[struct buf] Unlocked access to b_vflags?
Konstantin Belousov
kostikbel at gmail.com
Mon Apr 19 20:00:11 UTC 2021
On Mon, Apr 19, 2021 at 09:43:47PM +0200, Alexander Lochmann wrote:
> Out of curiosity: What's the path from function entry to the access in line
> 759?
> The lock is acquired upon function entry in line 7197, and never released
> afterwards (except for the lines 7212 and 7217).
The bufobj mutex is interlocked with the buffer locks. Basically, each
time LK_INTERLOCK is used, the bo_lock is dropped.
Or do you ask about something else?
>
> - Alex
>
> On 13.04.21 12:25, Konstantin Belousov wrote:
> > On Mon, Apr 12, 2021 at 11:19:05PM +0200, Alexander Lochmann wrote:
> > > Hi folks,
> > >
> > > I'm was digging through our data set when I encountered a strange situation:
> > > According to the code in trunc_dependencies() in sys/ufs/ffs/ffs_softdep.c,
> > > the bo_lock should be held. At least that's how I read the code.
> > > However, we see several thousands of accesses to b_vflags without the
> > > bo_lock held.
> > > At least the own b_lock is acquired.
> > > The access happens in line 7549: bp->b_vflags |= BV_SCANNED; [1]
> > > Can you please shed some light on this situation?
> > > Is the b_lock sufficeint, and somehow overrules the bo_lock?
> > > Am I missing something?
> > I think you found a valid race. There is one more place where BV_SCANNED
> > was manipulated without owning bufobj lock. Patch below should fix both.
> >
> > commit a678470b1307542c5a46b930c119b2358863e0d2
> > Author: Konstantin Belousov <kib at FreeBSD.org>
> > Date: Tue Apr 13 13:22:56 2021 +0300
> >
> > b_vflags update requries bufobj lock
> > Reported by: Alexander Lochmann <alexander.lochmann at tu-dortmund.de> (trunc_dependencies())
> >
> > diff --git a/sys/ufs/ffs/ffs_softdep.c b/sys/ufs/ffs/ffs_softdep.c
> > index 0091b5dcd3b8..23c0cf6e128b 100644
> > --- a/sys/ufs/ffs/ffs_softdep.c
> > +++ b/sys/ufs/ffs/ffs_softdep.c
> > @@ -7546,7 +7546,9 @@ trunc_dependencies(ip, freeblks, lastlbn, lastoff, flags)
> > BO_LOCK(bo);
> > goto cleanrestart;
> > }
> > + BO_LOCK(bo);
> > bp->b_vflags |= BV_SCANNED;
> > + BO_UNLOCK(bo);
> > bremfree(bp);
> > if (blkoff != 0) {
> > allocbuf(bp, blkoff);
> > diff --git a/sys/ufs/ffs/ffs_vnops.c b/sys/ufs/ffs/ffs_vnops.c
> > index dc638595eb7b..05eb19c0ee13 100644
> > --- a/sys/ufs/ffs/ffs_vnops.c
> > +++ b/sys/ufs/ffs/ffs_vnops.c
> > @@ -321,8 +321,9 @@ ffs_syncvnode(struct vnode *vp, int waitfor, int flags)
> > if (BUF_LOCK(bp,
> > LK_EXCLUSIVE | LK_SLEEPFAIL | LK_INTERLOCK,
> > BO_LOCKPTR(bo)) != 0) {
> > + BO_LOCK(bo);
> > bp->b_vflags &= ~BV_SCANNED;
> > - goto next;
> > + goto next_locked;
> > }
> > } else
> > continue;
> > @@ -385,6 +386,7 @@ ffs_syncvnode(struct vnode *vp, int waitfor, int flags)
> > * to start from a known point.
> > */
> > BO_LOCK(bo);
> > +next_locked:
> > nbp = TAILQ_FIRST(&bo->bo_dirty.bv_hd);
> > }
> > if (waitfor != MNT_WAIT) {
> >
>
> --
> Technische Universität Dortmund
> Alexander Lochmann PGP key: 0xBC3EF6FD
> Otto-Hahn-Str. 16 phone: +49.231.7556141
> D-44227 Dortmund fax: +49.231.7556116
> http://ess.cs.tu-dortmund.de/Staff/al
>
More information about the freebsd-fs
mailing list