likely data race conditions in ioctl handling #25
Description
Location (Korea, USA, China, India, etc.)
USA, San Diego
Describe the bug
There are probably some data race conditions in the 4.15 version of the driver. The pattern:
- get variable from userspace
- take spinlock, save irq state
- write to variable
- release spinlock
One issue is that by the time you get the variable, another thread has the opportunity to write to it. Another issue is that 2 or more threads may read the same variable, then independently increment it and write it back out. Instead of being incremented twice, it's only incremented once. I'm not claiming that the code is incrementing a variable, I'm simply highlighting this as a potential problem. The correct pattern is:
- take spinlock, save irq state
- get variable from userspace
- write to variable
- release spinlock
Note: there is a spinlock acquire of a critical section that has been commented out. This is definitely a race condition.
To Reproduce
Steps to reproduce the behavior:
- It's obvious upon reading the code
Expected behavior
A clear and concise description of what you expected to happen.
See above
Screenshots
If applicable, add screenshots to help explain your problem.
It's in the code, primarily in core.c
System environment (please complete the following information)
- Firmware version : N/A
- Number of SSDs : N/A
- OS & Kernel version [e.g., Ubuntu 16.04 Kernel v4.9.5]: Ubuntu 4.15
- GCC version [e.g., gcc v5.0.0] : N/A
- kvbench version if kvbench runs [e.g., v0.6.0]: N/A
- KV API version [e.g., v0.6.0] N/A
- User driver version : N/A
- Driver [Kernel or user driver or emulator] : kernel driver
Workload
- number of records or data size N/A
- Workload(insert, mixed workload, etc.) [e.g., sequential or random insert, or 50% Read & 50% write] N/A
- key size : N/A
- value size : N/A
- operation option if available [e.g., sync or async mode] : N/A
Additional context
Add any other context about the problem here.
See above