Page MenuHomeFreeBSD

msdosfs_rename(): more resilence against corruption
ClosedPublic

Authored by kib on Jan 17 2024, 11:09 PM.
Tags
None
Referenced Files
Unknown Object (File)
Fri, Jan 24, 6:22 PM
Unknown Object (File)
Wed, Jan 22, 3:35 AM
Unknown Object (File)
Sat, Jan 18, 2:05 AM
Unknown Object (File)
Fri, Jan 17, 1:12 PM
Unknown Object (File)
Fri, Jan 17, 10:50 AM
Unknown Object (File)
Tue, Jan 14, 10:22 AM
Unknown Object (File)
Sat, Jan 11, 12:55 PM
Unknown Object (File)
Sat, Jan 11, 12:52 PM
Subscribers

Details

Summary
msdosfs_rename(): handle errors from msdosfs_lookup_ino()

Properly working storage and correct filesystem structure indeed only
allow the EJUSTRETURN return code, but since the called function needs
to read directory blocks and (re)parse the content, the assert is not
neccessary hold.

PR:     276408
msdosfs_rename(): implement several XXXs about downgrading to ro
msdosfs_integrity_error(): plug possible busy leak

If taskqueue_enqueue() returned error, unbusy().
Handle parallel calls to msdosfs_integrity_error() by unbusying in
msdosfs_remount_ro() up to pending times.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

kib requested review of this revision.Jan 17 2024, 11:09 PM

Suppose two threads call msdosfs_integrity_error() at around the same time. This function busies the mountpoint, then schedules a task to downgrade the mountpoint to RO. It's possible that both calls will be handled by a single call to msdosfs_remount_ro(pending = 2). There, the busy reference is released only once, so isn't it possible to leak?

kib edited the summary of this revision. (Show Details)

Handle pending taskq

markj added inline comments.
sys/fs/msdosfs/msdosfs_vfsops.c
1023 ↗(On Diff #132928)

I do not see how an error can arise in practice.

This revision is now accepted and ready to land.Jan 18 2024, 3:49 PM
kib marked an inline comment as done.Jan 18 2024, 4:04 PM
kib added inline comments.
sys/fs/msdosfs/msdosfs_vfsops.c
1023 ↗(On Diff #132928)

In principle this is true right now, but for completeness it is better be handled.

kib marked an inline comment as done.

Fix loop around vfs_unbusy():

-       } while (pending-- >= 0);
+       } while (--pending >= 0);
This revision now requires review to proceed.Jan 18 2024, 4:06 PM
This revision is now accepted and ready to land.Jan 18 2024, 4:12 PM