Date: Fri, 26 Oct 2012 09:44:54 GMT From: Steven Hartland <steven.hartland@multiplay.co.uk> To: freebsd-gnats-submit@FreeBSD.org Subject: misc/173120: jail delete causes panic (patch included) Message-ID: <201210260944.q9Q9isc6086368@red.freebsd.org> Resent-Message-ID: <201210260950.q9Q9o0xP087119@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 173120 >Category: misc >Synopsis: jail delete causes panic (patch included) >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Oct 26 09:50:00 UTC 2012 >Closed-Date: >Last-Modified: >Originator: Steven Hartland >Release: 8.3-RELEASE >Organization: Multiplay >Environment: FreeBSD dev 8.3-RELEASE-p4 FreeBSD 8.3-RELEASE-p4 #22: Mon Sep 17 17:18:32 UTC 2012 root@dev:/usr/obj/usr/src/sys/MULTIPLAY amd64 >Description: Stopping / starting a jail "can" cause kernel panic due to incorrect pr_uref accounting. An old discussion on this issue can be found in the following thread:- http://lists.freebsd.org/pipermail/freebsd-jail/2011-August/001623.html >How-To-Repeat: Stop and start jails a lot, its not a regular occurrence but with hundreds of start / stops panics do occur. >Fix: Apply the attached patch. We've been running this for over a year now on highly hundreds of active jail machines and not single panic since apply the patch. Patch attached with submission follows: Fix panic on jail delete --- sys/kern/kern_jail.c.orig 2011-08-20 21:17:14.856618854 +0100 +++ sys/kern/kern_jail.c 2011-08-21 01:56:58.429894825 +0100 @@ -2449,27 +2449,16 @@ mtx_lock(&pr->pr_mtx); /* Decrement the user references in a separate loop. */ if (flags & PD_DEUREF) { - for (tpr = pr;; tpr = tpr->pr_parent) { - if (tpr != pr) - mtx_lock(&tpr->pr_mtx); - if (--tpr->pr_uref > 0) - break; - KASSERT(tpr != &prison0, ("prison0 pr_uref=0")); - mtx_unlock(&tpr->pr_mtx); - } + pr->pr_uref--; /* Done if there were only user references to remove. */ if (!(flags & PD_DEREF)) { - mtx_unlock(&tpr->pr_mtx); + mtx_unlock(&pr->pr_mtx); if (flags & PD_LIST_SLOCKED) sx_sunlock(&allprison_lock); else if (flags & PD_LIST_XLOCKED) sx_xunlock(&allprison_lock); return; } - if (tpr != pr) { - mtx_unlock(&tpr->pr_mtx); - mtx_lock(&pr->pr_mtx); - } } for (;;) { @@ -2525,6 +2514,8 @@ /* Removing a prison frees a reference on its parent. */ pr = ppr; mtx_lock(&pr->pr_mtx); + /* Ensure user reference added on create is removed */ + pr->pr_uref--; flags = PD_DEREF; } } >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201210260944.q9Q9isc6086368>