Re: kern/41051: do_sys_rename mp resource race

To: kern-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost,pooka%iki.fi@localhost
Subject: Re: kern/41051: do_sys_rename mp resource race
From: Andrew Doran <ad%netbsd.org@localhost>
Date: Sat, 21 Mar 2009 14:35:01 +0000 (UTC)

The following reply was made to PR kern/41051; it has been noted by GNATS.

From: Andrew Doran <ad%netbsd.org@localhost>
To: gnats-bugs%NetBSD.org@localhost
Cc: 
Subject: Re: kern/41051: do_sys_rename mp resource race
Date: Sat, 21 Mar 2009 14:34:36 +0000

 On Sat, Mar 21, 2009 at 08:40:03AM +0000, Antti Kantee wrote:

 >  >  > take reference to mp around rename
 >  >  
 >  >  Disagree. I think VOPs should not, in general, be dropping refs to vnodes
 >  >  that the caller provides.
 >  
 >  do_sys_rename() is not a VOP, neither is vfs_destroy().  What do you
 >  mean by a VOP here?

 Well in general the model is that references propagate. So if you hold a
 reference at some point, say a a file descriptor, everything down the chain
 from that persists, be it a file, vnode, mount, socket - whatever. I'm
 guessing you probably already grok that.

 VOP_RENAME() is a pariah here because it tosses the caller's dvp references.
 On the way in both mount structures involved are valid but after it returns,
 either can be gone. So the operation is not logically complete from the
 driver's perspective (do_sys_rename) but the objects involved are already
 gone.

 (Incidentally, it looks like there is also a bug in vflush, where it is
 doing insmntque() on block/char device vnodes for some reason. I have
 no idea why.)

Prev by Date: kern/41052: pppoe(4): PPPOE_TERM_UNKNOWN_SESSIONS should be a runtime option
Next by Date: Re: port-i386/40143 (Viewing an mpeg transport stream with mplayer causes crash)
Previous by Thread: Re: kern/41051: do_sys_rename mp resource race
Next by Thread: Re: kern/41051: do_sys_rename mp resource race
Indexes:

Home | Main Index | Thread Index | Old Index