From owner-svn-src-stable-7@FreeBSD.ORG  Tue Nov  4 16:59:59 2008
Return-Path: <owner-svn-src-stable-7@FreeBSD.ORG>
Delivered-To: svn-src-stable-7@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 5C6271065677;
	Tue,  4 Nov 2008 16:59:59 +0000 (UTC)
	(envelope-from kostikbel@gmail.com)
Received: from mail.terabit.net.ua (mail.terabit.net.ua [195.137.202.147])
	by mx1.freebsd.org (Postfix) with ESMTP id DEA9D8FC26;
	Tue,  4 Nov 2008 16:59:58 +0000 (UTC)
	(envelope-from kostikbel@gmail.com)
Received: from skuns.zoral.com.ua ([91.193.166.194] helo=mail.zoral.com.ua)
	by mail.terabit.net.ua with esmtps (TLSv1:AES256-SHA:256)
	(Exim 4.63 (FreeBSD)) (envelope-from <kostikbel@gmail.com>)
	id 1KxPG0-000I3l-70; Tue, 04 Nov 2008 18:59:56 +0200
Received: from deviant.kiev.zoral.com.ua (root@deviant.kiev.zoral.com.ua
	[10.1.1.148])
	by mail.zoral.com.ua (8.14.2/8.14.2) with ESMTP id mA4Gxqox023489
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
	Tue, 4 Nov 2008 18:59:52 +0200 (EET)
	(envelope-from kostikbel@gmail.com)
Received: from deviant.kiev.zoral.com.ua (kostik@localhost [127.0.0.1])
	by deviant.kiev.zoral.com.ua (8.14.3/8.14.3) with ESMTP id
	mA4Gxq0r051649; Tue, 4 Nov 2008 18:59:52 +0200 (EET)
	(envelope-from kostikbel@gmail.com)
Received: (from kostik@localhost)
	by deviant.kiev.zoral.com.ua (8.14.3/8.14.3/Submit) id mA4GxqNT051648; 
	Tue, 4 Nov 2008 18:59:52 +0200 (EET)
	(envelope-from kostikbel@gmail.com)
X-Authentication-Warning: deviant.kiev.zoral.com.ua: kostik set sender to
	kostikbel@gmail.com using -f
Date: Tue, 4 Nov 2008 18:59:51 +0200
From: Kostik Belousov <kostikbel@gmail.com>
To: Scott Long <scottl@samsco.org>
Message-ID: <20081104165951.GQ18100@deviant.kiev.zoral.com.ua>
References: <200811041556.mA4FuijN001109@svn.freebsd.org>
	<49107254.9070307@samsco.org>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="sUOf/0EjaVk9Y/9c"
Content-Disposition: inline
In-Reply-To: <49107254.9070307@samsco.org>
User-Agent: Mutt/1.4.2.3i
X-Virus-Scanned: ClamAV version 0.93.3,
	clamav-milter version 0.93.3 on skuns.kiev.zoral.com.ua
X-Virus-Status: Clean
X-Spam-Status: No, score=-4.4 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00
	autolearn=ham version=3.2.5
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on
	skuns.kiev.zoral.com.ua
X-Virus-Scanned: mail.terabit.net.ua 1KxPG0-000I3l-70
	0893544d19c01f9faf455f414a27df2b
X-Terabit: YES
Cc: svn-src-stable@freebsd.org, svn-src-all@freebsd.org,
	src-committers@freebsd.org, svn-src-stable-7@freebsd.org
Subject: Re: svn commit: r184641 - in stable/7/sys: . kern
X-BeenThere: svn-src-stable-7@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: SVN commit messages for only the 7-stable src tree
	<svn-src-stable-7.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-stable-7>, 
	<mailto:svn-src-stable-7-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-stable-7>
List-Post: <mailto:svn-src-stable-7@freebsd.org>
List-Help: <mailto:svn-src-stable-7-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-stable-7>, 
	<mailto:svn-src-stable-7-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Nov 2008 16:59:59 -0000


--sUOf/0EjaVk9Y/9c
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Nov 04, 2008 at 09:03:32AM -0700, Scott Long wrote:
> In stable branches, and especially during release cycles, would it be=20
> possible to annotate whether changes like this fix known panics or=20
> user-visible bugs?
I thought that description of the change made it obvious.
Access to the partially initialized structure is sure reason for a bad
behaviour, panic in this particular case.

It is slightly more involved in this case, because other thread was
able to overwrite pointer to fully initialized structure put by current
thread. This is what prevented by vnode interlock region.

>=20
> Scott
>=20
>=20
> Konstantin Belousov wrote:
> >Author: kib
> >Date: Tue Nov  4 15:56:44 2008
> >New Revision: 184641
> >URL: http://svn.freebsd.org/changeset/base/184641
> >
> >Log:
> >  MFC r184409:
> >  Protect check for v_pollinfo =3D=3D NULL and assignment of the newly=
=20
> >  allocated
> >  vpollinfo with vnode interlock. Fully initialize vpollinfo before putt=
ing
> >  pointer to it into vp->v_pollinfo.
> > =20
> >  Approved by:	re (kensmith)
> >
> >Modified:
> >  stable/7/sys/   (props changed)
> >  stable/7/sys/kern/vfs_subr.c
> >
> >Modified: stable/7/sys/kern/vfs_subr.c
> >=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D
> >--- stable/7/sys/kern/vfs_subr.c	Tue Nov  4 15:47:06 2008 (r184640)
> >+++ stable/7/sys/kern/vfs_subr.c	Tue Nov  4 15:56:44 2008 (r184641)
> >@@ -109,7 +109,7 @@ static void	vgonel(struct vnode *);
> > static void	vfs_knllock(void *arg);
> > static void	vfs_knlunlock(void *arg);
> > static int	vfs_knllocked(void *arg);
> >-
> >+static void	destroy_vpollinfo(struct vpollinfo *vi);
> >=20
> > /*
> >  * Enable Giant pushdown based on whether or not the vm is mpsafe in th=
is
> >@@ -815,11 +815,8 @@ vdestroy(struct vnode *vp)
> > #ifdef MAC
> > 	mac_destroy_vnode(vp);
> > #endif
> >-	if (vp->v_pollinfo !=3D NULL) {
> >-		knlist_destroy(&vp->v_pollinfo->vpi_selinfo.si_note);
> >-		mtx_destroy(&vp->v_pollinfo->vpi_lock);
> >-		uma_zfree(vnodepoll_zone, vp->v_pollinfo);
> >-	}
> >+	if (vp->v_pollinfo !=3D NULL)
> >+		destroy_vpollinfo(vp->v_pollinfo);
> > #ifdef INVARIANTS
> > 	/* XXX Elsewhere we can detect an already freed vnode via NULL v_op.=
=20
> > 	*/
> > 	vp->v_op =3D NULL;
> >@@ -3050,6 +3047,14 @@ vbusy(struct vnode *vp)
> > 	mtx_unlock(&vnode_free_list_mtx);
> > }
> >=20
> >+static void
> >+destroy_vpollinfo(struct vpollinfo *vi)
> >+{
> >+	knlist_destroy(&vi->vpi_selinfo.si_note);
> >+	mtx_destroy(&vi->vpi_lock);
> >+	uma_zfree(vnodepoll_zone, vi);
> >+}
> >+
> > /*
> >  * Initalize per-vnode helper structure to hold poll-related state.
> >  */
> >@@ -3058,15 +3063,20 @@ v_addpollinfo(struct vnode *vp)
> > {
> > 	struct vpollinfo *vi;
> >=20
> >+	if (vp->v_pollinfo !=3D NULL)
> >+		return;
> > 	vi =3D uma_zalloc(vnodepoll_zone, M_WAITOK);
> >+	mtx_init(&vi->vpi_lock, "vnode pollinfo", NULL, MTX_DEF);
> >+	knlist_init(&vi->vpi_selinfo.si_note, vp, vfs_knllock,
> >+	    vfs_knlunlock, vfs_knllocked);
> >+	VI_LOCK(vp);
> > 	if (vp->v_pollinfo !=3D NULL) {
> >-		uma_zfree(vnodepoll_zone, vi);
> >+		VI_UNLOCK(vp);
> >+		destroy_vpollinfo(vi);
> > 		return;
> > 	}
> > 	vp->v_pollinfo =3D vi;
> >-	mtx_init(&vp->v_pollinfo->vpi_lock, "vnode pollinfo", NULL, MTX_DEF);
> >-	knlist_init(&vp->v_pollinfo->vpi_selinfo.si_note, vp, vfs_knllock,
> >-	    vfs_knlunlock, vfs_knllocked);
> >+	VI_UNLOCK(vp);
> > }
> >=20
> > /*
> >@@ -3081,8 +3091,7 @@ int
> > vn_pollrecord(struct vnode *vp, struct thread *td, int events)
> > {
> >=20
> >-	if (vp->v_pollinfo =3D=3D NULL)
> >-		v_addpollinfo(vp);
> >+	v_addpollinfo(vp);
> > 	mtx_lock(&vp->v_pollinfo->vpi_lock);
> > 	if (vp->v_pollinfo->vpi_revents & events) {
> > 		/*
> >@@ -3917,8 +3926,7 @@ vfs_kqfilter(struct vop_kqfilter_args *a
> >=20
> > 	kn->kn_hook =3D (caddr_t)vp;
> >=20
> >-	if (vp->v_pollinfo =3D=3D NULL)
> >-		v_addpollinfo(vp);
> >+	v_addpollinfo(vp);
> > 	if (vp->v_pollinfo =3D=3D NULL)
> > 		return (ENOMEM);
> > 	knl =3D &vp->v_pollinfo->vpi_selinfo.si_note;

--sUOf/0EjaVk9Y/9c
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (FreeBSD)

iEYEARECAAYFAkkQf4cACgkQC3+MBN1Mb4h9sQCgsy6wmhViv3AMrezd1PIXE5zw
Vg4An1N13nuyG3CkPIEyrWnFZuSz/TWt
=qPC0
-----END PGP SIGNATURE-----

--sUOf/0EjaVk9Y/9c--