struct vnode::v_mount access rules

To: tech-kern%NetBSD.org@localhost
Subject: struct vnode::v_mount access rules
From: Taylor R Campbell <campbell+netbsd-tech-kern%mumble.net@localhost>
Date: Tue, 1 Oct 2024 16:57:27 +0000

Under what circumstances is access to struct vnode::v_mount allowed?

A vnode may be concurrently revoked at any time.  Part of revoking a
vnode vp, in vcache_reclaim, involves vfs_insmntque to set vp->v_mount
to dead_rootmount.  So there must be some circumstances under which
access to v_mount is forbidden -- those circumstances that can race
with that part of vcache_reclaim.

Holding the vnode lock makes access to vp->v_mount safe, because
vcache_reclaim runs with the exclusive vnode lock held.  But
_acquiring_ the vnode lock first requires reading vp->v_mount inside
VOP_LOCK, before the vnode lock is actually acquired.

Is it safe to read between fd_getvnode and fd_putfile, like here?

int
do_sys_fstatvfs(struct lwp *l, int fd, int flags, struct statvfs *sb)
{
	file_t *fp;
	struct mount *mp;
	int error;

	/* fd_getvnode() will use the descriptor for us */
	if ((error = fd_getvnode(fd, &fp)) != 0)
		return (error);
	mp = fp->f_vnode->v_mount;
	error = dostatvfs(mp, sb, curlwp, flags, 1);
	fd_putfile(fd);
	return error;
}

I think the answer is no, nothing here precludes a concurrent
vcache_reclaim from writing to fp->f_vnode->v_mount at the same time
do_sys_fstatvfs is reading from it.  Although both the before and
after states are OK for dostatvfs, if this concurrent read/write is
supposed to be allowed, it should be done with atomic_load/store_* --
and the same needs to apply to all other use of v_mount that isn't,
e.g., serialized by the vnode lock.

Follow-Ups:
- Re: struct vnode::v_mount access rules
  - From: J. Hannken-Illjes

Prev by Date: Re: Can't get SPI to work
Next by Date: How does PCIe appear to the host?
Previous by Thread: Can't get SPI to work
Next by Thread: Re: struct vnode::v_mount access rules
Indexes:

Home | Main Index | Thread Index | Old Index