From owner-freebsd-current@FreeBSD.ORG Fri Jan 20 21:05:37 2006 Return-Path: X-Original-To: freebsd-current@freebsd.org Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8464316A41F; Fri, 20 Jan 2006 21:05:37 +0000 (GMT) (envelope-from jhb@freebsd.org) Received: from speedfactory.net (mail6.speedfactory.net [66.23.216.219]) by mx1.FreeBSD.org (Postfix) with ESMTP id 60FDA43D46; Fri, 20 Jan 2006 21:05:36 +0000 (GMT) (envelope-from jhb@freebsd.org) Received: from server.baldwin.cx (unverified [66.23.211.162]) by speedfactory.net (SurgeMail 3.5b3) with ESMTP id 6568403 for multiple; Fri, 20 Jan 2006 16:06:30 -0500 Received: from localhost (john@localhost [127.0.0.1]) by server.baldwin.cx (8.13.4/8.13.4) with ESMTP id k0KL5Kqb073073; Fri, 20 Jan 2006 16:05:24 -0500 (EST) (envelope-from jhb@freebsd.org) From: John Baldwin To: Kris Kennaway Date: Fri, 20 Jan 2006 15:49:29 -0500 User-Agent: KMail/1.9.1 References: <20060118070549.GA617@xor.obsecurity.org> <200601191609.43529.jhb@freebsd.org> <20060120005206.GA3062@xor.obsecurity.org> In-Reply-To: <20060120005206.GA3062@xor.obsecurity.org> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200601201549.32374.jhb@freebsd.org> X-Virus-Scanned: ClamAV 0.87.1/1246/Thu Jan 19 16:44:42 2006 on server.baldwin.cx X-Virus-Status: Clean X-Spam-Status: No, score=-1.4 required=4.2 tests=ALL_TRUSTED, SUBJECT_EXCESS_QP autolearn=failed version=3.1.0 X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on server.baldwin.cx X-Server: High Performance Mail Server - http://surgemail.com r=1653887525 Cc: alc@freebsd.org, Suleiman Souhlal , freebsd-current@freebsd.org, Alan Cox Subject: Re: System call munmap returning with the following locks held: Giant X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Jan 2006 21:05:37 -0000 On Thursday 19 January 2006 19:52, Kris Kennaway wrote: > On Thu, Jan 19, 2006 at 04:09:40PM -0500, John Baldwin wrote: > > On Thursday 19 January 2006 15:38, Alan Cox wrote: > > > On Thu, Jan 19, 2006 at 11:14:24AM -0500, John Baldwin wrote: > > > [snip] > > > > > > > Are you really sure the object's type can change or does the caller > > > > of vm_object_deallocate() hold some sort of reference or what not > > > > that prevents the type from changing? > > > > > > My recollection is that the object does not change type until all of > > > the references have been drained and it is about to be freed by > > > vm_object_terminate(). At the point where the type check is being > > > performed, the caller should hold a reference on the object. Thus, > > > the type should not be changing. > > > > > > That said, an unexpected type change still strikes me as the most > > > plausible cause. > > > > > > Is there a test that easily reproduces this problem? > > > > Kris Kenneway has one involving NFS. My first patch was bogus in that I > > missed the magic with vm_object_vndeallocate(), so I think the only way > > Kris was seeing it was by the race of the type changing. I've sent him > > an updated patch like the one in my previous message that used a restart > > loop to lock Giant if it was needed. > > I don't think I saw that patch. Ah, it's at the same place. http://www.freebsd.org/~jhb/patches/vm_obj.patch -- John Baldwin <>< http://www.FreeBSD.org/~jhb/ "Power Users Use the Power to Serve" = http://www.FreeBSD.org