Page MenuHomeFreeBSD
Differential D21411

vfs: stop refing freed mount points in vop_stdgetwritemount
ClosedPublic
Actions

Authored by mjg on Aug 25 2019, 4:24 AM.
Tags
None
Referenced Files
Unknown Object (File)
Fri, Jun 14, 1:21 AM
Unknown Object (File)
Mar 7 2024, 11:36 PM
Unknown Object (File)
Mar 6 2024, 7:24 AM
Unknown Object (File)
Dec 22 2023, 11:48 PM
Unknown Object (File)
Dec 18 2023, 1:31 AM
Unknown Object (File)
Dec 10 2023, 11:16 PM
Unknown Object (File)
Nov 23 2023, 1:34 PM
Unknown Object (File)
Nov 10 2023, 9:52 AM
View All 25 Files
Subscribers
imp

Details

Reviewers
kib
Commits
rS351656: vfs: stop refing freed mount points in vop_stdgetwritemount
Summary

The address is read without any locks held and can be stale. This alone is not a big problem since mounts are type-stable. However, changing the refcount can possibly mess with the structure after it got reassigned for another mount point (which also clears the count). Moreover the current code makes it impossible to ensure everyone is done with the mount point at least in terms of modifying it (excluding locking).

This will be of significance with other patches.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

mjg created this revision.Aug 25 2019, 4:24 AM
Herald added a subscriber: imp. · View Herald TranscriptAug 25 2019, 4:24 AM
Harbormaster completed remote builds in B26092: Diff 61251.Aug 25 2019, 4:24 AM
mjg mentioned this in D21425: vfs: manage mnt_ref with atomics.Aug 26 2019, 11:08 PM
kib added inline comments.Aug 29 2019, 8:57 PM
sys/kern/vfs_default.c
597 ↗(On Diff #61251)

So what about this comment ?

mjg added inline comments.Aug 29 2019, 9:37 PM
sys/kern/vfs_default.c
597 ↗(On Diff #61251)

Caller-visible state is roughly the same in that the mount point is either NULL or what was found at the time, but it can be stale. So the comment can be reworded to be clear or removed altogether. I don't think it is that useful in the first place as the only real consumer drops the vnode interlock anyway again making the vnode suspetible to losing the mp.

kib added inline comments.Aug 30 2019, 2:08 PM
sys/kern/vfs_default.c
597 ↗(On Diff #61251)

Can it be ? Now that you both ref and check vp->v_mount under the mnt lock, I suspect that the vnode cannot be removed from the mnt queue behind us, and then the mp cannot be reused since we keep the reference.

mjg added inline comments.Aug 30 2019, 4:10 PM
sys/kern/vfs_default.c
597 ↗(On Diff #61251)
  • original code refs in a very racy manner possibly having to backpedal from it - this is taken care of
  • even with reference taken the vnode mount point can still be changed to NULL, therefore a refed (but stale) mount can still be returned

I think the comment was stating both of these, with the first no longer being the case.

So how about either removing this comment altogether or replacing it with +/-:

/*
 * Note that despite the reference held ->v_mount can still become NULL after drop
 * the lock because of forced unmount, which is not a problem.
 */
kib added inline comments.Aug 31 2019, 3:19 PM
sys/kern/vfs_default.c
597 ↗(On Diff #61251)

This is better. For the case 2, it was possible that mp was reused for different mount, which is not allowed after you added the lock. It can only be that the vnode is reclaimed and no longer associated with the mp, but mp cannot be reused for anything yet.

mjg added inline comments.Aug 31 2019, 4:46 PM
sys/kern/vfs_default.c
597 ↗(On Diff #61251)

yes, but that's in part what backpedalling was for

So how about this:

Note that having a reference does not prevent forced unmount from setting ->v_mount to NULL after the lock gets release.
kib accepted this revision.Aug 31 2019, 5:54 PM
kib added inline comments.
sys/kern/vfs_default.c
597 ↗(On Diff #61251)

It is still somewhat implicit, by describing what does occur (and which is relatively obvious), instead of describing what consequences the consumer should cope with.

This revision is now accepted and ready to land.Aug 31 2019, 5:54 PM
mjg added inline comments.Aug 31 2019, 11:27 PM
sys/kern/vfs_default.c
597 ↗(On Diff #61251)

Ok, how about this:

Note that having a reference does not prevent forced unmount from setting ->v_mount to NULL after the lock gets released. This is of no consequence for typical consumers (most notably vn_start_write) since the in this case the vnode is VI_DOOMED. The only thing to do is to unref the returned moint point (if any).
kib added inline comments.Sep 1 2019, 8:52 AM
sys/kern/vfs_default.c
597 ↗(On Diff #61251)

... the vnode is VI_DOOMED, and the mount point itself is at some stage of unmount.

mjg added a comment.EditedSep 1 2019, 9:31 AM
Note that having a reference does not prevent forced unmount from setting ->v_mount to NULL after the lock gets released. This is of no consequence for typical consumers (most notably vn_start_write) since in this case the vnode is VI_DOOMED. Unmount might have progressed far enough that its completion is only delayed by the reference obtained here. The consumer only needs to concern itself with dropping it.
Closed by commit rS351656: vfs: stop refing freed mount points in vop_stdgetwritemount (authored by mjg). · Explain WhySep 1 2019, 2:01 PM
This revision was automatically updated to reflect the committed changes.
mjg added a commit: rS351656: vfs: stop refing freed mount points in vop_stdgetwritemount.

Revision Contents
Changeset List

PathSize
head/
sys/
kern/
30 lines

Diff 61526

View Options

head/sys/kern/vfs_default.c

Loading...