Subject: Re: tmpfs memory leak?
To: None <>
From: Antti Kantee <>
List: tech-kern
Date: 10/27/2007 18:45:39
On Fri Oct 26 2007 at 19:15:04 -0500, David Young wrote:
> The explicit struct mount * looked essential to me.  Here is my
> interpretation; tell me if I got it wrong.  The comments in layer_bypass()
> say that the lower filesystem may vput() some of its vnode arguments,
> so layer_bypass() needs to VREF() any vnode that it does not want to go
> away when it calls the lower.  So, after layer_bypass() has vput() a vnode
> itself, it should not extract a struct mount * from it.  I believe we only
> ever got away with it, before, because nullfs was so lazy about releasing
> any lower vnode, ever.  After I patched layer_inactive(), my test machine
> crashed shortly after boot when it dereferenced a NULL struct mount *.

I didn't look at that code long enough to gain Bill-level enlightenment.
But your premise is correct.

As an interesting aside, there are really no rules for accessing struct
mount after releasing all vnodes for the mount point even if you do get
the pointer in time (or even before if unmount(MNT_FORCE) is being done).
I am hoping that the proverbial "someone" will fix this so that my head
can stop hurting.

> > Ok, I have half-done a patch to do this. I'll post what I come up w/ 
> > tomorrow. I see how to fix this and get most of the way done. What I don't 
> > see is how to handle locking.
> Tomorrow? :-)

It's always tomorrow somewhere... no, wait, ...

(I'm interested in the patch also, as the non-reclaiming causes annoying
g/c problems even when backed by real disk)

Antti Kantee <>                     Of course he runs NetBSD                
    "la qualité la plus indispensable du cuisinier est l'exactitude"