From owner-freebsd-current@FreeBSD.ORG  Thu Jun 21 16:48:54 2012
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: current@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id CEF911065674;
	Thu, 21 Jun 2012 16:48:54 +0000 (UTC) (envelope-from ken@kdm.org)
Received: from nargothrond.kdm.org (nargothrond.kdm.org [70.56.43.81])
	by mx1.freebsd.org (Postfix) with ESMTP id 9962B8FC12;
	Thu, 21 Jun 2012 16:48:54 +0000 (UTC)
Received: from nargothrond.kdm.org (localhost [127.0.0.1])
	by nargothrond.kdm.org (8.14.2/8.14.2) with ESMTP id q5LGmrRT037062;
	Thu, 21 Jun 2012 10:48:53 -0600 (MDT)
	(envelope-from ken@nargothrond.kdm.org)
Received: (from ken@localhost)
	by nargothrond.kdm.org (8.14.2/8.14.2/Submit) id q5LGmrCV037061;
	Thu, 21 Jun 2012 10:48:53 -0600 (MDT) (envelope-from ken)
Date: Thu, 21 Jun 2012 10:48:53 -0600
From: "Kenneth D. Merry" <ken@FreeBSD.org>
To: "Andrey V. Elsukov" <ae@FreeBSD.org>
Message-ID: <20120621164853.GA37027@nargothrond.kdm.org>
References: <20120621042925.GA44903@nargothrond.kdm.org>
	<4FE3435F.9080400@FreeBSD.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <4FE3435F.9080400@FreeBSD.org>
User-Agent: Mutt/1.4.2i
Cc: current@FreeBSD.org
Subject: Re: minor GEOM disk API change coming
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Jun 2012 16:48:54 -0000

On Thu, Jun 21, 2012 at 19:53:03 +0400, Andrey V. Elsukov wrote:
> On 21.06.2012 08:29, Kenneth D. Merry wrote:
> > 	Fix a bug which causes a panic in daopen(). The panic is caused by
> > 	a da(4) instance going away while GEOM is still probing it.
> > 	
> > 	In this case, the GEOM disk class instance has been created by
> > 	disk_create(), and the taste of the disk is queued in the GEOM
> > 	event queue.
> > 	
> > 	While that event is queued, the da(4) instance goes away.  When the
> > 	open call comes into the da(4) driver, it dereferences the freed
> > 	(but non-NULL) peripheral pointer provided by GEOM, which results
> > 	in a panic.
> 
> I think this situation is very specific for the GEOM_DISK class, and
> this callback will be less useful for other classes.
> Does g_cancel_event() cannot help you prevent tasting?

Calling g_cancel_event(), for instance from disk_gone(), would not
completely close the race condition.  It can't cancel an event that is
already in progress, and it is possible for the peripheral to go away while
the event is marked in progress but before the taste gets far enough into
daopen() to acquire a reference to the peripheral.

Ken
-- 
Kenneth Merry
ken@FreeBSD.ORG