Date: Sun, 23 Jul 2023 13:03:32 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 272678] VFS: Incorrect data in read from concurrent write Message-ID: <bug-272678-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D272678 Bug ID: 272678 Summary: VFS: Incorrect data in read from concurrent write Product: Base System Version: 13.2-RELEASE Hardware: amd64 OS: Any Status: New Severity: Affects Some People Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: knielsen@knielsen-hq.org Attachment #243566 text/plain mime type: Created attachment 243566 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D243566&action= =3Dedit C test program to trigger the bug A read(2) system call on a file can read incorrect data when run concurrently with a write(2) that appends to the file. The attached test program demonstrates this: sudo mount -t tmpfs tmpfs /tmp cd /tmp ./test_concurrent_read_write2 ERROR! invalid value read 0x 0 at 343 of 387, pos 387 It's a race, seems to need a couple hundred iterations to provoke the bug (it defaults to 1000 iterations). When the bug happens, the read() sees the length of the file as including the data from the concurrent write(), but the read data is incorrect (all zeros in my tests). This was reproduced with FreeBSD 13.0, 13.2, and 14-current. It is reproducable on tmpfs with default settings. It can reportedly be reproduced on ufs filesystems by disabling vn_io_fault and enablint vn_io_pgcache_read_enable. A work-around is: sysctl debug.vn_io_pgcache_read_enable=3D0 --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-272678-227>