[RTEMS Project] #1485: Locks while accessing sync_active field in bdbuf library

RTEMS trac trac at rtems.org
Fri Nov 28 10:13:04 UTC 2014 

#1485: Locks while accessing sync_active field in bdbuf library
---------------------------+------------------------------
 Reporter:  Oleg.Kravtsov  |       Owner:  sebastian.huber
     Type:  defect         |      Status:  closed
 Priority:  normal         |   Milestone:  4.10.3
Component:  filesystem     |     Version:  4.10
 Severity:  normal         |  Resolution:  fixed
 Keywords:                 |
---------------------------+------------------------------
Changes (by Sebastian Huber <sebastian.huber@…>):

 * status:  assigned => closed
 * resolution:   => fixed


Comment:

 In [changeset:"3b4ca3ab0f99d15794a3eee60b5735f834fd898c/rtems"]:
 {{{
 #!CommitTicketReference repository="rtems"
 revision="3b4ca3ab0f99d15794a3eee60b5735f834fd898c"
 bdbuf: Fix race condition with sync active flag

 Bug report by Oleg Kravtsov:

 In rtems_bdbuf_swapout_processing() function there is the following
 lines:

 if (bdbuf_cache.sync_active && !transfered_buffers)
 {

     rtems_id sync_requester;
     rtems_bdbuf_lock_cache ();
     ...

 }

 Here access to bdbuf_cache.sync_active is not protected with anything.
 Imagine the following test case:

 1. Task1 releases buffer(s) with bdbuf_release_modified() calls;

 2. After a while swapout task starts and flushes all buffers;

 3. In the end of that swapout flush we are before that part of code, and
 assume there is task switching (just before "if (bdbuf_cache.sync_active
 && !transfered_buffers)");

 4. Some other task (with higher priority) does bdbuf_release_modified
 and rtems_bdbuf_syncdev().

 This task successfully gets both locks sync and pool (in
 rtems_bdbuf_syncdev() function), sets sync_active to true and starts
 waiting for RTEMS_BDBUF_TRANSFER_SYNC event with only sync lock got.

 5. Task switching happens again and we are again before "if
 (bdbuf_cache.sync_active && !transfered_buffers)".

 As the result we check sync_active and we come inside that "if"
 statement.

 6. The result is that we send RTEMS_BDBUF_TRANSFER_SYNC event! Though
 ALL modified messages of that task are not flushed yet!

 close #1485
 }}}

--
Ticket URL: <http://devel.rtems.org/ticket/1485#comment:4>
RTEMS Project <http://www.rtems.org/>
RTEMS Project

More information about the bugs mailing list