Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 14 Aug 2009 11:04:54 -0400
From:      Andrew Gallatin <gallatin@cs.duke.edu>
To:        freebsd-current@freebsd.org
Subject:   clone_cleanup() doesn't
Message-ID:  <4A857D16.9070403@cs.duke.edu>

next in thread | raw e-mail | index | archive | help
I've been porting a closed-source driver to FreeBSD 8 from
FreeBSD 5/6/7. It use the dev_clone() eventhandler to mimic linux-like
open semantics (for linux binary compat).

 From the eventhandler, I do:

   fake_unit = -1;
   i = clone_create(&mx_clones, &mx_cdevsw, &fake_unit, cdev, 0);

   if (i) {
     /* need to allocate a new /dev/mx_fake.%d device node */
     *cdev = make_dev(&mx_cdevsw, unit2minor(fake_unit),
		    UID_ROOT, GID_WHEEL,
		    mode, "mx_fake.%d", fake_unit);
   }

This has worked fine from 5.x through 7.x,
but in 8.x, the /dev/mx_fake.* devices persist after
unload.  If anything attempts to access them, the machine
falls over (trace appended).

I'm assuming these files are lingering because clone_cleanup()
(called at device detach) is not cleaning up these lingering
device nodes.  I've tried writing a dtrace script to trace
clone_cleanup.  But since that happens from device detach,
dtrace doesn't work (blocks driver unload).  I've also tried
setting a breakpoint in ddb(), but the breakpoint seems to
be ignored (other breakpoints work fine, which is odd).

What changed between 7.x and 8 with respect to device cloning?

BTW, is there any easier option now in 8.x?

Thanks,

Drew

Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address   = 0xffffffff81528a64
fault code              = supervisor read data, page not present
instruction pointer     = 0x20:0xffffffff8052f009
stack pointer           = 0x28:0xffffff8018a75730
frame pointer           = 0x28:0xffffff8018a757a0
code segment            = base 0x0, limit 0xfffff, type 0x1b
                         = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 18087 (cat)
[thread pid 18087 tid 100061 ]
Stopped at      devfs_open+0x69:        testb   $0x4,0x4(%rax)
db> bt
Tracing pid 18087 tid 100061 td 0xffffff000188bab0
devfs_open() at devfs_open+0x69
VOP_OPEN_APV() at VOP_OPEN_APV+0x44
vn_open_cred() at vn_open_cred+0x2f4
kern_openat() at kern_openat+0x179
syscall() at syscall+0x28f
Xfast_syscall() at Xfast_syscall+0xd0
--- syscall (5, FreeBSD ELF64, open), rip = 0x8007272ac, rsp = 
0x7fffffffe0d8, rbp = 0 ---
db>
Tracing pid 18087 tid 100061 td 0xffffff000188bab0
devfs_open() at devfs_open+0x69
VOP_OPEN_APV() at VOP_OPEN_APV+0x44
vn_open_cred() at vn_open_cred+0x2f4
kern_openat() at kern_openat+0x179
syscall() at syscall+0x28f
Xfast_syscall() at Xfast_syscall+0xd0
--- syscall (5, FreeBSD ELF64, open), rip = 0x8007272ac, rsp = 
0x7fffffffe0d8, rbp = 0 ---



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4A857D16.9070403>