Re: Various unprotected accesses to buf and vnode

From: Alexander Lochmann <alexander.lochmann_at_tu-dortmund.de>
Date: Wed, 1 Sep 2021 15:10:53 +0200
On 31.08.21 16:44, Konstantin Belousov wrote:
>> So in all of those call sequences the buffer lock is not acquired.
>> However, I'd not rule out that our tooling could be broken as well.
> Buffer is locked inside UFS_BALLOC(), which returns it to the ffs_write()
> use.
I took a deep dive into our data, and had a closer look at two samples.
In both cases the b_lock is not acquired.

Since the debug information seems to be damaged, I had to use 'objdump
-S' to translate the pc of the unguarded memory access to a source code
position.
It seems to be vp->v_lasta = bp->b_blkno; in
https://thasos.cs.tu-dortmund.de/freebsd-lockdoc/lockdoc-v13.0-0.6/source/sys/kern/vfs_cluster.c#L802.

It was release in binsfree() and bq_insert():
https://thasos.cs.tu-dortmund.de/freebsd-lockdoc/latest/source/sys/kern/vfs_bio.c#L1537
https://thasos.cs.tu-dortmund.de/freebsd-lockdoc/latest/source/sys/kern/vfs_bio.c#L1977

Right before the entry that records the unlock, there was a memory
access recorded including the stracketrace. I assume that memory access
belongs to the unlock operation, and translated the stacktrace.
For binsfree():
/opt/kernel/freebsd/src/sys/sys/lockdoc.h:104
/opt/kernel/freebsd/src/sys/kern/kern_lock.c:247
 (inlined by) /opt/kernel/freebsd/src/sys/kern/kern_lock.c:1408
/opt/kernel/freebsd/src/sys/sys/lockmgr.h:107
 (inlined by) /opt/kernel/freebsd/src/sys/kern/vfs_bio.c:1537
/opt/kernel/freebsd/src/sys/kern/vfs_bio.c:2437
/opt/kernel/freebsd/src/sys/kern/vfs_cluster.c:775
/opt/kernel/freebsd/src/sys/ufs/ffs/ffs_vnops.c:894
/opt/kernel/freebsd/obj/lockdoc-kernproc/vnode_if.c:1108
/opt/kernel/freebsd/obj/lockdoc-kernproc/./vnode_if.h:569
 (inlined by) /opt/kernel/freebsd/src/sys/kern/vfs_vnops.c:1093
/opt/kernel/freebsd/src/sys/kern/vfs_vnops.c:1158
/opt/kernel/freebsd/src/sys/kern/vfs_vnops.c:1276
/opt/kernel/freebsd/src/sys/kern/vfs_vnops.c:1398
/opt/kernel/freebsd/src/sys/sys/file.h:327
 (inlined by) /opt/kernel/freebsd/src/sys/kern/sys_generic.c:564
/opt/kernel/freebsd/src/sys/kern/sys_generic.c:491
/opt/kernel/freebsd/src/sys/i386/i386/../../kern/subr_syscall.c:189

For bq_insert():
/opt/kernel/freebsd/src/sys/sys/lockdoc.h:104
/opt/kernel/freebsd/src/sys/kern/kern_lock.c:247
 (inlined by) /opt/kernel/freebsd/src/sys/kern/kern_lock.c:1408
/opt/kernel/freebsd/src/sys/sys/lockmgr.h:107
 (inlined by) /opt/kernel/freebsd/src/sys/kern/vfs_bio.c:1977
/opt/kernel/freebsd/src/sys/kern/vfs_bio.c:1552
/opt/kernel/freebsd/src/sys/kern/vfs_bio.c:2437
/opt/kernel/freebsd/src/sys/kern/vfs_cluster.c:775
/opt/kernel/freebsd/src/sys/ufs/ffs/ffs_vnops.c:894
/opt/kernel/freebsd/obj/lockdoc-kernproc/vnode_if.c:1108
/opt/kernel/freebsd/obj/lockdoc-kernproc/./vnode_if.h:569
 (inlined by) /opt/kernel/freebsd/src/sys/kern/vfs_vnops.c:1093
/opt/kernel/freebsd/src/sys/kern/vfs_vnops.c:1158
/opt/kernel/freebsd/src/sys/kern/vfs_vnops.c:1276
/opt/kernel/freebsd/src/sys/kern/vfs_vnops.c:1398
/opt/kernel/freebsd/src/sys/sys/file.h:327
 (inlined by) /opt/kernel/freebsd/src/sys/kern/sys_generic.c:564
/opt/kernel/freebsd/src/sys/kern/sys_generic.c:491
/opt/kernel/freebsd/src/sys/i386/i386/../../kern/subr_syscall.c:189

> Read e.g. sys/ufs/ufs/inode.h gerald comment above struct inode definition.
> It provides more detailed exposure.
Aaah. Thx. This is about the struct inode. So I assume it also applies
for a vnode belonging to an inode. Am I right?> Vnode lock is a lock
obtained with vn_lock().  It is up to filesystem
> to implement VOP_LOCK() which locks the vnode.
> 
> Default VOP_LOCK() locks vp->v_vnlock, which again by default points
> to &vp->v_lock.
> 
> There are several special cases.  For instance, for FFS and snapshot vnodes,
> v_vnlock points to the snapdata->sn_lock (snapdata is unique per FFS mount).
> For nullfs non-reclaimed vnodes, v_vnlock points to the lower vnode lock.
> 
Thx! Is this written down somewhere?

-- 
Technische Universit├Ąt Dortmund
Alexander Lochmann                PGP key: 0xBC3EF6FD
Otto-Hahn-Str. 16                 phone:  +49.231.7556141
D-44227 Dortmund                  fax:    +49.231.7556116
http://ess.cs.tu-dortmund.de/Staff/al


Received on Wed Sep 01 2021 - 13:10:53 UTC

Original text of this message