From owner-freebsd-hackers Mon Sep 18 14:00:11 1995 Return-Path: owner-hackers Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id OAA02320 for hackers-outgoing; Mon, 18 Sep 1995 14:00:11 -0700 Received: from phaeton.artisoft.com (phaeton.Artisoft.COM [198.17.250.211]) by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id OAA02315 ; Mon, 18 Sep 1995 14:00:02 -0700 Received: (from terry@localhost) by phaeton.artisoft.com (8.6.11/8.6.9) id NAA08583; Mon, 18 Sep 1995 13:57:50 -0700 From: Terry Lambert Message-Id: <199509182057.NAA08583@phaeton.artisoft.com> Subject: Re: why is this not a bug in namei? To: julian@freefall.freebsd.org (Julian Elischer) Date: Mon, 18 Sep 1995 13:57:49 -0700 (MST) Cc: hackers@freefall.freebsd.org In-Reply-To: <199509180640.XAA05368@freefall.freebsd.org> from "Julian Elischer" at Sep 17, 95 11:40:19 pm X-Mailer: ELM [version 2.4 PL24] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Length: 1952 Sender: owner-hackers@FreeBSD.org Precedence: bulk [ ... buffer layering violation in the file system code ... ] > if HASBUF was set, we have freed something we didn't allocate.. > (whenever we get an error, by the looks of it..) > > luckily I can't actually see anywhere that HASBUF is used > (can anyone?) but it looks wrong to me... ufs_abortop uses it to determine freeing the buffer. Basically, any of the VOP_ABORTOP() file system layer calls implement this. Much of the DIAGNOSTIC code in the file systems uses this flag to cause animplied free of the buffer in case of failure or success. Lot of garbage code there. There is also SAVENAME and SAVESTART. SAVENAME and SAVESTART causes the HASBUF to be set after namei() because of the namei() not freeing the internal lookup buffer. A CREATE or RENAME operation implies a SAVENAME (this should be explicit in the NDINIT() instead of being in the per FS code, but is not). I have patches for all but the NFS server at this point that clean up this layering fiasco, though they leave the imply operation in the CREATE/RENAME case. The patches happen to modify vfs_syscalls.c for single entry/exit for all functions at the same time, something that was required for buffer allocation bookkeeping and wants to be done for kernel multithreading and SMP kernel reentrancy in any case. The patches explicitly free the buffer with a new call called nameifree() which takes the (struct nameidata *) argument that was passed to the original namei() call -- this instead of an implied free anywhere. The NFS stuff will take me some time to sort through. I'd rather put it off on someone else, actually. 8-). Volunteers? I'll send you my patches if you'll do the NFS changes. I have been running a stable system under regression for a week on the modified code with no problems and no memory leaks. Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers.