207717 – reiserfs: data race on inode->i_size in reiserfs_write_full_page()

Bug 207717 - reiserfs: data race on inode->i_size in reiserfs_write_full_page()

Summary: reiserfs: data race on inode->i_size in reiserfs_write_full_page()

Status:	NEW

Alias:	None

Product:	File System
Classification:	Unclassified
Component:	ReiserFS (show other bugs)
Hardware:	All Linux

Importance:	P1 normal
Assignee:	ReiseFS developers team

URL:
Keywords:

Depends on:
Blocks:

Reported:	2020-05-13 03:28 UTC by Jia-Ju Bai
Modified:	2020-05-13 03:31 UTC (History)
CC List:	2 users (show)

See Also:
Kernel Version:	5.4
Subsystem:
Regression:	No
Bisected commit-id:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Jia-Ju Bai 2020-05-13 03:28:02 UTC

The functions reiserfs_write_full_page() and reiserfs_write_end() are concurrently executed at runtime in the following call contexts:

Thread 1:
reiserfs_writepage()
  reiserfs_write_full_page()

Thread 2:
reiserfs_write_end()

In reiserfs_write_full_page():
  unsigned long end_index = inode->i_size >> PAGE_SHIFT;

In reiserfs_write_end():
  inode->i_size = pos + copied;

Thus, a data race on inode->i_size occurs.

This data race was found and actually reproduced by our concurrency fuzzer.

I am not sure whether this data race is harmful and how to fix this data race properly, so I want to listen to your opinions, thanks :)

Note You need to log in before you can comment on or make changes to this bug.