From: bugzilla-daemon@bugzilla.kernel.org
To: linux-ext4@vger.kernel.org
Subject: [Bug 205567] New: potential (possibly benign) data race on ext4_dir_entry_2->inode when getdents64 and rename happens on the same directory
Date: Mon, 18 Nov 2019 20:15:09 +0000 [thread overview]
Message-ID: <bug-205567-13602@https.bugzilla.kernel.org/> (raw)
https://bugzilla.kernel.org/show_bug.cgi?id=205567
Bug ID: 205567
Summary: potential (possibly benign) data race on
ext4_dir_entry_2->inode when getdents64 and rename
happens on the same directory
Product: File System
Version: 2.5
Kernel Version: 5.4-rc5
Hardware: All
OS: Linux
Tree: Mainline
Status: NEW
Severity: normal
Priority: P1
Component: ext4
Assignee: fs_ext4@kernel-bugs.osdl.org
Reporter: mengxu.gatech@gmail.com
Regression: No
I am reporting a potential data race (maybe benign) in the ext4 layer on
ext4_dir_entry_2->inode when getdents64 and rename happens on the same
directory.
[Setup]
mkdir(dir_foo, 0777);
open(dir_foo, 0x10000, 0777) = 0;
dup2(0, 199) = 199;
[Thread 1] getdents64(199, <some buffer>, 4469) = 48;
[Thread 2] rename(dir_foo, aaaaa) = 0;
The function call trace is shown below:
[Thread 1: SYS_getdents64]
__do_sys_getdents64
ksys_getdents64
iterate_dir
ext4_readdir
ext4_dx_readdir
ext4_htree_fill_tree
htree_dirblock_to_tree
[READ] if (de->inode == 0)
[Thread 2: SYS_rename]
__do_renameat2
do_renameat2
vfs_rename
ext4_rename2
ext4_rename
ext4_rename_dir_finish
[WRITE] ent->parent_de->inode = cpu_to_le32(dir_ino);
I could confirm that the WRITE may happen before and after the READ operation
by controlling the timing of the two threads, i.e., by setting breakpoints
before the WRITE statement.
However, I am not very sure about the implication of such a data race (e.g.,
causing violations of assumptions). I would appreciate if you could help check
on this potential bug and advise whether this is a harmful data race or it
is intended. Thank you!
--
You are receiving this mail because:
You are watching the assignee of the bug.
next reply other threads:[~2019-11-18 20:15 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-18 20:15 bugzilla-daemon [this message]
2019-11-18 23:08 ` [Bug 205567] potential (possibly benign) data race on ext4_dir_entry_2->inode when getdents64 and rename happens on the same directory bugzilla-daemon
2019-11-18 23:10 ` bugzilla-daemon
2019-11-18 23:11 ` bugzilla-daemon
2019-11-19 1:29 ` bugzilla-daemon
2019-11-19 1:29 ` bugzilla-daemon
2019-11-19 1:32 ` bugzilla-daemon
2019-11-19 3:03 ` bugzilla-daemon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-205567-13602@https.bugzilla.kernel.org/ \
--to=bugzilla-daemon@bugzilla.kernel.org \
--cc=linux-ext4@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).