[Bug 272678] VFS: Incorrect data in read from concurrent write

Reply: bugzilla-noreply_a_freebsd.org: "[Bug 272678] VFS: Incorrect data in read from concurrent write"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 272678] VFS: Incorrect data in read from concurrent write"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Sun, 23 Jul 2023 13:03:32 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=272678

            Bug ID: 272678
           Summary: VFS: Incorrect data in read from concurrent write
           Product: Base System
           Version: 13.2-RELEASE
          Hardware: amd64
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: kern
          Assignee: bugs@FreeBSD.org
          Reporter: knielsen@knielsen-hq.org
 Attachment #243566 text/plain
         mime type:

Created attachment 243566
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=243566&action=edit
C test program to trigger the bug

A read(2) system call on a file can read incorrect data when run
concurrently with a write(2) that appends to the file.

The attached test program demonstrates this:

  sudo mount -t tmpfs tmpfs /tmp
  cd /tmp
  ./test_concurrent_read_write2
ERROR! invalid value read 0x 0 at 343 of 387, pos 387

It's a race, seems to need a couple hundred iterations to provoke the bug
(it defaults to 1000 iterations). When the bug happens, the read() sees the
length of the file as including the data from the concurrent write(), but
the read data is incorrect (all zeros in my tests).

This was reproduced with FreeBSD 13.0, 13.2, and 14-current.
It is reproducable on tmpfs with default settings.
It can reportedly be reproduced on ufs filesystems by disabling vn_io_fault
and enablint vn_io_pgcache_read_enable.
A work-around is: sysctl debug.vn_io_pgcache_read_enable=0

-- 
You are receiving this mail because:
You are the assignee for the bug.