From owner-freebsd-current Wed Aug 26 05:42:51 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id FAA23246 for freebsd-current-outgoing; Wed, 26 Aug 1998 05:42:51 -0700 (PDT) (envelope-from owner-freebsd-current@FreeBSD.ORG) Received: from lor.watermarkgroup.com (lor.watermarkgroup.com [207.202.73.33]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id FAA23241 for ; Wed, 26 Aug 1998 05:42:49 -0700 (PDT) (envelope-from luoqi@watermarkgroup.com) Received: (from luoqi@localhost) by lor.watermarkgroup.com (8.8.8/8.8.8) id IAA04095 for current@freebsd.org; Wed, 26 Aug 1998 08:35:48 -0400 (EDT) (envelope-from luoqi) Date: Wed, 26 Aug 1998 08:35:48 -0400 (EDT) From: Luoqi Chen Message-Id: <199808261235.IAA04095@lor.watermarkgroup.com> To: current@FreeBSD.ORG Subject: possible race window for getblk? Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG In function getblk(), there is a check after getnewbuf() call to make sure there is no other buffer created when getnewbuf() is blocked: (vfs_bio.c) if ((bp = getnewbuf(vp, blkno, slpflag, slptimeo, size, maxsize)) == 0) { if (slpflag || slptimeo) { splx(s); return NULL; } goto loop; } /* * This code is used to make sure that a buffer is not * created while the getnewbuf routine is blocked. * Normally the vnode is locked so this isn't a problem. * VBLK type I/O requests, however, don't lock the vnode. */ if (!VOP_ISLOCKED(vp) && gbincore(vp, blkno)) { bp->b_flags |= B_INVAL; brelse(bp); goto loop; } The problem with this check is, reads only hold shared lock on the vnode, thus the vnode lock won't prevent two reads from successfully creating two new buffers at the same block offset. This check should be extended to shared lock: if (VOP_ISLOCKED(vp) != LK_EXCLUSIVE && gbincore(vp, blkno)) { bp->b_flags |= B_INVAL; brelse(bp); goto loop; } -lq To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message