On Tue, Feb 11, 2003 at 08:43:51PM -0500, Christos Zoulas wrote:
> Nfs_reclaim looks into vp->v_mount to do stuff for leases, but
> this pointer is bad.  The reason is, that umount does not clean up
> vnodes in the vnode_free_list. 
> 
> So when you run a find on ffs, and amd unmounts an nfs mount...
> eventually getnewvnode() will grab a free vnode from the free list,
> then that h appens to be on the nfs that was unmounted, vgonel calls
> VOP_RECLAIM -> nfs_reclaim -> boom.  This is essentially PR/17107.

The simple solution is to move the code that references the NFS
mount structure (the NQNFS timer stuff) to nfs_inactive. When
a vnode's ref count drops to zero (which is when VOP_INACTIVE
is called), there's no reason for it to be on that timer queue
anymore, anyway.

There seems to be locking problem should this code be used
without the big lock, btw. vput() puts the vnode on the freelist
before calling VOP_INACTIVE, as does vrele, and VOP_INACTIVE
is called without the interlock held.  But that's a different
story.

- Frank

-- 
Frank van der Linden                                    fvdl@wasabisystems.com
==============================================================================
Quality NetBSD Development, Support & Service.   http://www.wasabisystems.com/