NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
kern/59519: vn_read() leaks file* lock
>Number: 59519
>Category: kern
>Synopsis: vn_read() leaks file* lock
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: kern-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Tue Jul 08 12:25:00 +0000 2025
>Originator: Christoph Badura
>Release: 10.0, -current
>Organization:
The Code Reviews are Hard, Let's leak Locks Foundation
>Environment:
N/A
>Description:
sys/kern/vfs_vnops.c#673 in vn_read() acquires a mutex when it should release it.
if (__predict_false(vp->v_type == VDIR) &&
offset == &fp->f_offset && (flags & FOF_UPDATE_OFFSET) == 0)
mutex_enter(&fp->f_lock);
uio->uio_offset = *offset;
if (__predict_false(vp->v_type == VDIR) &&
offset == &fp->f_offset && (flags & FOF_UPDATE_OFFSET) == 0)
==> mutex_enter(&fp->f_lock);
Obviously this should be a call to mutex_exit().
This was introduced on 2023-04-22 in r1.238:
https://cvsweb.netbsd.org/bsdweb.cgi/src/sys/kern/vfs_vnops.c.diff?r1=1.237;r2=1.238
And pulled up to netbsd-10 shortly thereafter.
>How-To-Repeat:
Code inspection.
>Fix:
Obvious.
Needs pullup to -10.
Home |
Main Index |
Thread Index |
Old Index