Date: Mon, 26 May 2008 16:30:45 +0300 From: Kostik Belousov <kostikbel@gmail.com> To: Andrew Edwards <aedwards@sandvine.com> Cc: freebsd-net@freebsd.org Subject: Re: panic in nfsd in freebsd7-release and -stable Message-ID: <20080526133045.GJ21317@deviant.kiev.zoral.com.ua> In-Reply-To: <5230D3C40B842D4F9FB3CD368021BEF7020107F1@exchange-2.sandvine.com> References: <5230D3C40B842D4F9FB3CD368021BEF7020107F1@exchange-2.sandvine.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--q5r20fdKX+PFtYHw
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Sun, May 25, 2008 at 09:28:36PM -0400, Andrew Edwards wrote:
> I have a system that was running some version of redhat (I don't
> remember now) and I upgraded it to freebsd7 and I would get an immediate
> panic when nfsd is started. I then updated to 7-stable (on May 24th)
> and built a new kerenl and userland and the panic continued.=20
>=20
> This was happening 100% of the time whenever nfsd is started but what I
> later discovered was that because I had used the same IP's as the linux
> host there were some systems that still had a filesystem mounted from
> before the conversion. I put in an ipfw rule to block those hosts and
> then I was able to start nfsd without crashing and then create new
> mounts. I have been able to work-around the issue by forcing all of the
> servers that were mounting from the linux os to remount, I am only
> including this information just in case someone else runs into a similar
> problem.
>=20
> Thanks,
> Andrew
>=20
> Here's the backtrace
>=20
> Fatal trap 12: page fault while in kernel mode
> cpuid =3D 1; apic id =3D 06
> fault virtual address =3D 0x18
> fault code =3D supervisor read, page not present
> instruction pointer =3D 0x20:0xc06ce915
> stack pointer =3D 0x28:0xe8f32a48
> frame pointer =3D 0x28:0xe8f32a64
> code segment =3D base 0x0, limit 0xfffff, type 0x1b
> =3D DPL 0, pres 1, def32 1, gran 1
> processor eflags =3D resume, IOPL =3D 0
> current process =3D 755 (nfsd)
> trap number =3D 12
> panic: page fault
> cpuid =3D 1
> Uptime: 40m22s
> Physical memory: 3318 MB
> Dumping 93 MB: 78 62 46 30 14
>=20
> #0 doadump () at pcpu.h:195
> 195 pcpu.h: No such file or directory.
> in pcpu.h
> (kgdb) bt
> #0 doadump () at pcpu.h:195
> #1 0xc069a917 in boot (howto=3D260) at
> /usr/src/sys/kern/kern_shutdown.c:418
> #2 0xc069ac13 in panic (fmt=3DVariable "fmt" is not available.
> ) at /usr/src/sys/kern/kern_shutdown.c:572
> #3 0xc0926763 in trap_fatal (frame=3D0xe8f32a08, eva=3D24)
> at /usr/src/sys/i386/i386/trap.c:899
> #4 0xc09270ff in trap (frame=3D0xe8f32a08) at
> /usr/src/sys/i386/i386/trap.c:280
> #5 0xc090c84b in calltrap () at /usr/src/sys/i386/i386/exception.s:139
> #6 0xc06ce915 in turnstile_broadcast (ts=3D0x0, queue=3D0)
> at /usr/src/sys/kern/subr_turnstile.c:835
> #7 0xc068d292 in _mtx_unlock_sleep (m=3D0xc0a47e10, opts=3D0, file=3D0x0,
> line=3D0)
> at /usr/src/sys/kern/kern_mutex.c:611
> #8 0xc0849b79 in nfsrv3_access (nfsd=3D0xc6ba5d00, slp=3D0xc6b7f700,
> td=3D0xc6856c60, mrq=3D0xe8f32c58) at
> /usr/src/sys/nfsserver/nfs_serv.c:253
> #9 0xc085bc71 in nfssvc (td=3D0xc6856c60, uap=3D0xe8f32cfc)
> at /usr/src/sys/nfsserver/nfs_syscalls.c:461
> #10 0xc0926d35 in syscall (frame=3D0xe8f32d38)
> at /usr/src/sys/i386/i386/trap.c:1035
> #11 0xc090c8b0 in Xint0x80_syscall ()
> at /usr/src/sys/i386/i386/exception.s:196
> #12 0x00000033 in ?? ()
Please, test the change below.
The nfsm_srvmtofh() may execute nfsm_reply(), that contains the goto nfsmou=
t.
Since the code under the label includes conditional unlock of the Giant,
vfslocked must be initialized prior to the nfsm_srvmtofh. I found three
ommissions.
The patch also contains the removal of the duplicated code for the rev. 1.1=
79.
diff --git a/sys/nfsserver/nfs_serv.c b/sys/nfsserver/nfs_serv.c
index 5343627..6e716e4 100644
--- a/sys/nfsserver/nfs_serv.c
+++ b/sys/nfsserver/nfs_serv.c
@@ -210,6 +210,7 @@ nfsrv3_access(struct nfsrv_descript *nfsd, struct nfssv=
c_sock *slp,
nfsdbprintf(("%s %d\n", __FILE__, __LINE__));
if (!v3)
panic("nfsrv3_access: v3 proc called on a v2 connection");
+ vfslocked =3D 0;
fhp =3D &nfh.fh_generic;
nfsm_srvmtofh(fhp);
tl =3D nfsm_dissect_nonblock(u_int32_t *, NFSX_UNSIGNED);
@@ -1285,6 +1286,7 @@ nfsrv_writegather(struct nfsrv_descript **ndp, struct=
nfssvc_sock *slp,
i =3D 0;
len =3D 0;
#endif
+ vfslocked =3D 0;
*mrq =3D NULL;
if (*ndp) {
nfsd =3D *ndp;
@@ -2146,7 +2148,7 @@ nfsrv_remove(struct nfsrv_descript *nfsd, struct nfss=
vc_sock *slp,
nfsfh_t nfh;
fhandle_t *fhp;
struct mount *mp =3D NULL;
- int vfslocked, vfslocked1;
+ int vfslocked;
=20
nfsdbprintf(("%s %d\n", __FILE__, __LINE__));
ndclear(&nd);
@@ -2168,11 +2170,7 @@ nfsrv_remove(struct nfsrv_descript *nfsd, struct nfs=
svc_sock *slp,
nd.ni_cnd.cn_flags =3D LOCKPARENT | LOCKLEAF | MPSAFE;
error =3D nfs_namei(&nd, fhp, len, slp, nam, &md, &dpos,
&dirp, v3, &dirfor, &dirfor_ret, td, FALSE);
- vfslocked1 =3D NDHASGIANT(&nd);
- if (vfslocked && vfslocked1)
- VFS_UNLOCK_GIANT(vfslocked1);
- if (vfslocked || vfslocked1)
- vfslocked =3D 1;
+ vfslocked =3D nfsrv_lockedpair_nd(vfslocked, &nd);
if (dirp && !v3) {
vrele(dirp);
dirp =3D NULL;
@@ -4132,6 +4130,7 @@ nfsrv_pathconf(struct nfsrv_descript *nfsd, struct nf=
ssvc_sock *slp,
nfsdbprintf(("%s %d\n", __FILE__, __LINE__));
if (!v3)
panic("nfsrv_pathconf: v3 proc called on a v2 connection");
+ vfslocked =3D 0;
fhp =3D &nfh.fh_generic;
nfsm_srvmtofh(fhp);
error =3D nfsrv_fhtovp(fhp, 1, &vp, &vfslocked, cred, slp,
--q5r20fdKX+PFtYHw
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (FreeBSD)
iEYEARECAAYFAkg6u4QACgkQC3+MBN1Mb4gT4wCfcI9peb/61zU5j2zYzVzhOPIr
r8IAoJQpHmZq2FiQ02R4fiDxJ+bLaY94
=DM3s
-----END PGP SIGNATURE-----
--q5r20fdKX+PFtYHw--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080526133045.GJ21317>