Page MenuHomeFreeBSD
Differential D55446

nullfs: Fix handling of doomed vnodes in nullfs_unlink_lowervp()
ClosedPublic
Actions

Authored by markj on Sun, Feb 22, 7:07 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sun, Mar 1, 4:16 PM
Unknown Object (File)
Wed, Feb 25, 11:51 PM
Unknown Object (File)
Wed, Feb 25, 8:18 PM
Unknown Object (File)
Wed, Feb 25, 7:45 PM
Unknown Object (File)
Wed, Feb 25, 6:31 PM
Unknown Object (File)
Wed, Feb 25, 3:30 PM
Unknown Object (File)
Wed, Feb 25, 3:25 PM
Unknown Object (File)
Wed, Feb 25, 3:18 PM
View All 15 Files
Subscribers
emaste
imp

Details

Reviewers
kib
Commits
rG49684d7d93d3: nullfs: Fix handling of doomed vnodes in nullfs_unlink_lowervp()
rG6ed373227680: nullfs: Fix handling of doomed vnodes in nullfs_unlink_lowervp()
rG8b64d46fab87: nullfs: Fix handling of doomed vnodes in nullfs_unlink_lowervp()
Summary

nullfs_unlink_lowervp() is called with the lower vnode locked, so the
nullfs vnode is locked too. The following can occur:

  1. the vunref() call decrements the usecount 2->1,
  2. a different thread calls vrele() on the vnode, decrements the usecount 0->1,
  3. the first thread tests vp->v_usecount == 0 and observes that it is true,
  4. the first thread incorrectly unlocks the lower vnode.

Fix this by testing VN_IS_DOOMED directly. Since
nullfs_unlink_lowervp() holds the vnode lock, the value of the
VIRF_DOOMED flag is stable.

PR: 288345

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

markj created this revision.Sun, Feb 22, 7:07 PM
Herald added a subscriber: imp. · View Herald TranscriptSun, Feb 22, 7:07 PM
markj requested review of this revision.Sun, Feb 22, 7:07 PM
Harbormaster completed remote builds in B70886: Diff 172461.Sun, Feb 22, 7:07 PM
kib added inline comments.Sun, Feb 22, 7:19 PM
sys/fs/nullfs/null_vfsops.c
465–466

This comment as is no longer holds.

478–479

This assert is tautological now.

markj updated this revision to Diff 172463.Sun, Feb 22, 7:24 PM
markj marked 2 inline comments as done.

Handle feedback

Harbormaster completed remote builds in B70887: Diff 172463.Sun, Feb 22, 7:24 PM
kib accepted this revision.Sun, Feb 22, 7:35 PM
kib added inline comments.
sys/fs/nullfs/null_vfsops.c
468

I think it is enough to say 'If the vnode is doomed, its lock was split from the lower vnode lock.'

This revision is now accepted and ready to land.Sun, Feb 22, 7:35 PM
markj updated this revision to Diff 172465.Sun, Feb 22, 7:37 PM

Make the comment more terse

This revision now requires review to proceed.Sun, Feb 22, 7:37 PM
Harbormaster completed remote builds in B70888: Diff 172465.Sun, Feb 22, 7:37 PM
markj marked an inline comment as done.Sun, Feb 22, 7:38 PM
kib accepted this revision.Sun, Feb 22, 7:39 PM
This revision is now accepted and ready to land.Sun, Feb 22, 7:39 PM
emaste added a subscriber: emaste.Mon, Feb 23, 2:40 PM
Closed by commit rG8b64d46fab87: nullfs: Fix handling of doomed vnodes in nullfs_unlink_lowervp() (authored by markj). · Explain WhyWed, Feb 25, 5:10 PM
This revision was automatically updated to reflect the committed changes.
markj added a commit: rG8b64d46fab87: nullfs: Fix handling of doomed vnodes in nullfs_unlink_lowervp().
markj added a commit: rG6ed373227680: nullfs: Fix handling of doomed vnodes in nullfs_unlink_lowervp().Thu, Feb 26, 2:59 AM
cperciva added a commit: rG49684d7d93d3: nullfs: Fix handling of doomed vnodes in nullfs_unlink_lowervp().Thu, Feb 26, 3:21 AM

Revision Contents
Changeset List

PathSize
sys/
fs/
nullfs/
14 lines

Diff 172692

View Options

sys/fs/nullfs/null_vfsops.c

Loading...