NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

kern/59519: vn_read() leaks file* lock



>Number:         59519
>Category:       kern
>Synopsis:       vn_read() leaks file* lock
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Jul 08 12:25:00 +0000 2025
>Originator:     Christoph Badura
>Release:        10.0, -current
>Organization:
The Code Reviews are Hard, Let's leak Locks Foundation
>Environment:
N/A
>Description:
sys/kern/vfs_vnops.c#673 in vn_read() acquires a mutex when it should release it.

        if (__predict_false(vp->v_type == VDIR) &&
            offset == &fp->f_offset && (flags & FOF_UPDATE_OFFSET) == 0)
                mutex_enter(&fp->f_lock);
        uio->uio_offset = *offset;
        if (__predict_false(vp->v_type == VDIR) &&
            offset == &fp->f_offset && (flags & FOF_UPDATE_OFFSET) == 0)
==>             mutex_enter(&fp->f_lock);

Obviously this should be a call to mutex_exit().

This was introduced on 2023-04-22 in r1.238:
https://cvsweb.netbsd.org/bsdweb.cgi/src/sys/kern/vfs_vnops.c.diff?r1=1.237;r2=1.238

And pulled up to netbsd-10 shortly thereafter.

>How-To-Repeat:
Code inspection.
>Fix:
Obvious.
Needs pullup to -10.



Home | Main Index | Thread Index | Old Index