Page MenuHomeFreeBSD
Differential D38557

tmpfs_rename(): fix a locking bug
ClosedPublic
Actions

Authored by kib on Feb 13 2023, 3:19 PM.
Tags
None
Referenced Files
Unknown Object (File)
May 19 2024, 11:19 AM
Unknown Object (File)
Apr 27 2024, 7:47 AM
Unknown Object (File)
Apr 27 2024, 7:47 AM
Unknown Object (File)
Apr 27 2024, 7:47 AM
Unknown Object (File)
Apr 27 2024, 7:46 AM
Unknown Object (File)
Apr 27 2024, 7:46 AM
Unknown Object (File)
Apr 27 2024, 6:09 AM
Unknown Object (File)
Jan 10 2024, 7:35 PM
View All 27 Files
Subscribers
imp
pho

Details

Reviewers
markj
mjg
fsu
Commits
rG3a3450eda6d4: tmpfs_rename(): use tmpfs_access_locked instead of VOP_ACCESS()
rG889f07460151: tmpfs_access(): style fixes and remove redundand assertions
rGadc3506d56d7: Extract tmpfs-specific part of tmpfs_access() into a helper
Summary
tmpfs_rename(): use tmpfs_access_locked instead of VOP_ACCESS()

Protect the call with the node lock. We cannot lock the fvp vnode
sleepable there, because we already own other participating vnode's
locks. Taking it without sleeping require unwinding the whole locking
state in one more place.

Note that the liveness of the node is guaranteed by the lock on the
parent directory vnode.

Fixes:  cbac1f3464956185cf95955344b6009e2cc3ae40ESC
tmpfs_access_locked(): extract tmpfs-specific part of tmpfs_access() into helper

The helper tmpfs_access_locked() requires either the vnode or node
locked for consistency of the access check, unlike the pure vnode op.
tmpfs_access(): style fixes and remove redundand assertions

Note that MPASS(VOP_ISLOCKED(vp)) is simply broken.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

kib created this revision.Feb 13 2023, 3:19 PM
Herald added a subscriber: imp. · View Herald TranscriptFeb 13 2023, 3:19 PM
kib requested review of this revision.Feb 13 2023, 3:19 PM
kib updated this revision to Diff 117090.

Correct the patch base, so it is applicable to main.

markj added inline comments.Feb 13 2023, 3:51 PM
sys/fs/tmpfs/tmpfs_vnops.c
392

Why doesn't this access require any synchronization?

1130

tmpfs_access() checks for a read-only mount - where does that get handled in this code path? In the VFS?

markj added inline comments.Feb 13 2023, 3:54 PM
sys/fs/tmpfs/tmpfs_vnops.c
392

Sorry, ignore this, I misread vnode_if.src.

kib added inline comments.Feb 13 2023, 3:55 PM
sys/fs/tmpfs/tmpfs_vnops.c
1130

namei/lookup for rename would catch it much earlier, even before the VOP is entered.

markj accepted this revision.Feb 13 2023, 4:01 PM
This revision is now accepted and ready to land.Feb 13 2023, 4:01 PM
mjg added a comment.EditedFeb 13 2023, 5:32 PM

perhaps it is time to follow linux, netbsd and dragonflybsd and add a per-mount point rename lock, which in turn would drastically simplify the op, including dropping the potential to need to relookup stuff

note the existing vfs rename code is already wrong in post rename ops -- the vnodes which get knotes posted may very well not be the ones which got any renames

sys/fs/tmpfs/tmpfs_vnops.c
382

does this bit compile away if ASSERT_VOP_LOCKED expands to nothing?

maybe it should hide behind DEBUG_VFS_LOCKS

mjg added a comment.EditedFeb 13 2023, 5:44 PM

forgot to ask, is there a problem at *this* stage to just lock the target vnode? commit message should probably explain why the code resorts to something else

kib marked 4 inline comments as done.Feb 13 2023, 10:57 PM
kib added inline comments.
sys/fs/tmpfs/tmpfs_vnops.c
382

This is a common practice to leave empty branches under some options, e.g. in sys/vm. I will add #if DEBUG_VFS_LOCKS around.

kib updated this revision to Diff 117150.Feb 13 2023, 10:59 PM
kib marked an inline comment as done.
kib edited the summary of this revision. (Show Details)

Add DEBUG_VFS_LOCKS braces. Update summary to explain the reason to use node lock instead the vnode lock.

This revision now requires review to proceed.Feb 13 2023, 10:59 PM
mjg accepted this revision.Feb 13 2023, 11:12 PM
mjg added inline comments.
sys/fs/tmpfs/tmpfs_vnops.c
382

the point is that mtx_owned ultimately expands to a load from a volatile pointer, i don't know if these magically go away if the result is unused

This revision is now accepted and ready to land.Feb 13 2023, 11:12 PM
Closed by commit rG889f07460151: tmpfs_access(): style fixes and remove redundand assertions (authored by kib). · Explain WhyFeb 13 2023, 11:17 PM
This revision was automatically updated to reflect the committed changes.
kib added a commit: rG889f07460151: tmpfs_access(): style fixes and remove redundand assertions.
kib added a commit: rGadc3506d56d7: Extract tmpfs-specific part of tmpfs_access() into a helper.
kib added a commit: rG3a3450eda6d4: tmpfs_rename(): use tmpfs_access_locked instead of VOP_ACCESS().

Revision Contents
Changeset List

PathSize
sys/
fs/
tmpfs/
20 lines

Diff 117154

View Options

sys/fs/tmpfs/tmpfs_vnops.c

Loading...