Date: Wed, 18 Mar 2009 15:09:46 +0200 From: Kostik Belousov <kostikbel@gmail.com> To: Attilio Rao <attilio@freebsd.org> Cc: Yoshihiro Ota <ota@j.email.ne.jp>, Peter Holm <pho@freebsd.org>, freebsd-fs@freebsd.org Subject: Re: kern/132597: [tmpfs] [panic] tmpfs-related panic while interrupting a port build on tmpfs WRKDIR Message-ID: <20090318130946.GD41617@deviant.kiev.zoral.com.ua> In-Reply-To: <3bbf2fe10903180159x10d2c721rf9ff4147a5c75ec7@mail.gmail.com> References: <200903140450.n2E4o3to011990@freefall.freebsd.org> <20090314102135.GA93077@x2.osted.lan> <20090314203215.GA41617@deviant.kiev.zoral.com.ua> <3bbf2fe10903180159x10d2c721rf9ff4147a5c75ec7@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On Wed, Mar 18, 2009 at 09:59:14AM +0100, Attilio Rao wrote: > 2009/3/14, Kostik Belousov <kostikbel@gmail.com>: > > On Sat, Mar 14, 2009 at 11:21:35AM +0100, Peter Holm wrote: > > > On Sat, Mar 14, 2009 at 04:50:03AM +0000, Yoshihiro Ota wrote: > > > > The following reply was made to PR kern/132597; it has been noted by GNATS. > > > > > > > > From: Yoshihiro Ota <ota@j.email.ne.jp> > > > > To: bug-followup@FreeBSD.org > > > > Cc: bf2006a@yahoo.com > > > > Subject: Re: kern/132597: [tmpfs] [panic] tmpfs-related panic while > > > > interrupting a port build on tmpfs WRKDIR > > > > Date: Sat, 14 Mar 2009 00:42:58 -0400 > > > > > > > > Which ports were you compiling when panic happened? > > > > > > > > Hiro > > > > > > The panic in this PR looks a lot like the one I reported to attilio@ > > > > > > http://people.freebsd.org/~pho/stress/log/attilio022.txt > > > > > > It was just regular FS load that provoked it. > > > > > > It seems to be quite clean what is going on there. In fact, there are > > two issues: > > > > First is the usual problem of DOTDOT lookup that shall be fixed in style > > of vn_vget_ino() by busying mp before unlocking dvp. > > > > Second one is the reason for the panic. The tmpfs vnode is unlocked, and > > then corresponding tmpfs _node_ is passed to the tmpfs_alloc_vp(). > > Since the vnode may be reclaimed after the unlock, passed node might > > become freed. Then, the tmpfs_alloc_vp() would operate on the freed > > memory. > > So I have a question. > In the tmpfs_lookup() there is dvp with gets vhold() before to unlock > the dvp vnode lock. > That should not be enough to prevent recycling and freeing of the structure? No. The only thing that prevents vnode reclaim is the vnode lock. Both vhold and vref only prevent struct vnode * pointer from becoming invalid, i.e. freeing vnode memory, and also keep vnode interlock and lock functional. The difference between vhold and vref is that vref() prevents non-forced unmounts from reclaiming such vnode. [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (FreeBSD) iEYEARECAAYFAknA8nsACgkQC3+MBN1Mb4i7sQCcCBDjBw8royQdW2SghABIGxtF p5sAoIlw+wfCLbMBBleyv/TOAABGwrkL =gLse -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090318130946.GD41617>