tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: possible fix for PR 39307 (mfs sometimes crashing on unmount)



2008/9/25, Andrew Doran <ad%netbsd.org@localhost>:
> On Thu, Sep 25, 2008 at 09:54:09PM +0930, Brett Lymn wrote:
>
>  > I have been puzzling over the symptoms of PR # 39307 for a while, mfs
>  > sometimes causes a panic in VFS_START.  Looking at it, mfs is a
>  > strange beast.  The start routine (mfs_start) does not exit until the
>  > mount is going away and then mfs_start() actually calls dounmount()
>  > directly to unmount itself - once this is done, the race is on, can
>  > mfs_start() exit and VFS_START() do it's final bit before the memory
>  > that was the struct mount * is reused.  Hence the crash.
>
>
> Wow, I completely ignored that call to dounmount().
>
>
>  > following fixes the symptom but I don't know if it is the "right" way
>  > to fix the bug:
>  >
>  > Index: mfs_vfsops.c
>  > ===================================================================
>  > RCS file: /cvsroot/src/sys/ufs/mfs/mfs_vfsops.c,v
>  > retrieving revision 1.98
>  > diff -u -r1.98 mfs_vfsops.c
>  > --- mfs_vfsops.c      28 Jun 2008 01:34:05 -0000      1.98
>  > +++ mfs_vfsops.c      25 Sep 2008 12:23:29 -0000
>  > @@ -403,7 +403,7 @@
>  >       mutex_enter(&mfs_lock);
>  >       mfsp->mfs_refcnt++;
>  >       mutex_exit(&mfs_lock);
>  > -     vfs_unbusy(mp, false, NULL);
>  > +     vfs_unbusy(mp, true, NULL);
>  >
>  >       base = mfsp->mfs_baseoff;
>  >       mutex_enter(&mfs_lock);
>
>
> That would leak a reference to the mountpoint in some cases. Since a
>  reference is held for us across VFS_START(), and dounmount() always
>  consumes a reference, we can simply add one before calling dounmount().
>  I will check in fix.
>
>
>  Andrew
>

Thanks, it is fixed for me.
(At least in a XEN DOM0 kernel I've just tested it.)

Stathis


Home | Main Index | Thread Index | Old Index