#1485 closed defect
Locks while accessing sync_active field in bdbuf library
Reported by: | Oleg | Owned by: | Sebastian Huber |
---|---|---|---|
Priority: | normal | Milestone: | 4.10.3 |
Component: | lib/block | Version: | 4.10 |
Severity: | normal | Keywords: | |
Cc: | thomas.doerfler@…, chrisj@…, nbkolchin@…, sebastian.huber@… | Blocked By: | |
Blocking: |
Description (last modified by Gedare Bloom)
In rtems_bdbuf_swapout_processing() function there is the following lines:
if (bdbuf_cache.sync_active && !transfered_buffers)
{
rtems_id sync_requester;
rtems_bdbuf_lock_cache ();
...
}
Here access to bdbuf_cache.sync_active is not protected with anything.
Imagine the following test case:
- Task1 releases buffer(s) with bdbuf_release_modified() calls;
- After a while swapout task starts and flushes all buffers;
- In the end of that swapout flush we are before that part of code, and assume there is task switching (just before "if (bdbuf_cache.sync_active && !transfered_buffers)");
- Some other task (with higher priority) does bdbuf_release_modified and rtems_bdbuf_syncdev().
This task successfully gets both locks sync and pool (in rtems_bdbuf_syncdev() function), sets sync_active to true and starts waiting for RTEMS_BDBUF_TRANSFER_SYNC event with only sync lock got.
- Task switching happens again and we are again before "if (bdbuf_cache.sync_active && !transfered_buffers)".
As the result we check sync_active and we come inside that "if" statement.
- The result is that we send RTEMS_BDBUF_TRANSFER_SYNC event! Though ALL modified messages of that task are not flushed yet!
If that high priority task re-boots a board after rtems_bdbuf_syncdev() return we have a very good bug. Imagine a nuclear power station is running such a code, or some space shuttle :-)
Change History (6)
comment:1 Changed on 12/27/09 at 00:48:59 by Chris Johns
comment:2 Changed on 11/22/14 at 13:47:52 by Gedare Bloom
Description: | modified (diff) |
---|---|
Milestone: | 4.10 → 4.10.3 |
comment:3 Changed on 11/23/14 at 16:58:48 by Joel Sherrill
Owner: | changed from Joel Sherrill to Sebastian Huber |
---|---|
Status: | new → assigned |
comment:4 Changed on 11/28/14 at 10:13:04 by Sebastian Huber <sebastian.huber@…>
Resolution: | → fixed |
---|---|
Status: | assigned → closed |
comment:5 Changed on 11/28/14 at 10:16:17 by Sebastian Huber <sebastian.huber@…>
comment:6 Changed on 10/10/17 at 06:49:19 by Sebastian Huber
Component: | fs → lib/block |
---|
My reading of the code is the sync_access field is protected by the cache lock.
The code you reference is in rtems_bdbuf_swapout_processing and there is a call to rtems_bdbuf_lock_cache at the start of the function. Is this lock being released before the code you reference ?