From owner-freebsd-bugs@FreeBSD.ORG  Tue Sep 25 15:40:07 2007
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 90F8516A418
	for <freebsd-bugs@hub.freebsd.org>;
	Tue, 25 Sep 2007 15:40:07 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 6022E13C45B
	for <freebsd-bugs@hub.freebsd.org>;
	Tue, 25 Sep 2007 15:40:07 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.1/8.14.1) with ESMTP id l8PFe77x074296
	for <freebsd-bugs@freefall.freebsd.org>; Tue, 25 Sep 2007 15:40:07 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.1/8.14.1/Submit) id l8PFe7Yo074294;
	Tue, 25 Sep 2007 15:40:07 GMT (envelope-from gnats)
Date: Tue, 25 Sep 2007 15:40:07 GMT
Message-Id: <200709251540.l8PFe7Yo074294@freefall.freebsd.org>
To: freebsd-bugs@FreeBSD.org
From: Eugene Grosbein <eugen@grosbein.pp.ru>
Cc: 
Subject: Re: kern/116608: [panic] [patch] [msdosfs] msdosfs fails to check
	mount options
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Eugene Grosbein <eugen@grosbein.pp.ru>
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Sep 2007 15:40:07 -0000

The following reply was made to PR kern/116608; it has been noted by GNATS.

From: Eugene Grosbein <eugen@grosbein.pp.ru>
To: bug-followup@freebsd.org
Cc: Bruce Evans <brde@optusnet.com.au>
Subject: Re: kern/116608: [panic] [patch] [msdosfs] msdosfs fails to check mount options
Date: Tue, 25 Sep 2007 23:32:15 +0800

 On Mon, 24 Sep 2007, Bruce Evans wrote:
 
 > I saw similar bogus errors and panics for the bug in rev.1.152 (-current)
 > and 1.144.2.5 (RELENG_6).  This bug is for remounting from rw to ro.
 > markvoldirty() is called after changing to to, so it creates an unflushable
 > buffer.  Unflushable buffers are supposed to be retried endlessly, but
 > another bug causes a panic.  Committing of fixes for these bugs are
 > pending.
 
 While the patch I've sent in the PR is correct, it discovers another
 panic if there is mountd process running at the moment of mount.
 Or if it's run later. Here is a scenario:
 
 1. mount_msdosfs(8) calls nmount() with options "ro" and "rw" (in this order).
 2. vfs_donmount() notes "rw", clears MNT_RDONLY flag and adds "noro"
    to the option list.
 3. So, msdosfs_mount() is called without MNT_UPDATE flag, without MNT_RDONLY
    flag and with options "ro", "rw" and "noro". It ignores "noro",
    and with mentioned patch it ignores "ro" also and does read-write mount.
 4. mountd(8) calls nmount() with exactly same options but adds
    MNT_UPDATE flag
 5. So, msdosfs_mount() is called second time, now with MNT_UPDATE,
    ignores options "noro" and "rw", notes option "ro", tries to remount
    filesystem from read-write to read-only and hits another unfixed bug
    in the kernel you mentioned above and kernel panices a couple of second
    later.
 
 Well, I think that vfs_donmount() has to be fixed to remove "ro"
 when it adds "noro", hasn't it?
 
 Eugene Grosbein