From owner-freebsd-current@FreeBSD.ORG Wed Aug 3 05:16:39 2011 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0925C106564A for ; Wed, 3 Aug 2011 05:16:38 +0000 (UTC) (envelope-from okuno.kohji@jp.panasonic.com) Received: from smtp.mei.co.jp (smtp.mei.co.jp [133.183.100.20]) by mx1.freebsd.org (Postfix) with ESMTP id 71BD88FC08 for ; Wed, 3 Aug 2011 05:16:38 +0000 (UTC) Received: from mail-gw.jp.panasonic.com ([157.8.1.157]) by smtp.mei.co.jp (8.12.11.20060614/3.7W/kc-maile12) with ESMTP id p735Gack005051 for ; Wed, 3 Aug 2011 14:16:36 +0900 (JST) Received: from epochmail.jp.panasonic.com ([157.8.1.130]) by mail.jp.panasonic.com (8.11.6p2/3.7W/kc-maili13) with ESMTP id p735GaG15884 for ; Wed, 3 Aug 2011 14:16:36 +0900 Received: by epochmail.jp.panasonic.com (8.12.11.20060308/3.7W/lomi17) id p735Ga1p009801; Wed, 3 Aug 2011 14:16:36 +0900 Received: from localhost by lomi17.jp.panasonic.com (8.12.11.20060308/3.7W) with ESMTP id p735Gari009773; Wed, 3 Aug 2011 14:16:36 +0900 Date: Wed, 03 Aug 2011 14:16:36 +0900 (JST) Message-Id: <20110803.141636.145758949453810779.okuno.kohji@jp.panasonic.com> To: freebsd-current@freebsd.org From: Kohji Okuno Organization: Panasonic Corporation X-Mailer: Mew version 6.3 on Emacs 23.3 / Mule 6.0 (HANACHIRUSATO) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Cc: okuno.kohji@jp.panasonic.com Subject: Bug: devfs is sure to have the bug. X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Aug 2011 05:16:39 -0000 Hello, I think that devfs is sure to have the bug. I found that I couldn't open "/dev/XXX" though the kernel detected XXX device. "dm->dm_generation" is updated with "devfs_generation" in devfs_populate(), and the context holds only "dm->dm_lock" in devfs_populate(). On the other hand, "devfs_generation" is incremented in devfs_create() and devfs_destroy() the context holds only "devmtx" in devfs_create() and devfs_destroy(). If a context executes devfs_create() when other context is executing (***), then "dm->dm_generation" is updated incorrect value. As a result, we can not open the last detected device (we receive ENOENT). I think that we should change the lock method. May I have advice? void devfs_populate(struct devfs_mount *dm) { sx_assert(&dm->dm_lock, SX_XLOCKED); if (dm->dm_generation == devfs_generation) return; while (devfs_populate_loop(dm, 0)) continue; (***) dm->dm_generation = devfs_generation; } void devfs_create(struct cdev *dev) { struct cdev_priv *cdp; mtx_assert(&devmtx, MA_OWNED); cdp = cdev2priv(dev); cdp->cdp_flags |= CDP_ACTIVE; cdp->cdp_inode = alloc_unrl(devfs_inos); dev_refl(dev); TAILQ_INSERT_TAIL(&cdevp_list, cdp, cdp_list); devfs_generation++; } void devfs_destroy(struct cdev *dev) { struct cdev_priv *cdp; mtx_assert(&devmtx, MA_OWNED); cdp = cdev2priv(dev); cdp->cdp_flags &= ~CDP_ACTIVE; devfs_generation++; } Thanks. -- Kohji Okuno (okuno.kohji@jp.panasonic.com)