From owner-freebsd-current@FreeBSD.ORG  Mon Nov  3 21:03:55 2008
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id C58C51065672;
	Mon,  3 Nov 2008 21:03:55 +0000 (UTC) (envelope-from jhb@freebsd.org)
Received: from server.baldwin.cx (bigknife-pt.tunnel.tserv9.chi1.ipv6.he.net
	[IPv6:2001:470:1f10:75::2])
	by mx1.freebsd.org (Postfix) with ESMTP id 4ED0B8FC12;
	Mon,  3 Nov 2008 21:03:55 +0000 (UTC) (envelope-from jhb@freebsd.org)
Received: from localhost.corp.yahoo.com (john@localhost [IPv6:::1])
	(authenticated bits=0)
	by server.baldwin.cx (8.14.3/8.14.3) with ESMTP id mA3L3mHm092949;
	Mon, 3 Nov 2008 16:03:49 -0500 (EST) (envelope-from jhb@freebsd.org)
From: John Baldwin <jhb@freebsd.org>
To: "Attilio Rao" <attilio@freebsd.org>
Date: Mon, 3 Nov 2008 14:58:42 -0500
User-Agent: KMail/1.9.7
References: <20081102123100.GA1434@darklight.homeunix.org>
	<3bbf2fe10811020737g211dfb3fs54b48e4071db2393@mail.gmail.com>
	<3bbf2fe10811020817g1409a38ep26c1ee8edf075201@mail.gmail.com>
In-Reply-To: <3bbf2fe10811020817g1409a38ep26c1ee8edf075201@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="utf-8"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200811031458.42549.jhb@freebsd.org>
X-Greylist: Sender succeeded SMTP AUTH authentication, not delayed by
	milter-greylist-2.0.2 (server.baldwin.cx [IPv6:::1]);
	Mon, 03 Nov 2008 16:03:49 -0500 (EST)
X-Virus-Scanned: ClamAV 0.93.1/8560/Mon Nov 3 14:20:13 2008 on
	server.baldwin.cx
X-Virus-Status: Clean
X-Spam-Status: No, score=-2.6 required=4.2 tests=BAYES_00,NO_RELAYS 
	autolearn=ham version=3.1.3
X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on server.baldwin.cx
Cc: Yuri Pankov <yuri.pankov@gmail.com>, freebsd-fs@freebsd.org,
	freebsd-current@freebsd.org, developers@freebsd.org
Subject: Re: reproducible panic with mount_smbfs
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Nov 2008 21:03:55 -0000

On Sunday 02 November 2008 11:17:18 am Attilio Rao wrote:
> 2008/11/2, Attilio Rao <attilio@freebsd.org>:
> > 2008/11/2, Yuri Pankov <yuri.pankov@gmail.com>:
> >
> > > Hi,
> >  >
> >  >  Trying to mount nonexistent smb share with mount_smbfs leads to
> >  >  following panic:
> >  >
> >  >  # mount_smbfs //yuri@lifebane/blahblah /mnt
> >  >
> >  >  Unread portion of the kernel message buffer:
> >  >  smb_co_lock: recursive lock for object 1
> >  >  panic: Lock (lockmgr) smb_vc not locked @
> >  >  /usr/src/sys/modules/smbfs/../../netsmb/smb_conn.c:329.
> >  >  cpuid = 0
> >  >  KDB: stack backtrace:
> >  >  db_trace_self_wrapper() at db_trace_self_wrapper+0x2a
> >  >  panic() at panic+0x182
> >  >  witness_assert() at witness_assert+0x21a
> >  >  __lockmgr_args() at __lockmgr_args+0x17a
> >  >  smb_co_put() at smb_co_put+0x76
> >  >  smb_sm_lookup() at smb_sm_lookup+0xfe
> >  >  smb_usr_lookup() at smb_usr_lookup+0xcd
> >  >  nsmb_dev_ioctl() at nsmb_dev_ioctl+0x1f6
> >  >  giant_ioctl() at giant_ioctl+0x75
> >  >  devfs_ioctl_f() at devfs_ioctl_f+0x76
> >  >  kern_ioctl() at kern_ioctl+0x92
> >  >  ioctl() at ioctl+0xfd
> >  >  syscall() at syscall+0x1bf
> >  >  Xfast_syscall() at Xfast_syscall+0xab
> >  >  --- syscall (54, FreeBSD ELF64, ioctl), rip = 0x800939aec, rsp =
> >  >  0x7fffffffe038, rbp = 0x7fffffffe450 ---
> >  >  Uptime: 6m46s
> >  >  Physical memory: 2032 MB
> >
> >
> > So, what is happening here is that smb_co_lock() is AFU.
> >  Infact looking at the code:
> >  int
> >  smb_co_lock(struct smb_connobj *cp, int flags, struct thread *td)
> >  {
> >  ...
> >         if (smb_co_lockstatus(cp, td) == LK_EXCLUSIVE &&
> >             (flags & LK_CANRECURSE) == 0) {
> >                 SMBERROR("recursive lock for object %d\n", cp->co_level);
> >                 return 0;
> >         }
> >  ...
> 
> Yuri,
> could you please test this fix:
> http://www.freebsd.org/~attilio/netsmb.diff
> 
> and report if it works?
> You could get a KASSERT running but this is expected as I want to
> identify on the callers who passes a malformed request and fix it.

This allows all smb locks to recurse unlike the original code I think.  It may 
be better if smb_vclist was initialized with LK_RECURSE, but not all the 
other smb locks.  Also, in smb_co_addchild() I think you should just replace 
the existing asserts with appropriate lockmgr_assert() (you could add a 
smb_co_assert() to preserve the layering) rather than removing assertions 
altogether.

-- 
John Baldwin