From owner-freebsd-bugs@FreeBSD.ORG Fri May 30 20:40:15 2003 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 030AD37B404 for ; Fri, 30 May 2003 20:40:15 -0700 (PDT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id EA7C943FA3 for ; Fri, 30 May 2003 20:40:13 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.9/8.12.9) with ESMTP id h4V3eDUp013255 for ; Fri, 30 May 2003 20:40:13 -0700 (PDT) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.9/8.12.9/Submit) id h4V3eDT3013254; Fri, 30 May 2003 20:40:13 -0700 (PDT) Resent-Date: Fri, 30 May 2003 20:40:13 -0700 (PDT) Resent-Message-Id: <200305310340.h4V3eDT3013254@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Tim Robbins Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EF76637B401 for ; Fri, 30 May 2003 20:31:37 -0700 (PDT) Received: from smtp01.syd.iprimus.net.au (smtp01.syd.iprimus.net.au [210.50.30.52]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2AC5243FCB for ; Fri, 30 May 2003 20:31:37 -0700 (PDT) (envelope-from tim@robbins.dropbear.id.au) Received: from dilbert.robbins.dropbear.id.au (210.50.219.83) by smtp01.syd.iprimus.net.au (7.0.015) id 3ECDA44500172836 for FreeBSD-gnats-submit@freebsd.org; Sat, 31 May 2003 13:31:35 +1000 Received: by dilbert.robbins.dropbear.id.au (Postfix, from userid 1000) id 147BCB4CD; Sat, 31 May 2003 13:30:57 +1000 (EST) Message-Id: <20030531033057.147BCB4CD@dilbert.robbins.dropbear.id.au> Date: Sat, 31 May 2003 13:30:57 +1000 (EST) From: Tim Robbins To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Subject: kern/52818: vm_fault() calls vput() on shared-locked vnode X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Tim Robbins List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 31 May 2003 03:40:15 -0000 >Number: 52818 >Category: kern >Synopsis: vm_fault() calls vput() on shared-locked vnode >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri May 30 20:40:13 PDT 2003 >Closed-Date: >Last-Modified: >Originator: Tim Robbins >Release: FreeBSD 4.8-RELEASE i386 >Organization: The FreeBSD Project >Environment: FreeBSD 4.8-RELEASE i386 FreeBSD 5.1-BETA i386 >Description: vm_fault() calls vput() on a vnode that has been locked with the LK_SHARED flag: fs.vp = vnode_pager_lock(fs.first_object); ... if (fs.vp != NULL) { vput(fs.vp); fs.vp = NULL; } This is bad because it means that VOP_INACTIVE is called while holding a shared lock, instead of an exclusive lock. This may be related to kern/52412. >How-To-Repeat: N/A >Fix: Perhaps we could drop the shared lock then call vrele() instead. >Release-Note: >Audit-Trail: >Unformatted: