Date: Mon, 19 May 2003 07:35:47 -0700 From: Terry Lambert <tlambert2@mindspring.com> To: Don Lewis <truckman@FreeBSD.org> Cc: current@FreeBSD.org Subject: Re: CFR: fifo_open()/fifo_close() patch Message-ID: <3EC8EBC3.CF5BEF4E@mindspring.com> References: <200305170727.h4H7RjM7059853@gw.catspoiler.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Don Lewis wrote: > On 16 May, Terry Lambert wrote: > > This is actually pretty bogus. All VOP's, except those that > > return (locked) vnodes, or dispose (locked) vnodes that are > > managed by the FS itself, should have locked vnodes. There's > > a nasty race condition that occurs because of the VOP_CLOSE() > > being called without the vnode locked. > > It does look like v_writecount is somewhat inconsistently locked. The > comment in <sys/vnode.h> indicates that it should be protected by the > vnode lock, but some of the INVARIANTS, DIAGNOSTIC, and KASSERT code > protects it with the vnode interlock, and vn_close() totally fails to > protect the manipulation of v_writecount. > > I'd toss in calls to vn_lock() and VOP_UNLOCK(), but it looks like while > most callers of vn_close() call it with the vnode locked, not all do. > I'm not feeling ambitious enough to track them all down. You'd have to modify a lot of FS code, as well, to do that, since they take the lock internal to the VOP_CLOSE code, in many cases. Doesn't make it any less broken, though... -- Terry
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3EC8EBC3.CF5BEF4E>