Re: rototilling the vnode life cycle

To: Taylor R Campbell <campbell+netbsd-tech-kern%mumble.net@localhost>
Subject: Re: rototilling the vnode life cycle
From: David Holland <dholland-tech%netbsd.org@localhost>
Date: Fri, 28 Feb 2014 18:10:11 +0000

On Fri, Feb 28, 2014 at 03:41:33PM +0000, Taylor R Campbell wrote:
 > Nope.  After DESTROYING it gets freed.  The protocol is this:
 > 
 > 1. When vfs decides to destroy a vnode, it enters DESTROYING.
 > 2. During this time, vget returns ENOENT for it.
 > 3. VOP_RECLAIM unhooks it from all data structures (e.g., ufs_ihash).
 > 4. Once VOP_RECLAIM returns, nobody else will even try to vget it.
 > 5. vfs vnfrees the vnode.
 > 
 > That said, I made vnfree change its state to UNINITIALIZED so that
 > anything trying to use-after-free will crash.

For this to work, the inode must be synced before it enters the
DESTROYING state. Otherwise you get this fun exciting race:

    vp becomes inactive
    vfs decides to destroy vp
    vp's state is now DESTROYING
        someone else looks up this inode
        vget returns ENOENT
        a new vnode nvp is created and loaded
    VOP_RECLAIM is called
    vp gets synced

and now nvp is wrong.

If I'm reading the ffs code correctly it doesn't do the final stuff
until reclaim. But I might not be.

-- 
David A. Holland
dholland%netbsd.org@localhost

References:
- Re: rototilling the vnode life cycle
  - From: J . Hannken-Illjes
- Re: rototilling the vnode life cycle
  - From: Taylor R Campbell

Prev by Date: Re: rototilling the vnode life cycle
Next by Date: Vnode API change: mnt_vnodelist traversal
Previous by Thread: Re: rototilling the vnode life cycle
Next by Thread: Vnode API change: mnt_vnodelist traversal
Indexes:

Home | Main Index | Thread Index | Old Index