Hi Tang,
(2014/02/27 19:40), Tang Chen wrote:
> When doing aio ring page migration, we migrated the page, and update
> ctx->ring_pages[]. Like the following:
>
> aio_migratepage()
> |-> migrate_page_copy(new, old)
> | ...... /* Need barrier here */
> |-> ctx->ring_pages[idx] = new
>
> Actually, we need a memory barrier between these two operations.
> Otherwise, if ctx->ring_pages[] is updated before memory copy due to
> the compiler optimization, other processes may have an opportunity
> to access to the not fully initialized new ring page.
>
> So add a wmb to synchronize them.
>
> Reported-by: Yasuaki Ishimatsu <isimatu.yasuaki@xxxxxxxxxxxxxx>
> Signed-off-by: Tang Chen <tangchen@xxxxxxxxxxxxxx>
> ---
> fs/aio.c | 8 ++++++++
> 1 file changed, 8 insertions(+)
>
> diff --git a/fs/aio.c b/fs/aio.c
> index 50c089c..f0ed838 100644
> --- a/fs/aio.c
> +++ b/fs/aio.c
> @@ -327,6 +327,14 @@ static int aio_migratepage(struct address_space *mapping, struct page *new,
> pgoff_t idx;
> spin_lock_irqsave(&ctx->completion_lock, flags);
> migrate_page_copy(new, old);
> +
> + /*
> + * Ensure memory copy is finished before updating
> + * ctx->ring_pages[]. Otherwise other processes may access to
> + * new ring pages which are not fully initialized.
> + */
> + smp_wmb();
> +
If you put smp_wmb() here, you should put smp_rmb() before kmap() in
aio_read_events_ring().
Thanks,
Yasuaki Ishimatsu
> idx = old->index;
> if (idx < (pgoff_t)ctx->nr_pages) {
> /* And only do the move if things haven't changed */
>
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
