[prev in list] [next in list] [prev in thread] [next in thread]
List: freebsd-fs
Subject: Re: [struct mount] Unprotected access to mnt_secondary_writes
From: Alexander Lochmann <alexander.lochmann () tu-dortmund ! de>
Date: 2021-04-09 9:12:21
Message-ID: 5d500a5f-2064-6ffe-7c7e-58f88968916e () tu-dortmund ! de
[Download RAW message or body]
[Attachment #2 (multipart/mixed)]
On 09.04.21 00:02, Konstantin Belousov wrote:
> On Thu, Apr 08, 2021 at 05:47:57PM +0200, Alexander Lochmann wrote:
>> Hi folks!
>>
>> According to the documentation [1], and to our findings, mnt_mtx is used to
>> protect mnt_secondary_writes in struct mount.
>> However, our data shows that it is accessed in vn_fsync_buf() [2] without
>> the mnt_mtx lock. I attached the stack trace at the end of this mail.
>> Our data shows as well that the vnode.v_lock and the vnode.v_bufobj.bo_lock
>> are being held.
>> Is this a valid access that ignores the locking on purpose?
> You mean this line:
> if ((mp != NULL && mp->mnt_secondary_writes > 0) ||
> It is read access and the possible race is innocent.
Thx!
- Alex
>
>> Or is it a bug?
>>
>> Regards,
>> Alex
>>
>> [1] https://github.com/freebsd/freebsd-src/blob/main/sys/sys/mount.h#L236
>> [2]
>> https://github.com/freebsd/freebsd-src/blob/main/sys/kern/vfs_vnops.c#L2805
>>
>> Stacktrace:
>> syscall
>> syscallenter
>> sys_nmount
>> vfs_donmount
>> vfs_domount
>> vfs_domount_update
>> ffs_mount
>> vfs_write_suspend_umnt
>> vfs_write_suspend
>> ffs_sync
>> softdep_flushworklist
>> VOP_FSYNC
>> vop_stdfsync
>> vn_fsync_buf
>>
>> --
>> Technische Universität Dortmund
>> Alexander Lochmann PGP key: 0xBC3EF6FD
>> Otto-Hahn-Str. 16 phone: +49.231.7556141
>> D-44227 Dortmund fax: +49.231.7556116
>> http://ess.cs.tu-dortmund.de/Staff/al
>>
>
>
>
--
Technische Universität Dortmund
Alexander Lochmann PGP key: 0xBC3EF6FD
Otto-Hahn-Str. 16 phone: +49.231.7556141
D-44227 Dortmund fax: +49.231.7556116
http://ess.cs.tu-dortmund.de/Staff/al
["OpenPGP_signature.asc" (application/pgp-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic