tech-kern archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: possible fix for PR 39307 (mfs sometimes crashing on unmount)
On Thu, Sep 25, 2008 at 09:54:09PM +0930, Brett Lymn wrote:
> I have been puzzling over the symptoms of PR # 39307 for a while, mfs
> sometimes causes a panic in VFS_START. Looking at it, mfs is a
> strange beast. The start routine (mfs_start) does not exit until the
> mount is going away and then mfs_start() actually calls dounmount()
> directly to unmount itself - once this is done, the race is on, can
> mfs_start() exit and VFS_START() do it's final bit before the memory
> that was the struct mount * is reused. Hence the crash.
Wow, I completely ignored that call to dounmount().
> following fixes the symptom but I don't know if it is the "right" way
> to fix the bug:
>
> Index: mfs_vfsops.c
> ===================================================================
> RCS file: /cvsroot/src/sys/ufs/mfs/mfs_vfsops.c,v
> retrieving revision 1.98
> diff -u -r1.98 mfs_vfsops.c
> --- mfs_vfsops.c 28 Jun 2008 01:34:05 -0000 1.98
> +++ mfs_vfsops.c 25 Sep 2008 12:23:29 -0000
> @@ -403,7 +403,7 @@
> mutex_enter(&mfs_lock);
> mfsp->mfs_refcnt++;
> mutex_exit(&mfs_lock);
> - vfs_unbusy(mp, false, NULL);
> + vfs_unbusy(mp, true, NULL);
>
> base = mfsp->mfs_baseoff;
> mutex_enter(&mfs_lock);
That would leak a reference to the mountpoint in some cases. Since a
reference is held for us across VFS_START(), and dounmount() always
consumes a reference, we can simply add one before calling dounmount().
I will check in fix.
Andrew
Home |
Main Index |
Thread Index |
Old Index