NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: kern/48212: modunload(8) for nfsserver leaves a dangling callout scheduled



The following reply was made to PR kern/48212; it has been noted by GNATS.

From: Paul Goyette <paul%whooppee.com@localhost>
To: Christos Zoulas <christos%zoulas.com@localhost>
Cc: gnats-bugs%NetBSD.org@localhost, kern-bug-people%netbsd.org@localhost, 
gnats-admin%netbsd.org@localhost, 
    netbsd-bugs%netbsd.org@localhost
Subject: Re: kern/48212: modunload(8) for nfsserver leaves a dangling callout
 scheduled
Date: Mon, 16 Sep 2013 12:31:50 -0700 (PDT)

 On Mon, 16 Sep 2013, Christos Zoulas wrote:
 
 > On Sep 16,  3:30am, paul%whooppee.com@localhost (Paul Goyette) wrote:
 > |
 > |  >> The nfs timer callout should be diesatablished by
 > |  >> nfsserver_modcmd(MODULE_CMD_FINI) ->nfs_fini()->nfs_timer_fini().
 > |
 > |  I think I have identified the problem:
 > |
 > |  1. When unloading the nfsserver module, nfsserver_modcmd() eventually
 > |  calls nfs_fini().
 > |
 > |  2. nfs_fini() calls nfs_timer_fini()
 > |
 > |  3. nfs_timer_fini() destroys the nfs_timer_lock mutex
 > |
 > |  4. At some future time, the scheduled nfs_timer call-out fires, and it
 > |  tries to obtain the nfs_timer_lock mutex in order to check whether or
 > |  not server-side processing is needed (by checking nfs_timer_srvvec)
 > |
 > |  5. Since the mutex has been destroyed, it is no longer valid to attempt
 > |  to acquire it.
 > |
 > |  Looking at the code, it would seem that nfs_fini() is intended only for
 > |  use in nfs client processing, and should NOT be called by nfs server
 > |  code.  We already have nfsrv_fini() for closing down the server, and it
 > |  is already being called.
 >
 > I think that the order of destruction is backwards too, can you try:
 >
 > Index: nfs_subs.c
 > ===================================================================
 > RCS file: /cvsroot/src/sys/nfs/nfs_subs.c,v
 > retrieving revision 1.222
 > diff -u -p -u -r1.222 nfs_subs.c
 > --- nfs_subs.c       19 Nov 2011 22:51:30 -0000      1.222
 > +++ nfs_subs.c       16 Sep 2013 14:45:45 -0000
 > @@ -1520,9 +1520,9 @@ void
 > nfs_fini(void)
 > {
 >
 > -    nfsdreq_fini();
 > -    nfs_timer_fini();
 >      MOWNER_DETACH(&nfs_mowner);
 > +    nfs_timer_fini();
 > +    nfsdreq_fini();
 > }
 
 Although (as pointed out in private mail) this change might be needed to 
 prevent the callout from being activated after releasing the mbuf pool, 
 I don't believe this is the right solution to my problem.
 
 As long as nfsserver_modcmd() calls nfs_fini(), it will cancel the 
 shared callout for both server-side and client-side nfs code.  The 
 callout needs to continue to be active as long as nfs client code 
 remains active, even if the nfsserver module is unloaded.
 
 
 
 
 -------------------------------------------------------------------------
 | Paul Goyette     | PGP Key fingerprint:     | E-mail addresses:       |
 | Customer Service | FA29 0E3B 35AF E8AE 6651 | paul at whooppee.com    |
 | Network Engineer | 0786 F758 55DE 53BA 7731 | pgoyette at juniper.net |
 | Kernel Developer |                          | pgoyette at netbsd.org  |
 -------------------------------------------------------------------------
 


Home | Main Index | Thread Index | Old Index