Kernel/FS: Fix check-then-act concurrency bug in FileSystem/Inode

When the FileSystem does a sync, it gathers up all the inodes with dirty metadata into a vector. The inode mutex is not held while checking the inode dirty bit, which can lead to a kernel panic due to concurrent inode modifications. Fixes: #21796
Author: https://github.com/blakesmith 🔰 Commit: https://github.com/SerenityOS/serenity/commit/e346331424 Pull-request: https://github.com/SerenityOS/serenity/pull/21996 Issue: https://github.com/SerenityOS/serenity/issues/21796
2024-09-30 00:31:14 +00:00 · 2023-11-19 19:15:37 -06:00 · 2023-11-19 19:15:37 -06:00 · e346331424 · 2024-07-16 23:54:15 +09:00
parent 2372584b18
commit e346331424
2 changed files with 4 additions and 3 deletions
--- a/Kernel/FileSystem/Ext2FS/Inode.cpp
+++ b/Kernel/FileSystem/Ext2FS/Inode.cpp
@ -494,6 +494,9 @@ InodeMetadata Ext2FSInode::metadata() const
 ErrorOr<void> Ext2FSInode::flush_metadata()
 {
    MutexLocker locker(m_inode_lock);
+    if (!is_metadata_dirty())
+        return {};
+
    dbgln_if(EXT2_DEBUG, "Ext2FSInode[{}]::flush_metadata(): Flushing inode", identifier());
    TRY(fs().write_ext2_inode(index(), m_raw_inode));
    if (is_directory()) {
--- a/Kernel/FileSystem/Inode.cpp
+++ b/Kernel/FileSystem/Inode.cpp
@ -39,15 +39,13 @@ void Inode::sync_all()
    });

    for (auto& inode : inodes) {
-        VERIFY(inode->is_metadata_dirty());
        (void)inode->flush_metadata();
    }
 }

 void Inode::sync()
 {
-    if (is_metadata_dirty())
-        (void)flush_metadata();
+    (void)flush_metadata();
    auto result = fs().flush_writes();
    if (result.is_error()) {
        // TODO: Figure out how to propagate error to a higher function.