[BUG] ntfs: possible data races in ntfs_clear_extent_inode()
From: Tuo Li
Date: Tue Jun 13 2023 - 00:35:31 EST
Hello,
Our static analysis tool finds some possible data races in the NTFS file
system in Linux 6.4.0-rc6.
In most calling contexts, the variable ni->ext.base_ntfs_ino is accessed
with holding the lock ni->extent_lock. Here is an example:
ntfs_extent_mft_record_free() --> Line 2773 in fs/ntfs/mtf.c
mutex_lock(&ni->extent_lock); --> Line 2786 in fs/ntfs/mtf.c (Lock
ni->extent_lock)
base_ni = ni->ext.base_ntfs_ino; --> Line 2787 in fs/ntfs/mft.c
(Access ni->ext.base_ntfs_ino)
However, in the following calling contexts:
ntfs_evict_big_inode() --> Line 2247 in fs/ntfs/inode.c
ntfs_clear_extent_inode() --> Line 2274 in fs/ntfs/inode.c
if (!is_bad_inode(VFS_I(ni->ext.base_ntfs_ino))) --> Line 2224
in fs/ntfs/inode.c (Access ni->ext.base_ntfs_ino)
ntfs_evict_big_inode() --> Line 2247 in fs/ntfs/inode.c
ni->ext.base_ntfs_ino = NULL; --> Line 2285 in fs/ntfs/inode.c
(Access ni->ext.base_ntfs_ino)
the variable ni->ext.base_ntfs_ino is accessed without holding the lock
ni->extent_lock, and thus data races can occur.
I am not quite sure whether these possible data races are real and how
to fix them if they are real.
Any feedback would be appreciated, thanks!
Reported-by: BassCheck <bass@xxxxxxxxxxx>
Best wishes,
Tuo Li