1, we fail to to report
an erroneous extra brelse.

-- 
Daniel
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
Please read the FAQ at http://www.tux.org/lkml/

SMP Race in brelse

Reply via email to