From owner-freebsd-stable@FreeBSD.ORG  Mon Nov 24 09:57:01 2008
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@FreeBSD.ORG
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 329F81065673;
	Mon, 24 Nov 2008 09:57:01 +0000 (UTC)
	(envelope-from ganbold@micom.mng.net)
Received: from publicd.ub.mng.net (publicd.ub.mng.net [202.179.0.88])
	by mx1.freebsd.org (Postfix) with ESMTP id B5C718FC08;
	Mon, 24 Nov 2008 09:57:00 +0000 (UTC)
	(envelope-from ganbold@micom.mng.net)
Received: from [202.179.0.164] (helo=daemon.micom.mng.net)
	by publicd.ub.mng.net with esmtpa (Exim 4.69 (FreeBSD))
	(envelope-from <ganbold@micom.mng.net>)
	id 1L4YBe-000DcY-Hk; Mon, 24 Nov 2008 17:56:58 +0800
Message-ID: <492A7A6A.7020104@micom.mng.net>
Date: Mon, 24 Nov 2008 17:56:58 +0800
From: Ganbold <ganbold@micom.mng.net>
User-Agent: Thunderbird 2.0.0.12 (X11/20080415)
MIME-Version: 1.0
To: freebsd-stable@FreeBSD.ORG
References: <4922906D.4060805@micom.mng.net> <492508C6.3090005@micom.mng.net>
In-Reply-To: <492508C6.3090005@micom.mng.net>
X-Enigmail-Version: 0.95.6
OpenPGP: id=78F6425E
Content-Type: multipart/mixed; boundary="------------010207050105030500040702"
Cc: Kostik Belousov <kostikbel@gmail.com>, kib@FreeBSD.org
Subject: Re: shutdown -p now crashes
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Nov 2008 09:57:01 -0000

This is a multi-part message in MIME format.
--------------010207050105030500040702
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

Ganbold wrote:
> (kgdb) p *fsrootvp
> $3 = {v_type = VDIR, v_tag = 0xc0864e51 "ufs", v_op = 0xc0926280, 
> v_data = 0xc3e5d000, v_mount = 0xc3e56b30, v_nmntvnodes = {tqe_next = 
> 0xc3d119b4,
>    tqe_prev = 0xc3e56b98}, v_un = {vu_mount = 0x0, vu_socket = 0x0, 
> vu_cdev = 0x0, vu_fifoinfo = 0x0, vu_yield = 0}, v_hashlist = {le_next 
> = 0x0,
>    le_prev = 0xc3d09da0}, v_hash = 2, v_cache_src = {lh_first = 0x0}, 
> v_cache_dst = {tqh_first = 0x0, tqh_last = 0xc3d11af8}, v_dd = 0x0, 
> v_cstart = 0,
>  v_lasta = 0, v_lastw = 0, v_clen = 0, v_lock = {lk_object = {lo_name 
> = 0xc0864e51 "ufs", lo_type = 0xc0864e51 "ufs", lo_flags = 70844416,
>      lo_witness_data = {lod_list = {stqe_next = 0x0}, lod_witness = 
> 0x0}}, lk_interlock = 0xc0956510, lk_flags = 262208, lk_sharecount = 0,
>    lk_waitcount = 0, lk_exclusivecount = 1, lk_prio = 80, lk_timo = 
> 51, lk_lockholder = 0xc3b31d20, lk_newlock = 0x0}, v_interlock = 
> {lock_object = {
>      lo_name = 0xc086fb51 "vnode interlock", lo_type = 0xc086fb51 
> "vnode interlock", lo_flags = 16973824, lo_witness_data = {lod_list = 
> {stqe_next = 0x0},
>        lod_witness = 0x0}}, mtx_lock = 3283295520, mtx_recurse = 0}, 
> v_vnlock = 0xc3d11b20, v_holdcnt = 2, v_usecount = 0, v_iflag = 0, 
> v_vflag = 1,
>  v_writecount = 0, v_freelist = {tqe_next = 0x0, tqe_prev = 0x0}, 
> v_bufobj = {bo_mtx = 0xc3d11b50, bo_clean = {bv_hd = {tqh_first = 
> 0xe3d02594,
>        tqh_last = 0xe3d025cc}, bv_root = 0xe3d02594, bv_cnt = 1}, 
> bo_dirty = {bv_hd = {tqh_first = 0x0, tqh_last = 0xc3d11b9c}, bv_root 
> = 0x0,
>      bv_cnt = 0}, bo_numoutput = 0, bo_flag = 0, bo_ops = 0xc091ae00, 
> bo_bsize = 16384, bo_object = 0xc106183c, bo_synclist = {le_next = 0x0,
>      le_prev = 0x0}, bo_private = 0xc3d11ac8, __bo_vnode = 
> 0xc3d11ac8}, v_pollinfo = 0x0, v_label = 0x0, v_lockf = 0x0}
> (kgdb) p rootvnode
> $4 = (struct vnode *) 0x0
> (kgdb) p *rootvnode
> Cannot access memory at address 0x0
> (kgdb)
>
>

Konstantin,

I have tried your patch. It seems like it is working, tried "shutdown -p 
now"
2 times and my RELENG_7 didn't crash after using zfs/geli external HDD 
via USB.
Attached patches are for RELENG_7 (small modifications made in order to 
apply to RELENG_7).

thanks a lot,

Ganbold


-- 
If you think education is expensive, try ignorance. -- Derek Bok, 
president of Harvard

--------------010207050105030500040702
Content-Type: text/plain;
 name="opensolaris_kobj.c.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="opensolaris_kobj.c.patch"

--- opensolaris_kobj.c~	2008-04-17 09:23:29.000000000 +0800
+++ opensolaris_kobj.c	2008-11-24 14:28:01.000000000 +0800
@@ -67,17 +67,25 @@
 kobj_open_file_vnode(const char *file)
 {
 	struct thread *td = curthread;
+	struct filedesc *fd;
 	struct nameidata nd;
 	int error, flags;
 
-	if (td->td_proc->p_fd->fd_rdir == NULL)
-		td->td_proc->p_fd->fd_rdir = rootvnode;
-	if (td->td_proc->p_fd->fd_cdir == NULL)
-		td->td_proc->p_fd->fd_cdir = rootvnode;
+	fd = td->td_proc->p_fd;
+	FILEDESC_XLOCK(fd);
+	if (fd->fd_rdir == NULL) {
+		fd->fd_rdir = rootvnode;
+		vref(fd->fd_rdir);
+	}
+	if (fd->fd_cdir == NULL) {
+		fd->fd_cdir = rootvnode;
+		vref(fd->fd_cdir);
+	}
+	FILEDESC_XUNLOCK(fd);
 
 	flags = FREAD;
-	NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_SYSSPACE, file, td);
-	error = vn_open_cred(&nd, &flags, 0, td->td_ucred, NULL);
+	NDINIT(&nd, LOOKUP, MPSAFE, UIO_SYSSPACE, file, td);
+	error = vn_open_cred(&nd, &flags, O_NOFOLLOW, td->td_ucred, NULL);
 	NDFREE(&nd, NDF_ONLY_PNBUF);
 	if (error != 0)
 		return (NULL);
@@ -122,12 +130,15 @@
 	struct thread *td = curthread;
 	struct vattr va;
 	int error;
-
+	int vfslocked;
+ 
+	vfslocked = VFS_LOCK_GIANT(vp->v_mount);
 	vn_lock(vp, LK_SHARED | LK_RETRY, td);
 	error = VOP_GETATTR(vp, &va, td->td_ucred, td);
 	VOP_UNLOCK(vp, 0, td);
 	if (error == 0)
 		*size = (uint64_t)va.va_size;
+	VFS_UNLOCK_GIANT(vfslocked);
 	return (error);
 }
 
@@ -161,6 +172,7 @@
 	struct uio auio;
 	struct iovec aiov;
 	int error;
+	int vfslocked;
 
 	bzero(&aiov, sizeof(aiov));
 	bzero(&auio, sizeof(auio));
@@ -176,9 +188,11 @@
 	auio.uio_resid = size;
 	auio.uio_td = td;
 
+	vfslocked = VFS_LOCK_GIANT(vp->v_mount);
 	vn_lock(vp, LK_SHARED | LK_RETRY, td);
 	error = VOP_READ(vp, &auio, IO_UNIT | IO_SYNC, td->td_ucred);
 	VOP_UNLOCK(vp, 0, td);
+	VFS_UNLOCK_GIANT(vfslocked);
 	return (error != 0 ? -1 : size - auio.uio_resid);
 }
 
@@ -213,8 +227,11 @@
 		struct vnode *vp = file->ptr;
 		struct thread *td = curthread;
 		int flags = FREAD;
-
+		int vfslocked;
+ 
+		vfslocked = VFS_LOCK_GIANT(vp->v_mount);
 		vn_close(vp, flags, td->td_ucred, td);
+		VFS_UNLOCK_GIANT(vfslocked);
 	}
 	kmem_free(file, sizeof(*file));
 }

--------------010207050105030500040702
Content-Type: text/plain;
 name="vnode.h.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="vnode.h.patch"

--- vnode.h~	2008-04-17 09:23:30.000000000 +0800
+++ vnode.h	2008-11-24 14:33:13.000000000 +0800
@@ -156,6 +156,7 @@
     vnode_t **vpp, enum create crwhy, mode_t umask)
 {
 	struct thread *td = curthread;
+	struct filedesc *fdc;
 	struct nameidata nd;
 	int error;
 
@@ -164,12 +165,20 @@
 	ASSERT(crwhy == CRCREAT);
 	ASSERT(umask == 0);
 
-	if (td->td_proc->p_fd->fd_rdir == NULL)
-		td->td_proc->p_fd->fd_rdir = rootvnode;
-	if (td->td_proc->p_fd->fd_cdir == NULL)
-		td->td_proc->p_fd->fd_cdir = rootvnode;
+	fdc = td->td_proc->p_fd;
+	FILEDESC_XLOCK(fdc);
+	if (fdc->fd_rdir == NULL) {
+		fdc->fd_rdir = rootvnode;
+		vref(fdc->fd_rdir);
+	}
+	if (fdc->fd_cdir == NULL) {
+		fdc->fd_cdir = rootvnode;
+		vref(fdc->fd_rdir);
+	}
+	FILEDESC_XUNLOCK(fdc);
 
-	NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_SYSSPACE, pnamep, td);
+	NDINIT(&nd, LOOKUP, MPSAFE, UIO_SYSSPACE, pnamep, td);
+	filemode |= O_NOFOLLOW;
 	error = vn_open_cred(&nd, &filemode, createmode, td->td_ucred, NULL);
 	NDFREE(&nd, NDF_ONLY_PNBUF);
 	if (error == 0) {

--------------010207050105030500040702--