fdescfs: Fix a file ref leak
ClosedPublic
Actions

Authored by markj on Mar 21 2023, 7:15 PM.

Details

Reviewers

mjg
kib

Commits

rGcfae554b7866: fdescfs: Fix a file ref leak
rG0f5b6f9a041e: fdescfs: Fix a file ref leak

Summary

On github, CTurt points out that vn_vget_ino_gen() may fail without
invoking the callback, in which case the ref on fp is leaked. Moreover,
we cannot safely drop the ref while the dvp is locked.

So:

Use a flag variable to indicate whether the ref is dropped.
Reorganize things to handle the leak.

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Skipped

Unit

Tests Skipped

Build Status

Buildable 50500
Build 47391: arc lint + arc unit

Event Timeline

markj created this revision.Mar 21 2023, 7:15 PM

Herald added a subscriber: imp. · View Herald TranscriptMar 21 2023, 7:15 PM

markj requested review of this revision.Mar 21 2023, 7:15 PM

Harbormaster completed remote builds in B50500: Diff 119207.Mar 21 2023, 7:15 PM

freaking mess

This revision is now accepted and ready to land.Mar 21 2023, 7:19 PM

kib accepted this revision.Mar 21 2023, 7:51 PM

kib added inline comments.

sys/fs/fdescfs/fdesc_vnops.c
339	I think that the comment should be updated
374	I do not think that error can be zero on this path

markj marked 2 inline comments as done.Mar 21 2023, 8:07 PM

markj added inline comments.

sys/fs/fdescfs/fdesc_vnops.c
374	It will be zero when `VTOFDESC(dvp)->fd_ix == FD_DESC + fd`.

Adjust a comment.

This revision now requires review to proceed.Mar 21 2023, 8:07 PM

Harbormaster completed remote builds in B50502: Diff 119212.Mar 21 2023, 8:07 PM

kib accepted this revision.Mar 21 2023, 8:43 PM

This revision is now accepted and ready to land.Mar 21 2023, 8:43 PM

kib added inline comments.Mar 21 2023, 8:49 PM

sys/fs/fdescfs/fdesc_vnops.c
341	I suspect that this check is not enough, for instance the fdescfs root dir can be opened more then once. Perhaps fdescfs vnodes locks should allow recursion.

markj added inline comments.Mar 22 2023, 12:31 AM

sys/fs/fdescfs/fdesc_vnops.c
341	But the root dir always has fd_ix == FD_ROOT. In fact, I cannot see how this check is ever true.

kib added inline comments.Mar 22 2023, 12:24 PM

sys/fs/fdescfs/fdesc_vnops.c
341	Open /dev/fd with the result file descriptor N, and look up /dev/fd/N.

markj added inline comments.Mar 22 2023, 12:42 PM

sys/fs/fdescfs/fdesc_vnops.c
341	Then the root dir has fd_ix = FD_ROOT, which is never equal to FD_DESC + N.

Closed by commit rG0f5b6f9a041e: fdescfs: Fix a file ref leak (authored by markj). · Explain WhyMar 22 2023, 1:19 PM

This revision was automatically updated to reflect the committed changes.

markj added a commit: rG0f5b6f9a041e: fdescfs: Fix a file ref leak.

kib added inline comments.Mar 22 2023, 1:41 PM

sys/fs/fdescfs/fdesc_vnops.c
341	Exactly. Then it hits the vn_vget_ino() path.

markj added inline comments.Mar 22 2023, 1:46 PM

sys/fs/fdescfs/fdesc_vnops.c
341	But what exactly is the problem? fdesc_lookup() doesn't lock both vnodes at the same time. (I did try this experiment, with and without -o nodup.)