From nobody Tue Aug 31 08:59:26 2021
X-Original-To: freebsd-fs@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id EA1A717A99F3
	for <freebsd-fs@mlmmj.nyi.freebsd.org>; Tue, 31 Aug 2021 08:59:34 +0000 (UTC)
	(envelope-from alexander.lochmann@tu-dortmund.de)
Received: from unimail.uni-dortmund.de (mx1.hrz.uni-dortmund.de [129.217.128.51])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "unimail.tu-dortmund.de", Issuer "DFN-Verein Global Issuing CA" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4GzLjL0m2rz3D6t
	for <freebsd-fs@freebsd.org>; Tue, 31 Aug 2021 08:59:33 +0000 (UTC)
	(envelope-from alexander.lochmann@tu-dortmund.de)
Received: from [192.168.113.101] ([129.217.43.48])
	(authenticated bits=0)
	by unimail.uni-dortmund.de (8.17.1/8.17.1) with ESMTPSA id 17V8xQfr017384
	(version=TLSv1.3 cipher=TLS_AES_128_GCM_SHA256 bits=128 verify=NOT);
	Tue, 31 Aug 2021 10:59:26 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tu-dortmund.de;
	s=unimail; t=1630400366;
	bh=IWuUAcYiVcgyYgbLdgbVnPiqF4v0tjZU89uvo5NzNYc=;
	h=To:Cc:References:From:Subject:Date:In-Reply-To;
	b=Fq6BO2s25t4RM4fJllZU7lRqq45DL7F8kJrwmJdvkSec2hOdeRlCf3QCzKRzdUA6m
	 SEO3BuRoDGJk8KmW7RinkXCtduPUEMjY8q3q318X7F24ZgQjp62ahWLSFf/fTstvEW
	 kGvTwC+9M67z93HdOUxTgy2plXvPsjxmBPWiqXzo=
To: Konstantin Belousov <kostikbel@gmail.com>
Cc: freebsd-fs <freebsd-fs@freebsd.org>,
        Horst Schirmeier <horst@schirmeier.de>
References: <55f3661e-2173-793e-4834-bbcd79d3d99e@tu-dortmund.de>
 <YSkxgXyXZfNvrXA/@kib.kiev.ua>
 <380bdcc8-bede-2a64-8e5e-031552231d82@tu-dortmund.de>
 <YSqhe3WI8dVvUq7g@kib.kiev.ua>
 <46649402-d28a-6f81-f0a8-39180b681f4c@tu-dortmund.de>
 <YSq42Cb48SMv+sIO@kib.kiev.ua>
From: Alexander Lochmann <alexander.lochmann@tu-dortmund.de>
Subject: Re: Various unprotected accesses to buf and vnode
Message-ID: <e50f4583-5150-a162-e188-7207e5e7eb61@tu-dortmund.de>
Date: Tue, 31 Aug 2021 10:59:26 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
 Thunderbird/78.13.0
List-Id: Filesystems <freebsd-fs.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-fs
List-Help: <mailto:freebsd-fs+help@freebsd.org>
List-Post: <mailto:freebsd-fs@freebsd.org>
List-Subscribe: <mailto:freebsd-fs+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-fs+unsubscribe@freebsd.org>
Sender: owner-freebsd-fs@freebsd.org
MIME-Version: 1.0
In-Reply-To: <YSq42Cb48SMv+sIO@kib.kiev.ua>
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature";
 boundary="TrAMUIRx3yG1tw1cZYcEB1sM5XQ6fCWrv"
X-Rspamd-Queue-Id: 4GzLjL0m2rz3D6t
X-Spamd-Bar: -------
Authentication-Results: mx1.freebsd.org;
	dkim=pass header.d=tu-dortmund.de header.s=unimail header.b=Fq6BO2s2;
	dmarc=none;
	spf=pass (mx1.freebsd.org: domain of alexander.lochmann@tu-dortmund.de designates 129.217.128.51 as permitted sender) smtp.mailfrom=alexander.lochmann@tu-dortmund.de
X-Spamd-Result: default: False [-7.30 / 15.00];
	 RCVD_VIA_SMTP_AUTH(0.00)[];
	 RWL_MAILSPIKE_GOOD(0.00)[129.217.128.51:from];
	 R_SPF_ALLOW(-0.20)[+ip4:129.217.128.0/24];
	 HAS_ATTACHMENT(0.00)[];
	 RCVD_DKIM_ARC_DNSWL_MED(-0.50)[];
	 TO_DN_ALL(0.00)[];
	 RCVD_IN_DNSWL_MED(-0.20)[129.217.128.51:from];
	 DKIM_TRACE(0.00)[tu-dortmund.de:+];
	 NEURAL_HAM_SHORT(-1.00)[-1.000];
	 SIGNED_PGP(-2.00)[];
	 FREEMAIL_TO(0.00)[gmail.com];
	 FROM_EQ_ENVFROM(0.00)[];
	 MIME_TRACE(0.00)[0:+,1:+,2:+,3:~];
	 ASN(0.00)[asn:680, ipnet:129.217.0.0/16, country:DE];
	 MID_RHS_MATCH_FROM(0.00)[];
	 ARC_NA(0.00)[];
	 NEURAL_HAM_MEDIUM(-1.00)[-1.000];
	 R_DKIM_ALLOW(-0.20)[tu-dortmund.de:s=unimail];
	 FROM_HAS_DN(0.00)[];
	 RCPT_COUNT_THREE(0.00)[3];
	 NEURAL_HAM_LONG(-1.00)[-1.000];
	 MIME_GOOD(-0.20)[multipart/signed,multipart/mixed,text/plain];
	 DMARC_NA(0.00)[tu-dortmund.de];
	 DWL_DNSWL_LOW(-1.00)[tu-dortmund.de:dkim];
	 TO_MATCH_ENVRCPT_SOME(0.00)[];
	 RCVD_COUNT_TWO(0.00)[2];
	 RCVD_TLS_ALL(0.00)[]
X-ThisMailContainsUnwantedMimeParts: N

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--TrAMUIRx3yG1tw1cZYcEB1sM5XQ6fCWrv
Content-Type: multipart/mixed; boundary="kshoIbYCUKWHwEeU7Nzqi78mBDHA0VuOS";
 protected-headers="v1"
From: Alexander Lochmann <alexander.lochmann@tu-dortmund.de>
To: Konstantin Belousov <kostikbel@gmail.com>
Cc: freebsd-fs <freebsd-fs@freebsd.org>,
 Horst Schirmeier <horst@schirmeier.de>
Message-ID: <e50f4583-5150-a162-e188-7207e5e7eb61@tu-dortmund.de>
Subject: Re: Various unprotected accesses to buf and vnode
References: <55f3661e-2173-793e-4834-bbcd79d3d99e@tu-dortmund.de>
 <YSkxgXyXZfNvrXA/@kib.kiev.ua>
 <380bdcc8-bede-2a64-8e5e-031552231d82@tu-dortmund.de>
 <YSqhe3WI8dVvUq7g@kib.kiev.ua>
 <46649402-d28a-6f81-f0a8-39180b681f4c@tu-dortmund.de>
 <YSq42Cb48SMv+sIO@kib.kiev.ua>
In-Reply-To: <YSq42Cb48SMv+sIO@kib.kiev.ua>

--kshoIbYCUKWHwEeU7Nzqi78mBDHA0VuOS
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable

On 29.08.21 00:29, Konstantin Belousov wrote:
> Ok, I see some call sequences (?), but again all of them are ffs_write(=
)
> (one is ext2_write) calling into cluster_write().  There the buffer loc=
k
> is owned.
>=20
> Show me the specific call sequence where it is not.
Who owns the buffer lock at that point? Has its ownership been
transferred to the kernel?
Do you know where the buffer lock is acquired?

According to our data, the buffer lock of the current accessed buffer is
not owned. Otherwise, there would an entry like this
'EMBSAME(buf.b_lock[w])'.
So in all of those call sequences the buffer lock is not acquired.
However, I'd not rule out that our tooling could be broken as well.

> Ah, yes, the calls from lookup and open would be with the shared lock.
> Still, we lock the vnode interlock to avoid double-allocating the v_obj=
ect
> object, so it is fine.  Some mode of the vnode lock is required nonethe=
less,
> because otherwise we might miss reclaim which guarantees that v_object =

> is freed.
>=20
I see. Does this rule apply to all fields for which the vnode lock is
the designated lock?
=46rom a different angle:
The documentation says about bo_object: ''v' is the vnode lock which
embeds the bufobj.'.
Does 'the vnode lock' mean a specific lock, or a group of locks?

--=20
Technische Universit=C3=A4t Dortmund
Alexander Lochmann                PGP key: 0xBC3EF6FD
Otto-Hahn-Str. 16                 phone:  +49.231.7556141
D-44227 Dortmund                  fax:    +49.231.7556116
http://ess.cs.tu-dortmund.de/Staff/al


--kshoIbYCUKWHwEeU7Nzqi78mBDHA0VuOS--

--TrAMUIRx3yG1tw1cZYcEB1sM5XQ6fCWrv
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature"

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEElhZsUHzVP0dbkjCRWT7tBbw+9v0FAmEt724FAwAAAAAACgkQWT7tBbw+9v1b
xRAAqUWm+2aCjYoj0iNxaI4E9njrOPn6IQbWgtggp3wmqUq8csTvwyTEiBXtrJGFDwL62B0M4m9C
jjCvGZsIAXW5+VGy5B8CZQ2FzasC2L6GamLejjLAFIhG5fSDpjVCNU9DipdziLPutK+CQcL4/9Xi
U9iyAmGwIdt8ps4FE7sKS0gD3ndvYUHbZZOtn2lPlxZNIpnd7xaQJuSFpMaFW8RVE1cm4ZYtVvle
Ylh5lTkjehogSzFhV6Wv2pMTubX+j4N7JvOE9nZKh8iHc0kuKmF5HNXW5d3vesuIJNAK0Wg5ZKDu
9072JrhnE6Ll6DNySXRBTXFQMDwt4YDT9yt1wE8d4yS+OfAu7c8O2Bs/taNpiJ057fw0odmi1/jK
CUu+5Urvix6mnmcJrdeYV1wBer2o2Wm6Irm2Qm4wZ3ouaxi/MkJKGkSPtwhh9SoG2eMx4jY4a+Eg
O9zFdHiKsI+rfr9sQytn7avmMIgPCep6oDMe44x8/jF2V+DULm1lAZzvsQyRxAoDenGzQ0BiDib9
NpqiGLTUScKRcOsTxnoQ/5zMayvbODwnKyEDAlmWvMXmUbDvc1e0Vw38ucBWYdZmRGc11aKwC/zw
+8jiDKhjD2z7e3BTeTN8Kc8q/CTFboumbaHv299ZqeC29iQIVAnQNEkp3xZQ/z/JHmaW9LWaioxO
9BQ=
=bTT2
-----END PGP SIGNATURE-----

--TrAMUIRx3yG1tw1cZYcEB1sM5XQ6fCWrv--