tech-kern archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: possible fix for PR 39307 (mfs sometimes crashing on unmount)
2008/9/25, Andrew Doran <ad%netbsd.org@localhost>:
> On Thu, Sep 25, 2008 at 09:54:09PM +0930, Brett Lymn wrote:
>
> > I have been puzzling over the symptoms of PR # 39307 for a while, mfs
> > sometimes causes a panic in VFS_START. Looking at it, mfs is a
> > strange beast. The start routine (mfs_start) does not exit until the
> > mount is going away and then mfs_start() actually calls dounmount()
> > directly to unmount itself - once this is done, the race is on, can
> > mfs_start() exit and VFS_START() do it's final bit before the memory
> > that was the struct mount * is reused. Hence the crash.
>
>
> Wow, I completely ignored that call to dounmount().
>
>
> > following fixes the symptom but I don't know if it is the "right" way
> > to fix the bug:
> >
> > Index: mfs_vfsops.c
> > ===================================================================
> > RCS file: /cvsroot/src/sys/ufs/mfs/mfs_vfsops.c,v
> > retrieving revision 1.98
> > diff -u -r1.98 mfs_vfsops.c
> > --- mfs_vfsops.c 28 Jun 2008 01:34:05 -0000 1.98
> > +++ mfs_vfsops.c 25 Sep 2008 12:23:29 -0000
> > @@ -403,7 +403,7 @@
> > mutex_enter(&mfs_lock);
> > mfsp->mfs_refcnt++;
> > mutex_exit(&mfs_lock);
> > - vfs_unbusy(mp, false, NULL);
> > + vfs_unbusy(mp, true, NULL);
> >
> > base = mfsp->mfs_baseoff;
> > mutex_enter(&mfs_lock);
>
>
> That would leak a reference to the mountpoint in some cases. Since a
> reference is held for us across VFS_START(), and dounmount() always
> consumes a reference, we can simply add one before calling dounmount().
> I will check in fix.
>
>
> Andrew
>
Thanks, it is fixed for me.
(At least in a XEN DOM0 kernel I've just tested it.)
Stathis
Home |
Main Index |
Thread Index |
Old Index