[PATCH] btrfs-image: Fix a data race in build_chunk_tree.

[PATCH] btrfs-image: Fix a data race in build_chunk_tree.

[Adam Buchbinder]

A mdrestore_struct was being written to without its mutex being held.
This race was found with ThreadSanitizer; the relevant part of the report
looks like this:

WARNING: ThreadSanitizer: data race (pid=18828)
  Write of size 8 at 0x7fffffc3d088 by main thread:
    #0 build_chunk_tree .../btrfs-progs/btrfs-image.c:2233
    #1 __restore_metadump .../btrfs-progs/btrfs-image.c:2294
    #2 restore_metadump .../btrfs-progs/btrfs-image.c:2345
    #3 main .../btrfs-progs/btrfs-image.c:2545

  Previous read of size 8 at 0x7fffffc3d088 by thread T1 (mutexes: write M0):
    #0 restore_worker .../btrfs-progs/btrfs-image.c:1636

  Location is stack of main thread.

  Mutex M0 created at:
    #0 pthread_mutex_init ??:0
    #1 mdrestore_init .../btrfs-progs/btrfs-image.c:1766
    #2 __restore_metadump .../btrfs-progs/btrfs-image.c:2286
    #3 restore_metadump .../btrfs-progs/btrfs-image.c:2345
    #4 main .../btrfs-progs/btrfs-image.c:2545

  Thread T1 (tid=18830, running) created by main thread at:
    #0 pthread_create ??:0
    #1 mdrestore_init .../btrfs-progs/btrfs-image.c:1784
    #2 __restore_metadump .../btrfs-progs/btrfs-image.c:2286
    #3 restore_metadump .../btrfs-progs/btrfs-image.c:2345
    #4 main .../btrfs-progs/btrfs-image.c:2545
---
 btrfs-image.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/btrfs-image.c b/btrfs-image.c
index cc8627c..017ab1d 100644
--- a/btrfs-image.c
+++ b/btrfs-image.c
@@ -2228,6 +2228,7 @@ static int build_chunk_tree(struct mdrestore_struct *mdres,
 		buffer = tmp;
 	}
 
+	pthread_mutex_lock(&mdres->mutex);
 	super = (struct btrfs_super_block *)buffer;
 	chunk_root_bytenr = btrfs_super_chunk_root(super);
 	mdres->leafsize = btrfs_super_leafsize(super);
@@ -2236,6 +2237,7 @@ static int build_chunk_tree(struct mdrestore_struct *mdres,
 		       BTRFS_UUID_SIZE);
 	mdres->devid = le64_to_cpu(super->dev_item.devid);
 	free(buffer);
+	pthread_mutex_unlock(&mdres->mutex);
 
 	return search_for_chunk_blocks(mdres, chunk_root_bytenr, 0);
 }
-- 
1.9.1.423.g4596e3a

Re: [PATCH] btrfs-image: Fix a data race in build_chunk_tree.

[David Sterba]

On Sun, May 18, 2014 at 10:40:42PM -0700, Adam Buchbinder wrote:
> A mdrestore_struct was being written to without its mutex being held.
> This race was found with ThreadSanitizer; the relevant part of the report
> looks like this:
> 
> WARNING: ThreadSanitizer: data race (pid=18828)
>   Write of size 8 at 0x7fffffc3d088 by main thread:
>     #0 build_chunk_tree .../btrfs-progs/btrfs-image.c:2233
>     #1 __restore_metadump .../btrfs-progs/btrfs-image.c:2294
>     #2 restore_metadump .../btrfs-progs/btrfs-image.c:2345
>     #3 main .../btrfs-progs/btrfs-image.c:2545
> 
>   Previous read of size 8 at 0x7fffffc3d088 by thread T1 (mutexes: write M0):
>     #0 restore_worker .../btrfs-progs/btrfs-image.c:1636
> 
>   Location is stack of main thread.
> 
>   Mutex M0 created at:
>     #0 pthread_mutex_init ??:0
>     #1 mdrestore_init .../btrfs-progs/btrfs-image.c:1766
>     #2 __restore_metadump .../btrfs-progs/btrfs-image.c:2286
>     #3 restore_metadump .../btrfs-progs/btrfs-image.c:2345
>     #4 main .../btrfs-progs/btrfs-image.c:2545
> 
>   Thread T1 (tid=18830, running) created by main thread at:
>     #0 pthread_create ??:0
>     #1 mdrestore_init .../btrfs-progs/btrfs-image.c:1784
>     #2 __restore_metadump .../btrfs-progs/btrfs-image.c:2286
>     #3 restore_metadump .../btrfs-progs/btrfs-image.c:2345
>     #4 main .../btrfs-progs/btrfs-image.c:2545
> ---

Thanks. FYI, I've added your Signed-off-by line, same as in the other
patch you've sent.