Date: Wed, 18 Mar 2009 15:09:46 +0200 From: Kostik Belousov <kostikbel@gmail.com> To: Attilio Rao <attilio@freebsd.org> Cc: Yoshihiro Ota <ota@j.email.ne.jp>, Peter Holm <pho@freebsd.org>, freebsd-fs@freebsd.org Subject: Re: kern/132597: [tmpfs] [panic] tmpfs-related panic while interrupting a port build on tmpfs WRKDIR Message-ID: <20090318130946.GD41617@deviant.kiev.zoral.com.ua> In-Reply-To: <3bbf2fe10903180159x10d2c721rf9ff4147a5c75ec7@mail.gmail.com> References: <200903140450.n2E4o3to011990@freefall.freebsd.org> <20090314102135.GA93077@x2.osted.lan> <20090314203215.GA41617@deviant.kiev.zoral.com.ua> <3bbf2fe10903180159x10d2c721rf9ff4147a5c75ec7@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--CqcVIibhaBEAt2VI Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Mar 18, 2009 at 09:59:14AM +0100, Attilio Rao wrote: > 2009/3/14, Kostik Belousov <kostikbel@gmail.com>: > > On Sat, Mar 14, 2009 at 11:21:35AM +0100, Peter Holm wrote: > > > On Sat, Mar 14, 2009 at 04:50:03AM +0000, Yoshihiro Ota wrote: > > > > The following reply was made to PR kern/132597; it has been noted = by GNATS. > > > > > > > > From: Yoshihiro Ota <ota@j.email.ne.jp> > > > > To: bug-followup@FreeBSD.org > > > > Cc: bf2006a@yahoo.com > > > > Subject: Re: kern/132597: [tmpfs] [panic] tmpfs-related panic while > > > > interrupting a port build on tmpfs WRKDIR > > > > Date: Sat, 14 Mar 2009 00:42:58 -0400 > > > > > > > > Which ports were you compiling when panic happened? > > > > > > > > Hiro > > > > > > The panic in this PR looks a lot like the one I reported to attilio@ > > > > > > http://people.freebsd.org/~pho/stress/log/attilio022.txt > > > > > > It was just regular FS load that provoked it. > > > > > > It seems to be quite clean what is going on there. In fact, there are > > two issues: > > > > First is the usual problem of DOTDOT lookup that shall be fixed in sty= le > > of vn_vget_ino() by busying mp before unlocking dvp. > > > > Second one is the reason for the panic. The tmpfs vnode is unlocked, a= nd > > then corresponding tmpfs _node_ is passed to the tmpfs_alloc_vp(). > > Since the vnode may be reclaimed after the unlock, passed node might > > become freed. Then, the tmpfs_alloc_vp() would operate on the freed > > memory. >=20 > So I have a question. > In the tmpfs_lookup() there is dvp with gets vhold() before to unlock > the dvp vnode lock. > That should not be enough to prevent recycling and freeing of the structu= re? No. The only thing that prevents vnode reclaim is the vnode lock. Both vhold and vref only prevent struct vnode * pointer from becoming invalid, i.e. freeing vnode memory, and also keep vnode interlock and lock functional. The difference between vhold and vref is that vref() prevents non-forced unmounts from reclaiming such vnode. --CqcVIibhaBEAt2VI Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (FreeBSD) iEYEARECAAYFAknA8nsACgkQC3+MBN1Mb4i7sQCcCBDjBw8royQdW2SghABIGxtF p5sAoIlw+wfCLbMBBleyv/TOAABGwrkL =gLse -----END PGP SIGNATURE----- --CqcVIibhaBEAt2VI--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090318130946.GD41617>