On Mon, Nov 16, 2015 at 10:15:56AM -0800, Dan Williams wrote: > On Mon, Nov 16, 2015 at 4:09 AM, Yigal Korman <yigal@xxxxxxxxxxxxx> wrote: > > DAX handling of COW faults has wrong locking sequence: > > dax_fault does i_mmap_lock_read > > do_cow_fault does i_mmap_unlock_write > > > > Ross's commit[1] missed a fix[2] that Kirill added to Matthew's > > commit[3]. > > > > Original COW locking logic was introduced by Matthew here[4]. > > > > This should be applied to v4.3 as well. > > > > [1] 0f90cc6609c7 mm, dax: fix DAX deadlocks > > [2] 52a2b53ffde6 mm, dax: use i_mmap_unlock_write() in do_cow_fault() > > [3] 843172978bb9 dax: fix race between simultaneous faults > > [4] 2e4cdab0584f mm: allow page fault handlers to perform the COW > > > > Signed-off-by: Yigal Korman <yigal@xxxxxxxxxxxxx> > > > > Cc: Stable Tree <stable@xxxxxxxxxxxxxxx> > > Cc: Boaz Harrosh <boaz@xxxxxxxxxxxxx> > > Cc: Ross Zwisler <ross.zwisler@xxxxxxxxxxxxxxx> > > Cc: Alexander Viro <viro@xxxxxxxxxxxxxxxxxx> > > Cc: Dan Williams <dan.j.williams@xxxxxxxxx> > > Cc: Dave Chinner <dchinner@xxxxxxxxxx> > > Cc: Jan Kara <jack@xxxxxxxx> > > Cc: "Kirill A. Shutemov" <kirill.shutemov@xxxxxxxxxxxxxxx> > > Cc: Matthew Wilcox <matthew.r.wilcox@xxxxxxxxx> > > --- > > mm/memory.c | 8 ++++---- > > 1 file changed, 4 insertions(+), 4 deletions(-) > > > > diff --git a/mm/memory.c b/mm/memory.c > > index c716913..e5071af 100644 > > --- a/mm/memory.c > > +++ b/mm/memory.c > > @@ -3015,9 +3015,9 @@ static int do_cow_fault(struct mm_struct *mm, struct vm_area_struct *vma, > > } else { > > /* > > * The fault handler has no page to lock, so it holds > > - * i_mmap_lock for write to protect against truncate. > > + * i_mmap_lock for read to protect against truncate. > > */ > > - i_mmap_unlock_write(vma->vm_file->f_mapping); > > + i_mmap_unlock_read(vma->vm_file->f_mapping); > > } > > goto uncharge_out; > > } > > @@ -3031,9 +3031,9 @@ static int do_cow_fault(struct mm_struct *mm, struct vm_area_struct *vma, > > } else { > > /* > > * The fault handler has no page to lock, so it holds > > - * i_mmap_lock for write to protect against truncate. > > + * i_mmap_lock for read to protect against truncate. > > */ > > - i_mmap_unlock_write(vma->vm_file->f_mapping); > > + i_mmap_unlock_read(vma->vm_file->f_mapping); > > } > > return ret; > > uncharge_out: > > Looks good to me. I'll include this with some other DAX fixes I have pending. Looks good to me as well. Thanks for catching this. -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html