Date: Fri, 9 Apr 2021 01:02:33 +0300 From: Konstantin Belousov <kostikbel@gmail.com> To: Alexander Lochmann <alexander.lochmann@tu-dortmund.de> Cc: freebsd-fs <freebsd-fs@freebsd.org> Subject: Re: [struct mount] Unprotected access to mnt_secondary_writes Message-ID: <YG99ecPrPeom/sGw@kib.kiev.ua> In-Reply-To: <5d5cf8de-a262-f6f3-ee0c-6b7ff1a0f095@tu-dortmund.de> References: <5d5cf8de-a262-f6f3-ee0c-6b7ff1a0f095@tu-dortmund.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Apr 08, 2021 at 05:47:57PM +0200, Alexander Lochmann wrote: > Hi folks! > > According to the documentation [1], and to our findings, mnt_mtx is used to > protect mnt_secondary_writes in struct mount. > However, our data shows that it is accessed in vn_fsync_buf() [2] without > the mnt_mtx lock. I attached the stack trace at the end of this mail. > Our data shows as well that the vnode.v_lock and the vnode.v_bufobj.bo_lock > are being held. > Is this a valid access that ignores the locking on purpose? You mean this line: if ((mp != NULL && mp->mnt_secondary_writes > 0) || It is read access and the possible race is innocent. > Or is it a bug? > > Regards, > Alex > > [1] https://github.com/freebsd/freebsd-src/blob/main/sys/sys/mount.h#L236 > [2] > https://github.com/freebsd/freebsd-src/blob/main/sys/kern/vfs_vnops.c#L2805 > > Stacktrace: > syscall > syscallenter > sys_nmount > vfs_donmount > vfs_domount > vfs_domount_update > ffs_mount > vfs_write_suspend_umnt > vfs_write_suspend > ffs_sync > softdep_flushworklist > VOP_FSYNC > vop_stdfsync > vn_fsync_buf > > -- > Technische Universität Dortmund > Alexander Lochmann PGP key: 0xBC3EF6FD > Otto-Hahn-Str. 16 phone: +49.231.7556141 > D-44227 Dortmund fax: +49.231.7556116 > http://ess.cs.tu-dortmund.de/Staff/al >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?YG99ecPrPeom/sGw>