Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 18 Mar 2009 09:59:14 +0100
From:      Attilio Rao <attilio@freebsd.org>
To:        Kostik Belousov <kostikbel@gmail.com>
Cc:        Yoshihiro Ota <ota@j.email.ne.jp>, Peter Holm <pho@freebsd.org>, freebsd-fs@freebsd.org
Subject:   Re: kern/132597: [tmpfs] [panic] tmpfs-related panic while  interrupting a port build on tmpfs WRKDIR
Message-ID:  <3bbf2fe10903180159x10d2c721rf9ff4147a5c75ec7@mail.gmail.com>
In-Reply-To: <20090314203215.GA41617@deviant.kiev.zoral.com.ua>
References:  <200903140450.n2E4o3to011990@freefall.freebsd.org> <20090314102135.GA93077@x2.osted.lan> <20090314203215.GA41617@deviant.kiev.zoral.com.ua>
next in thread | previous in thread | raw e-mail | index | archive | help 
2009/3/14, Kostik Belousov <kostikbel@gmail.com>:
> On Sat, Mar 14, 2009 at 11:21:35AM +0100, Peter Holm wrote:
>  > On Sat, Mar 14, 2009 at 04:50:03AM +0000, Yoshihiro Ota wrote:
>  > > The following reply was made to PR kern/132597; it has been noted by GNATS.
>  > >
>  > > From: Yoshihiro Ota <ota@j.email.ne.jp>
>  > > To: bug-followup@FreeBSD.org
>  > > Cc: bf2006a@yahoo.com
>  > > Subject: Re: kern/132597: [tmpfs] [panic] tmpfs-related panic while
>  > >  interrupting a port build on tmpfs WRKDIR
>  > > Date: Sat, 14 Mar 2009 00:42:58 -0400
>  > >
>  > >  Which ports were you compiling when panic happened?
>  > >
>  > >  Hiro
>  >
>  > The panic in this PR looks a lot like the one I reported to attilio@
>  >
>  > http://people.freebsd.org/~pho/stress/log/attilio022.txt
>  >
>  > It was just regular FS load that provoked it.
>
>
> It seems to be quite clean what is going on there. In fact, there are
>  two issues:
>
>  First is the usual problem of DOTDOT lookup that shall be fixed in style
>  of vn_vget_ino() by busying mp before unlocking dvp.
>
>  Second one is the reason for the panic. The tmpfs vnode is unlocked, and
>  then corresponding tmpfs _node_ is passed to the tmpfs_alloc_vp().
>  Since the vnode may be reclaimed after the unlock, passed node might
>  become freed. Then, the tmpfs_alloc_vp() would operate on the freed
>  memory.

So I have a question.
In the tmpfs_lookup() there is dvp with gets vhold() before to unlock
the dvp vnode lock.
That should not be enough to prevent recycling and freeing of the structure?

Thanks,
Attilio


-- 
Peace can only be achieved by understanding - A. Einstein

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3bbf2fe10903180159x10d2c721rf9ff4147a5c75ec7>