NetBSD Problem Report #57606

From www@netbsd.org  Wed Sep  6 12:27:59 2023
Return-Path: <www@netbsd.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
	by mollari.NetBSD.org (Postfix) with ESMTPS id ECEF11A9239
	for <gnats-bugs@gnats.NetBSD.org>; Wed,  6 Sep 2023 12:27:58 +0000 (UTC)
Message-Id: <20230906122757.6ECB31A923A@mollari.NetBSD.org>
Date: Wed,  6 Sep 2023 12:27:57 +0000 (UTC)
From: merlin.scholz@tu-dortmund.de
Reply-To: merlin.scholz@tu-dortmund.de
To: gnats-bugs@NetBSD.org
Subject: Missing lock in FFS sync code
X-Send-Pr-Version: www-1.0

>Number:         57606
>Category:       kern
>Synopsis:       Missing lock in FFS sync code
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    kern-bug-people
>State:          closed
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Sep 06 12:30:00 +0000 2023
>Closed-Date:    Thu Dec 07 14:30:38 +0000 2023
>Last-Modified:  Thu Dec 07 14:30:38 +0000 2023
>Originator:     Merlin Scholz
>Release:        10.99.5
>Organization:
TU Dortmund
>Environment:
NetBSD netbsd10 10.99.5 NetBSD 10.99.5 (GENERIC) #5: Mon Aug 21 01:01:48 CEST 2023  smmescho@mars:/home/lab/smmescho/ma/kernel/netbsd/obj/sys/arch/i386/compile/GENERIC i386
>Description:
According to the documentation provided in sys/sys/vnode.h, all vnode members, including v_numoutput, are supposed to be locked through a held v_interlock before being accessed.

This is not the case in /src/sys/ufs/ffs/ffs_vfsops.c#2024, where `ump->um_devvp->v_numoutput > 0` is being checked without prior locking of v_interlock.

The problem should be low-impact, as confirmed in #netbsd-code:
13:52 <@Riastradh> although I guess it's not actually a big issue, because either
13:53 <@Riastradh> (a) ffs_sync is being called concurrently with other file system activity, so new writes can be concurrently triggered anyway, so it doesn't really matter much; or
13:53 <@Riastradh> (b) ffs_sync is being called when the file system is quiesced, in which case it can't change anyway.

This issue has been found by performing lock analysis using LockDoc, see https://doi.org/10.1145/3302424.3303948.
>How-To-Repeat:

>Fix:
Adding the appropriate v_interlock actions in the specified code section should suffice in solving the issue. Since it is not possible to hold v_interlock across vn_lock, the if-statement would have to be split up.

>Release-Note:

>Audit-Trail:
From: Merlin Scholz <merlin.scholz@tu-dortmund.de>
To: gnats-bugs@NetBSD.org
Cc: 
Subject: Re: kern/57606
Date: Thu, 7 Sep 2023 10:12:16 +0200

 The following patch should fix the issue. It has been verified through 
 ATF and LockDoc.


 RCS file: /cvsroot/src/sys/ufs/ffs/ffs_vfsops.c,v
 retrieving revision 1.381
 diff -u -r1.381 ffs_vfsops.c
 --- src/sys/ufs/ffs/ffs_vfsops.c	15 Jun 2023 09:15:54 -0000	1.381
 +++ src/sys/ufs/ffs/ffs_vfsops.c	7 Sep 2023 08:05:06 -0000
 @@ -2021,14 +2021,20 @@
   	/*
   	 * Force stale file system control information to be flushed.
   	 */
 -	if (waitfor != MNT_LAZY && (ump->um_devvp->v_numoutput > 0 ||
 -	    !LIST_EMPTY(&ump->um_devvp->v_dirtyblkhd))) {
 -		vn_lock(ump->um_devvp, LK_EXCLUSIVE | LK_RETRY);
 -		if ((error = VOP_FSYNC(ump->um_devvp, cred,
 -		    (waitfor == MNT_WAIT ? FSYNC_WAIT : 0) | FSYNC_NOLOG,
 -		    0, 0)) != 0)
 -			allerror = error;
 -		VOP_UNLOCK(ump->um_devvp);
 +	if (waitfor != MNT_LAZY) {
 +		bool need_devvp_fsync;
 +		mutex_enter(ump->um_devvp->v_interlock);
 +		need_devvp_fsync = (ump->um_devvp->v_numoutput > 0 ||
 +		    !LIST_EMPTY(&ump->um_devvp->v_dirtyblkhd));
 +		mutex_exit(ump->um_devvp->v_interlock);
 +		if (need_devvp_fsync) {
 +			vn_lock(ump->um_devvp, LK_EXCLUSIVE | LK_RETRY);
 +			if ((error = VOP_FSYNC(ump->um_devvp, cred,
 +			    (waitfor == MNT_WAIT ? FSYNC_WAIT : 0) | FSYNC_NOLOG,
 +			    0, 0)) != 0)
 +				allerror = error;
 +			VOP_UNLOCK(ump->um_devvp);
 +		}
   	}
   #if defined(QUOTA) || defined(QUOTA2)
   	qsync(mp);

From: "Taylor R Campbell" <riastradh@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/57606 CVS commit: src/sys/ufs/ffs
Date: Fri, 8 Sep 2023 23:21:55 +0000

 Module Name:	src
 Committed By:	riastradh
 Date:		Fri Sep  8 23:21:55 UTC 2023

 Modified Files:
 	src/sys/ufs/ffs: ffs_vfsops.c

 Log Message:
 ffs_sync: Avoid unlocked access to v_numoutput/v_dirtyblkhd.

 Found by lockdoc.

 PR kern/57606


 To generate a diff of this commit:
 cvs rdiff -u -r1.381 -r1.382 src/sys/ufs/ffs/ffs_vfsops.c

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

State-Changed-From-To: open->needs-pullups
State-Changed-By: riastradh@NetBSD.org
State-Changed-When: Sat, 09 Sep 2023 21:31:51 +0000
State-Changed-Why:
needs pullups if we want to pacify data race detectors on release branches
(tsan or whatever)


From: "Martin Husemann" <martin@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/57606 CVS commit: [netbsd-10] src/sys/ufs/ffs
Date: Wed, 18 Oct 2023 15:10:41 +0000

 Module Name:	src
 Committed By:	martin
 Date:		Wed Oct 18 15:10:41 UTC 2023

 Modified Files:
 	src/sys/ufs/ffs [netbsd-10]: ffs_vfsops.c

 Log Message:
 Pull up following revision(s) (requested by riastradh in ticket #424):

 	sys/ufs/ffs/ffs_vfsops.c: revision 1.382

 ffs_sync: Avoid unlocked access to v_numoutput/v_dirtyblkhd.

 Found by lockdoc.
 PR kern/57606


 To generate a diff of this commit:
 cvs rdiff -u -r1.378.2.2 -r1.378.2.3 src/sys/ufs/ffs/ffs_vfsops.c

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

State-Changed-From-To: needs-pullups->pending-pullups
State-Changed-By: riastradh@NetBSD.org
State-Changed-When: Tue, 28 Nov 2023 02:50:12 +0000
State-Changed-Why:
pullup-10 #424
pullup-9 #1770
pullup-8 #1921


From: "Martin Husemann" <martin@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/57606 CVS commit: [netbsd-9] src/sys/ufs/ffs
Date: Tue, 28 Nov 2023 13:11:38 +0000

 Module Name:	src
 Committed By:	martin
 Date:		Tue Nov 28 13:11:38 UTC 2023

 Modified Files:
 	src/sys/ufs/ffs [netbsd-9]: ffs_vfsops.c

 Log Message:
 Pull up following revision(s) (requested by riastradh in ticket #1770):

 	sys/ufs/ffs/ffs_vfsops.c: revision 1.382

 ffs_sync: Avoid unlocked access to v_numoutput/v_dirtyblkhd.

 Found by lockdoc.

 PR kern/57606


 To generate a diff of this commit:
 cvs rdiff -u -r1.362 -r1.362.2.1 src/sys/ufs/ffs/ffs_vfsops.c

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

From: "Martin Husemann" <martin@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/57606 CVS commit: [netbsd-8] src/sys/ufs/ffs
Date: Tue, 28 Nov 2023 13:13:29 +0000

 Module Name:	src
 Committed By:	martin
 Date:		Tue Nov 28 13:13:29 UTC 2023

 Modified Files:
 	src/sys/ufs/ffs [netbsd-8]: ffs_vfsops.c

 Log Message:
 Pull up following revision(s) (requested by riastradh in ticket #1921):

 	sys/ufs/ffs/ffs_vfsops.c: revision 1.382

 ffs_sync: Avoid unlocked access to v_numoutput/v_dirtyblkhd.

 Found by lockdoc.

 PR kern/57606


 To generate a diff of this commit:
 cvs rdiff -u -r1.353.4.2 -r1.353.4.3 src/sys/ufs/ffs/ffs_vfsops.c

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

State-Changed-From-To: pending-pullups->closed
State-Changed-By: riastradh@NetBSD.org
State-Changed-When: Thu, 07 Dec 2023 14:30:38 +0000
State-Changed-Why:
fixed and pulled up to 10, 9, 8


>Unformatted:

NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.47 2022/09/11 19:34:41 kim Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2023 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.