From owner-freebsd-current@FreeBSD.ORG Thu Jan 19 13:05:27 2006 Return-Path: X-Original-To: freebsd-current@freebsd.org Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2B9B016A422; Thu, 19 Jan 2006 13:05:27 +0000 (GMT) (envelope-from jhb@freebsd.org) Received: from speedfactory.net (mail6.speedfactory.net [66.23.216.219]) by mx1.FreeBSD.org (Postfix) with ESMTP id B601243D48; Thu, 19 Jan 2006 13:05:25 +0000 (GMT) (envelope-from jhb@freebsd.org) Received: from server.baldwin.cx (unverified [66.23.211.162]) by speedfactory.net (SurgeMail 3.5b3) with ESMTP id 6445339 for multiple; Thu, 19 Jan 2006 08:06:26 -0500 Received: from zion.baldwin.cx (zion.baldwin.cx [192.168.0.7]) (authenticated bits=0) by server.baldwin.cx (8.13.4/8.13.4) with ESMTP id k0JD5MFZ062358; Thu, 19 Jan 2006 08:05:24 -0500 (EST) (envelope-from jhb@freebsd.org) From: John Baldwin To: Suleiman Souhlal Date: Thu, 19 Jan 2006 08:02:30 -0500 User-Agent: KMail/1.8.3 References: <20060118070549.GA617@xor.obsecurity.org> <200601181652.59407.jhb@freebsd.org> <43CEEBD4.3060604@FreeBSD.org> In-Reply-To: <43CEEBD4.3060604@FreeBSD.org> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Message-Id: <200601190802.31914.jhb@freebsd.org> X-Virus-Scanned: ClamAV 0.87.1/1245/Wed Jan 18 11:57:44 2006 on server.baldwin.cx X-Virus-Status: Clean X-Spam-Status: No, score=-1.4 required=4.2 tests=ALL_TRUSTED, SUBJECT_EXCESS_QP autolearn=failed version=3.1.0 X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on server.baldwin.cx X-Server: High Performance Mail Server - http://surgemail.com r=1653887525 Cc: freebsd-current@freebsd.org, Kris Kennaway Subject: Re: System call munmap returning with the following locks held: Giant X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Jan 2006 13:05:27 -0000 On Wednesday 18 January 2006 08:31 pm, Suleiman Souhlal wrote: > Hi, > > John Baldwin wrote: > > I sent this to you on IRC, but for the archives, here's a possible fix.= =20 > > It looks like vm_object_deallocate() never unlocks Giant if it locks it, > > and the leak would only happen if mpsafevfs=3D0 or you are using a non-= safe > > filesystem: > > The real problem is that vm_object_deallocate() doesn't expect the > object's type to change if it sees it's a vnode, when it's not holding > the object lock: > /* > * In general, the object should be locked when working with > * its type. In this case, in order to maintain proper lock > * ordering, an exception is possible because a vnode-backed > * object never changes its type. > */ > vfslocked =3D 0; > if (object->type =3D=3D OBJT_VNODE) { > struct vnode *vp =3D (struct vnode *) object->handle; > vfslocked =3D VFS_LOCK_GIANT(vp->v_mount); > } > VM_OBJECT_LOCK(object); > if (object->type =3D=3D OBJT_VNODE) { > vm_object_vndeallocate(object); > VFS_UNLOCK_GIANT(vfslocked); > return; > } > > The comment is actually wrong, and the object's type can change to > OBJT_DEAD when the corresponing vnode gets freed, so maybe you might > want to change it. Well, that's not the cause of Kris' panic at all (the function really is no= t=20 ever dropping Giant). If the object does change to OBJT_DEAD after Giant i= s=20 acquired then some of the MPASS()'s I added might fail I think. I'm not su= re=20 if that's all that has to be done to fix the problem you are concerned abou= t. =2D-=20 John Baldwin =A0<>< =A0http://www.FreeBSD.org/~jhb/ "Power Users Use the Power to Serve" =A0=3D =A0http://www.FreeBSD.org