On Jan 3, 2014, at 10:13 PM, Mindaugas Rasiukevicius <rm...@netbsd.org> wrote:
> "Juergen Hannken-Illjes" <hann...@netbsd.org> wrote: >> Module Name: src >> Committed By: hannken >> Date: Fri Jan 3 09:53:12 UTC 2014 >> >> Modified Files: >> src/sys/fs/tmpfs: tmpfs_subr.c tmpfs_vnops.c >> >> Log Message: >> Fix a race where thread1 runs VOP_REMOVE() and gets preempted in >> tmpfs_reclaim() before the call to tmpfs_free_node(). Thread2 >> runs VFS_FHTOVP() and gets a new vnode attached to the node thread1 >> is about to destroy. >> >> Change tmpfs_alloc_node() to always assign non-zero generation number >> and tmpfs_inactive() to set the generation number of unlinked nodes >> to zero. > > Can you explain how does this help? It still seems racy to me. Please describe the race in more detail. Tmpfs_fhtovp() will fail as soon as an unlinked tmpfs node drops its last vnode reference. > Why not just check for tn_links == 0 in tmpfs_fhtovp()? Because it is ok as long as the corresponding vnode is open/referenced. -- J. Hannken-Illjes - hann...@eis.cs.tu-bs.de - TU Braunschweig (Germany)