Date: Fri, 25 Nov 2005 21:56:20 -0500 From: Kris Kennaway <kris@obsecurity.org> To: Csaba Henk <csaba-ml@creo.hu> Cc: freebsd-current@freebsd.org Subject: Re: double close strikes panic if md attaching a corrupt file Message-ID: <20051126025620.GA62284@xor.obsecurity.org> In-Reply-To: <20051125214738.GL2911@beastie.creo.hu> References: <20051125214738.GL2911@beastie.creo.hu>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On Fri, Nov 25, 2005 at 10:47:38PM +0100, Csaba Henk wrote: > Hi! > > Imagine the following: > > You have a corrupt file (so that you can open it, but when you try reading > from it, it returns EIO). Pretty common with crappy optical media. > > You try "mdconfig -a -t vnode" on it. > > This will lead to a call to xmdioctl() such that mdio->md_type is > MD_VNODE. So you get the following call chain: > > xmdioctl -> mdcreate_vnode -> mdsetcred -> VOP_READ > > VOP_READ returns EIO. This error value will be propagated to mdcreate_vnode, > who will then feel like vn_close-ing the vnode, and propagate the error > further. > > Now we got back to xmdioctl, who will call for mddestroy because of the error. > mddestroy still sees the vnode, and will vn_close it again. > > This will yield a "negative refcount" panic. > > Two different ideas for fixing this: > > 1. Don't vn_close in mdcreate_vnode when there is an error. > 2. Not just vn_close in mdcreate_vnode upon error but also > nullify the sc->vnode field. > > I attach two patches, they realize the above ideas, respectively. > Note that I didn't test either. You probably should do so ;-) This isn't the easiest thing for someone to test without such corrupted media. Kris [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFDh87UWry0BWjoQKURAkLaAKD+8ZxrnxY45FFi3euFE5SMcNYy1QCeOoex txVeD1J4RBeKR7xW7Sh5+DM= =PrDQ -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20051126025620.GA62284>