[struct mount] Unprotected access to mnt_secondary_writes
Konstantin Belousov
kostikbel at gmail.com
Thu Apr 8 22:02:49 UTC 2021
On Thu, Apr 08, 2021 at 05:47:57PM +0200, Alexander Lochmann wrote:
> Hi folks!
>
> According to the documentation [1], and to our findings, mnt_mtx is used to
> protect mnt_secondary_writes in struct mount.
> However, our data shows that it is accessed in vn_fsync_buf() [2] without
> the mnt_mtx lock. I attached the stack trace at the end of this mail.
> Our data shows as well that the vnode.v_lock and the vnode.v_bufobj.bo_lock
> are being held.
> Is this a valid access that ignores the locking on purpose?
You mean this line:
if ((mp != NULL && mp->mnt_secondary_writes > 0) ||
It is read access and the possible race is innocent.
> Or is it a bug?
>
> Regards,
> Alex
>
> [1] https://github.com/freebsd/freebsd-src/blob/main/sys/sys/mount.h#L236
> [2]
> https://github.com/freebsd/freebsd-src/blob/main/sys/kern/vfs_vnops.c#L2805
>
> Stacktrace:
> syscall
> syscallenter
> sys_nmount
> vfs_donmount
> vfs_domount
> vfs_domount_update
> ffs_mount
> vfs_write_suspend_umnt
> vfs_write_suspend
> ffs_sync
> softdep_flushworklist
> VOP_FSYNC
> vop_stdfsync
> vn_fsync_buf
>
> --
> Technische Universität Dortmund
> Alexander Lochmann PGP key: 0xBC3EF6FD
> Otto-Hahn-Str. 16 phone: +49.231.7556141
> D-44227 Dortmund fax: +49.231.7556116
> http://ess.cs.tu-dortmund.de/Staff/al
>
More information about the freebsd-fs
mailing list