| Message ID | 1400478042-19837-1-git-send-email-abuchbinder@google.com (mailing list archive) |
|---|---|
| State | Accepted |
| Headers | show |
On Sun, May 18, 2014 at 10:40:42PM -0700, Adam Buchbinder wrote: > A mdrestore_struct was being written to without its mutex being held. > This race was found with ThreadSanitizer; the relevant part of the report > looks like this: > > WARNING: ThreadSanitizer: data race (pid=18828) > Write of size 8 at 0x7fffffc3d088 by main thread: > #0 build_chunk_tree .../btrfs-progs/btrfs-image.c:2233 > #1 __restore_metadump .../btrfs-progs/btrfs-image.c:2294 > #2 restore_metadump .../btrfs-progs/btrfs-image.c:2345 > #3 main .../btrfs-progs/btrfs-image.c:2545 > > Previous read of size 8 at 0x7fffffc3d088 by thread T1 (mutexes: write M0): > #0 restore_worker .../btrfs-progs/btrfs-image.c:1636 > > Location is stack of main thread. > > Mutex M0 created at: > #0 pthread_mutex_init ??:0 > #1 mdrestore_init .../btrfs-progs/btrfs-image.c:1766 > #2 __restore_metadump .../btrfs-progs/btrfs-image.c:2286 > #3 restore_metadump .../btrfs-progs/btrfs-image.c:2345 > #4 main .../btrfs-progs/btrfs-image.c:2545 > > Thread T1 (tid=18830, running) created by main thread at: > #0 pthread_create ??:0 > #1 mdrestore_init .../btrfs-progs/btrfs-image.c:1784 > #2 __restore_metadump .../btrfs-progs/btrfs-image.c:2286 > #3 restore_metadump .../btrfs-progs/btrfs-image.c:2345 > #4 main .../btrfs-progs/btrfs-image.c:2545 > --- Thanks. FYI, I've added your Signed-off-by line, same as in the other patch you've sent. -- To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/btrfs-image.c b/btrfs-image.c index cc8627c..017ab1d 100644 --- a/btrfs-image.c +++ b/btrfs-image.c @@ -2228,6 +2228,7 @@ static int build_chunk_tree(struct mdrestore_struct *mdres, buffer = tmp; } + pthread_mutex_lock(&mdres->mutex); super = (struct btrfs_super_block *)buffer; chunk_root_bytenr = btrfs_super_chunk_root(super); mdres->leafsize = btrfs_super_leafsize(super); @@ -2236,6 +2237,7 @@ static int build_chunk_tree(struct mdrestore_struct *mdres, BTRFS_UUID_SIZE); mdres->devid = le64_to_cpu(super->dev_item.devid); free(buffer); + pthread_mutex_unlock(&mdres->mutex); return search_for_chunk_blocks(mdres, chunk_root_bytenr, 0); }
A mdrestore_struct was being written to without its mutex being held. This race was found with ThreadSanitizer; the relevant part of the report looks like this: WARNING: ThreadSanitizer: data race (pid=18828) Write of size 8 at 0x7fffffc3d088 by main thread: #0 build_chunk_tree .../btrfs-progs/btrfs-image.c:2233 #1 __restore_metadump .../btrfs-progs/btrfs-image.c:2294 #2 restore_metadump .../btrfs-progs/btrfs-image.c:2345 #3 main .../btrfs-progs/btrfs-image.c:2545 Previous read of size 8 at 0x7fffffc3d088 by thread T1 (mutexes: write M0): #0 restore_worker .../btrfs-progs/btrfs-image.c:1636 Location is stack of main thread. Mutex M0 created at: #0 pthread_mutex_init ??:0 #1 mdrestore_init .../btrfs-progs/btrfs-image.c:1766 #2 __restore_metadump .../btrfs-progs/btrfs-image.c:2286 #3 restore_metadump .../btrfs-progs/btrfs-image.c:2345 #4 main .../btrfs-progs/btrfs-image.c:2545 Thread T1 (tid=18830, running) created by main thread at: #0 pthread_create ??:0 #1 mdrestore_init .../btrfs-progs/btrfs-image.c:1784 #2 __restore_metadump .../btrfs-progs/btrfs-image.c:2286 #3 restore_metadump .../btrfs-progs/btrfs-image.c:2345 #4 main .../btrfs-progs/btrfs-image.c:2545 --- btrfs-image.c | 2 ++ 1 file changed, 2 insertions(+)