rcore-fs-sfs: possible deadlock bugs #18

BurtonQin · 2020-06-27T18:51:21Z

There are two kinds of possible deadlock bugs in rcore-fs/rcore-fs-sfs/src/lib.rs:

Double-Lock:

Lines 394 to 397 in 1fb7c0e

    
           let disk_inode = self.disk_inode.write(); 
        
           let old_size = disk_inode.size as usize; 
        
           self._resize(old_size + BLKSIZE)?; 
        
           self._write_at(old_size, entry.as_buf()).unwrap();

The first lock self.disk_inode.write() is on L394.
fn _resize is called on L396. The read and write locks of self.disk_inode are heavily used in fn _resize and its callees.
fn _write_at is called L397, which calls fn _io_at on L352. The second lock is on L324 in fn _io_at.

rcore-fs/rcore-fs-sfs/src/lib.rs

Lines 351 to 352 in 1fb7c0e

    
           fn _write_at(&self, offset: usize, buf: &[u8]) -> vfs::Result<usize> { 
        
               self._io_at(offset, offset + buf.len(), |device, range, offset| {

rcore-fs/rcore-fs-sfs/src/lib.rs

Line 324 in 1fb7c0e

let size = self.disk_inode.read().size as usize;

A simple drop(disk_inode) before L396 may fix the bugs. But we need to be careful about possible atomicity violations.

Locks in conflicting orders:
self.super_block.write() is called before self.free_map.write() in fn sync.

rcore-fs/rcore-fs-sfs/src/lib.rs

Lines 944 to 951 in 1fb7c0e

    
           fn sync(&self) -> vfs::Result<()> { 
        
               let mut super_block = self.super_block.write(); 
        
               if super_block.dirty() { 
        
                   self.device 
        
                       .write_at(BLKSIZE * BLKN_SUPER, super_block.as_buf())?; 
        
                   super_block.sync(); 
        
               } 
        
               let mut free_map = self.free_map.write();

self.super_block.write() is called after self.free_map.write() in fn alloc_block and fn free_block.

rcore-fs/rcore-fs-sfs/src/lib.rs

Lines 841 to 845 in 1fb7c0e

    
           fn alloc_block(&self) -> Option<usize> { 
        
               let mut free_map = self.free_map.write(); 
        
               let id = free_map.alloc(); 
        
               if let Some(block_id) = id { 
        
                   let mut super_block = self.super_block.write();

rcore-fs/rcore-fs-sfs/src/lib.rs

Lines 859 to 863 in 1fb7c0e

    
           fn free_block(&self, block_id: usize) { 
        
               let mut free_map = self.free_map.write(); 
        
               assert!(!free_map[block_id]); 
        
               free_map.set(block_id, true); 
        
               self.super_block.write().unused_blocks += 1;

A possible fix is to move self.free_map.write() before self.super_block.write() in fn sync.

The text was updated successfully, but these errors were encountered:

jiegec · 2020-06-28T03:52:05Z

Yes, we didn't carefully handle locks.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

rcore-fs-sfs: possible deadlock bugs #18

rcore-fs-sfs: possible deadlock bugs #18

BurtonQin commented Jun 27, 2020

jiegec commented Jun 28, 2020

rcore-fs-sfs: possible deadlock bugs #18

rcore-fs-sfs: possible deadlock bugs #18

Comments

BurtonQin commented Jun 27, 2020

jiegec commented Jun 28, 2020