Date: Wed, 11 Aug 1999 03:40:02 -0700 (PDT) From: <jkoshy@FreeBSD.org> To: freebsd-bugs@FreeBSD.org Subject: Re: kern/10959: 3.1-STABLE crashes due to a floppy mount problem Message-ID: <199908111040.DAA09550@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR kern/10959; it has been noted by GNATS.
From: <jkoshy@FreeBSD.org>
To: freebsd-gnats-submit@freebsd.org
Cc: ulianov@ns.csm.ro
Subject: Re: kern/10959: 3.1-STABLE crashes due to a floppy mount problem
Date: Wed, 11 Aug 1999 03:31:15 -0700 (PDT)
I took a stab at reproducing and analysing this PR. The good news is
that the problem is reproducible in -current.
Analysis:
[ mount a write-protected DOS floppy as read/write,
attempt to create some file,
unmount floppy
]
The unmount operation fails as the floppy is write protected and writes
are not permitted. Consequently some dirty buffers remain around. However,
`msdosfs_unmount()' will unconditionally set the `mnt_data' field of
the mount structure to 0, ignoring the error return from `VOP_CLOSE()'.
"/sys/msdosfs/msdosfs_vfsops.c"
805 error = VOP_CLOSE(pmp->pm_devvp,
806 (pmp->pm_flags&MSDOSFSMNT_RONLY) ? FREAD : FREAD | FWRITE,
807 NOCRED, p);
[...]
811 mp->mnt_data = (qaddr_t)0;
812 mp->mnt_flag &= ~MNT_LOCAL;
Later, the syncer process comes around and tries to write the dirty
buffers back. At this point, the `mnt_data' field of the mount
structure has already been zero'ed.
(kgdb) bt
#0 msdosfs_sync (mp=0xc08b7a00, waitfor=3, cred=0xc05a4880, p=0xc5d328e0)
at ../../msdosfs/msdosfs_vfsops.c:881
#1 0xc0177414 in sync_fsync (ap=0xc5d40f88) at ../../kern/vfs_subr.c:2901
#2 0xc017545c in sched_sync () at vnode_if.h:499
#3 0xc020d7a4 in fork_trampoline ()
Cannot access memory at address 0x318000.
(kgdb) p mp->mnt_data
$38 = 0x0
"/sys/msdosfs/msdosfs_vfsops.c"
879 struct denode *dep;
880 struct msdosfsmount *pmp = VFSTOMSDOSFS(mp);
881 int error, allerror = 0;
`pmp' thus is zero and the kernel panics when a deference through it
is attempted at line 887.
887 if (pmp->pm_fmod != 0) {
888 if (pmp->pm_flags & MSDOSFSMNT_RONLY) ...
Questions:
(a) at what point should we attempt to detect read-only media?
(b) how do we ensure that a (forced?) unmount really scrubs all the
buffers that are associated with the device being unmounted?
Regards,
Koshy
<jkoshy@freebsd.org>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199908111040.DAA09550>