| commit | de3e7289e227db057cb4eca431e47d5c5502da53 | |
| author | Mark Vitale <mvitale@sinenomine.net> | |
| Thu, 5 Nov 2020 23:16:51 +0000 (5 18:16 -0500) | ||
| committer | Benjamin Kaduk <kaduk@mit.edu> | |
| Fri, 13 Nov 2020 15:54:46 +0000 (13 10:54 -0500) | ||
| tree | a4b5e1b0fba642cb8447fef7502ac0144adb1665 | treesnapshot (tar.gz zip) |
| parent | 8e1c321dc8e85966383760a6765f7f192ecf632a | commitdiff |
vos: avoid double release of a volume lock
To update a volume entry in the VLDB, vos commands typically lock the
volume entry via VL_SetLock, then call VL_UpdateEntryN, then release the
lock via VL_ReleaseLock. However, some vos commands exploit the
optional lock release flags of VL_UpdateEntryN to combine the update and
unlock operations into a single RPC. This approach requires extra care
to ensure that VL_ReleaseLock is issued for a failed VL_UpdateEntryN,
but NOT for a successful VL_UpdateEntryN.
Unfortunately, the following commands have success paths that fall
through to the error path, resulting in a double release of the volume
lock:
- vos convertROtoRW
- vos release
A second VL_ReleaseLock of a volume entry that has already been unlocked
via VL_UpdateEntryN is essentially a harmless no-op (other than negating
any benefit of exploiting the VL_UpdateEntryN lock flags). However, if
there is a race with another volume operation on the same volume, it is
possible for this bug to release the volume lock of a different volume
operation.
This problem has been present in 'vos release' since OpenAFS 1.0. This
problem has been present in 'vos convertROtoRW' since the command's
introduction in commit 8af8241e94284522feb77d75aee8ea3deb73f3cc
vol-ro-to-rw-tool-20030314.
Properly maintain state to avoid unlocking a volume (with
VL_ReleaseLock) that has already been unlocked (via VL_UpdateEntryN).
Thanks to Andrew Deason for discovering the issue and suggesting the
fix.
Change-Id: I757b4619b9431d1ca980f755349806993add14a5
Reviewed-on: https://gerrit.openafs.org/14426
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
To update a volume entry in the VLDB, vos commands typically lock the
volume entry via VL_SetLock, then call VL_UpdateEntryN, then release the
lock via VL_ReleaseLock. However, some vos commands exploit the
optional lock release flags of VL_UpdateEntryN to combine the update and
unlock operations into a single RPC. This approach requires extra care
to ensure that VL_ReleaseLock is issued for a failed VL_UpdateEntryN,
but NOT for a successful VL_UpdateEntryN.
Unfortunately, the following commands have success paths that fall
through to the error path, resulting in a double release of the volume
lock:
- vos convertROtoRW
- vos release
A second VL_ReleaseLock of a volume entry that has already been unlocked
via VL_UpdateEntryN is essentially a harmless no-op (other than negating
any benefit of exploiting the VL_UpdateEntryN lock flags). However, if
there is a race with another volume operation on the same volume, it is
possible for this bug to release the volume lock of a different volume
operation.
This problem has been present in 'vos release' since OpenAFS 1.0. This
problem has been present in 'vos convertROtoRW' since the command's
introduction in commit 8af8241e94284522feb77d75aee8ea3deb73f3cc
vol-ro-to-rw-tool-20030314.
Properly maintain state to avoid unlocking a volume (with
VL_ReleaseLock) that has already been unlocked (via VL_UpdateEntryN).
Thanks to Andrew Deason for discovering the issue and suggesting the
fix.
Change-Id: I757b4619b9431d1ca980f755349806993add14a5
Reviewed-on: https://gerrit.openafs.org/14426
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
| src/volser/vsprocs.c | diffblobblamehistory |