Date: Sat, 17 May 2003 00:27:45 -0700 (PDT) From: Don Lewis <truckman@FreeBSD.org> To: tlambert2@mindspring.com Cc: current@FreeBSD.org Subject: Re: CFR: fifo_open()/fifo_close() patch Message-ID: <200305170727.h4H7RjM7059853@gw.catspoiler.org> In-Reply-To: <3EC5BFF2.9359D22F@mindspring.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 16 May, Terry Lambert wrote: > > > Don Lewis wrote: >> >> There are a few problems in the fifo_open() and fifo_close() >> implementations. >> >> fifo_open() calls VOP_CLOSE() with the vnode locked, whereas >> VOP_CLOSE() should be called with the vnode unlocked. > > This is actually pretty bogus. All VOP's, except those that > return (locked) vnodes, or dispose (locked) vnodes that are > managed by the FS itself, should have locked vnodes. There's > a nasty race condition that occurs because of the VOP_CLOSE() > being called without the vnode locked. It does look like v_writecount is somewhat inconsistently locked. The comment in <sys/vnode.h> indicates that it should be protected by the vnode lock, but some of the INVARIANTS, DIAGNOSTIC, and KASSERT code protects it with the vnode interlock, and vn_close() totally fails to protect the manipulation of v_writecount. I'd toss in calls to vn_lock() and VOP_UNLOCK(), but it looks like while most callers of vn_close() call it with the vnode locked, not all do. I'm not feeling ambitious enough to track them all down.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200305170727.h4H7RjM7059853>