Date: Tue, 26 Feb 2002 02:37:47 +0000 From: Ian Dowse <iedowse@maths.tcd.ie> To: Kirk McKusick <mckusick@mckusick.com> Cc: Matthew Dillon <dillon@apollo.backplane.com>, Kris Kennaway <kris@obsecurity.org>, Tony Finch <dot@dotat.at>, fs@FreeBSD.ORG, fanf@chiark.greenend.org.uk Subject: Re: UFS panic on -stable Message-ID: <200202260237.aa51774@salmon.maths.tcd.ie> In-Reply-To: Your message of "Mon, 25 Feb 2002 17:41:08 PST." <200202260141.g1Q1f8i28365@beastie.mckusick.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <200202260141.g1Q1f8i28365@beastie.mckusick.com>, Kirk McKusick writ es: >this bug. It does point a big finger at the buffer cache code >since that would be about the only place that data corruption >could be happening here. My feeling was that this particular crash may be caused by something at the vnode level since it appeared that the inode had been fully freed while the vnode was still referenced. The process was sshd, so I was looking for something that could have changed the mode on the inode after it had been inadvertantly freed. The best I've found so far is in the ssh source there is the code: /* Releases the tty. Its ownership is returned to root, and permissions to 0666. */ void pty_release(const char *ttyname) { if (chown(ttyname, (uid_t) 0, (gid_t) 0) < 0) ... if (chmod(ttyname, (mode_t) 0666) < 0) ... The inode looked as if a VOP_SETATTR to gid root, uid root, mode 666 had succeeded even though the inode was already free. That explains the lack of IFMT bits in the mode argument to ffs_freefile(). Kris, if it's not too awkward to make changes to the cluster kernels, could you try applying the following extra sanity check to ufs_chmod? This should attempt to catch the bug a little bit earlier by detecting an attempt to VOP_SETATTR a free inode. Ian Index: ufs_vnops.c =================================================================== RCS file: /dump/FreeBSD-CVS/src/sys/ufs/ufs/ufs_vnops.c,v retrieving revision 1.131.2.7 diff -u -r1.131.2.7 ufs_vnops.c --- ufs_vnops.c 5 Feb 2002 18:35:04 -0000 1.131.2.7 +++ ufs_vnops.c 26 Feb 2002 02:28:02 -0000 @@ -570,6 +570,8 @@ if (!groupmember(ip->i_gid, cred) && (mode & ISGID)) return (EPERM); } + if (ip->i_mode == 0) + panic("ufs_chmod: free inode"); ip->i_mode &= ~ALLPERMS; ip->i_mode |= (mode & ALLPERMS); ip->i_flag |= IN_CHANGE; To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-fs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi? <200202260237.aa51774>