From 7bb300ad2cfe2fec9698523c59a4e800b4fe635a Mon Sep 17 00:00:00 2001 From: Jeffrey Altman Date: Tue, 9 Apr 2013 08:12:29 -0400 Subject: [PATCH 1/1] Windows: Race between NonCached and Cached Writes The following race was identified by Rod Widdowson. A. File is complete up to 1000 Eof=1000, VDL=1000 B. File Eof is set to 2000. Eof=2000, VDL=1000 (SetInfo doesn't move VDL) C. Locks dropped. Thread1) Write comes in for 1000 for 500. This is not extending. Locks taken shared. Thread1) Data Written to Server. Thread stalls. Thread2) Read comes in for 1000 for 1000. Locks taken shared so it proceeds. Thread2) CcRead calls CcZero and so the cache get zeros from 1000 to 2000 Thread1) VDL moves forward. The windows cache is now poisoned between 1000 and 1500 and protected by the VDL. Any future reads gets the wrong data and any write to that part will cause an overwrite of zeros. Instead of holding the Fcb->NPFcb->Resource and Fcb->NPFcb->SectionObjectResource shared during a NonCached write, hold it exclusive because the write is occurring behind the back of the windows cache. Change-Id: I2244e1247dcee2c3ca0d95e6ee11de3187d491c5 Reviewed-on: http://gerrit.openafs.org/9754 Tested-by: BuildBot Reviewed-by: Rod Widdowson Reviewed-by: Peter Scott Reviewed-by: Jeffrey Altman --- src/WINNT/afsrdr/kernel/lib/AFSWrite.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/WINNT/afsrdr/kernel/lib/AFSWrite.cpp b/src/WINNT/afsrdr/kernel/lib/AFSWrite.cpp index e7e3ed9..dbe4f75 100644 --- a/src/WINNT/afsrdr/kernel/lib/AFSWrite.cpp +++ b/src/WINNT/afsrdr/kernel/lib/AFSWrite.cpp @@ -516,7 +516,7 @@ AFSCommonWrite( IN PDEVICE_OBJECT DeviceObject, (liStartingByte.LowPart == FILE_WRITE_TO_END_OF_FILE && liStartingByte.HighPart == -1)) ; - if( bExtendingWrite) + if( bExtendingWrite || bNonCachedIo) { // // Check for lock inversion -- 1.9.4