Module Name: src
Committed By: hannken
Date: Fri Jan 3 09:53:12 UTC 2014
Modified Files:
src/sys/fs/tmpfs: tmpfs_subr.c tmpfs_vnops.c
Log Message:
Fix a race where thread1 runs VOP_REMOVE() and gets preempted in
tmpfs_reclaim() before the call to tmpfs_free_node(). Thread2
runs VFS_FHTOVP() and gets a new vnode attached to the node thread1
is about to destroy.
Change tmpfs_alloc_node() to always assign non-zero generation number
and tmpfs_inactive() to set the generation number of unlinked nodes
to zero.
To generate a diff of this commit:
cvs rdiff -u -r1.92 -r1.93 src/sys/fs/tmpfs/tmpfs_subr.c
cvs rdiff -u -r1.110 -r1.111 src/sys/fs/tmpfs/tmpfs_vnops.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/fs/tmpfs/tmpfs_subr.c
diff -u src/sys/fs/tmpfs/tmpfs_subr.c:1.92 src/sys/fs/tmpfs/tmpfs_subr.c:1.93
--- src/sys/fs/tmpfs/tmpfs_subr.c:1.92 Sun Nov 24 17:16:29 2013
+++ src/sys/fs/tmpfs/tmpfs_subr.c Fri Jan 3 09:53:12 2014
@@ -1,4 +1,4 @@
-/* $NetBSD: tmpfs_subr.c,v 1.92 2013/11/24 17:16:29 rmind Exp $ */
+/* $NetBSD: tmpfs_subr.c,v 1.93 2014/01/03 09:53:12 hannken Exp $ */
/*
* Copyright (c) 2005-2013 The NetBSD Foundation, Inc.
@@ -74,7 +74,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: tmpfs_subr.c,v 1.92 2013/11/24 17:16:29 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: tmpfs_subr.c,v 1.93 2014/01/03 09:53:12 hannken Exp $");
#include <sys/param.h>
#include <sys/cprng.h>
@@ -127,7 +127,13 @@ tmpfs_alloc_node(tmpfs_mount_t *tmp, enu
* for applications that do not understand 64-bit ino_t.
*/
nnode->tn_id = (ino_t)((uintptr_t)nnode / sizeof(*nnode));
- nnode->tn_gen = TMPFS_NODE_GEN_MASK & cprng_fast32();
+ /*
+ * Make sure the generation number is not zero.
+ * tmpfs_inactive() uses generation zero to mark dead nodes.
+ */
+ do {
+ nnode->tn_gen = TMPFS_NODE_GEN_MASK & cprng_fast32();
+ } while (nnode->tn_gen == 0);
/* Generic initialization. */
nnode->tn_type = type;
@@ -252,6 +258,7 @@ tmpfs_free_node(tmpfs_mount_t *tmp, tmpf
default:
break;
}
+ KASSERT(node->tn_vnode == NULL);
KASSERT(node->tn_links == 0);
mutex_destroy(&node->tn_vlock);
Index: src/sys/fs/tmpfs/tmpfs_vnops.c
diff -u src/sys/fs/tmpfs/tmpfs_vnops.c:1.110 src/sys/fs/tmpfs/tmpfs_vnops.c:1.111
--- src/sys/fs/tmpfs/tmpfs_vnops.c:1.110 Tue Dec 24 09:23:33 2013
+++ src/sys/fs/tmpfs/tmpfs_vnops.c Fri Jan 3 09:53:12 2014
@@ -1,4 +1,4 @@
-/* $NetBSD: tmpfs_vnops.c,v 1.110 2013/12/24 09:23:33 hannken Exp $ */
+/* $NetBSD: tmpfs_vnops.c,v 1.111 2014/01/03 09:53:12 hannken Exp $ */
/*
* Copyright (c) 2005, 2006, 2007 The NetBSD Foundation, Inc.
@@ -35,7 +35,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: tmpfs_vnops.c,v 1.110 2013/12/24 09:23:33 hannken Exp $");
+__KERNEL_RCSID(0, "$NetBSD: tmpfs_vnops.c,v 1.111 2014/01/03 09:53:12 hannken Exp $");
#include <sys/param.h>
#include <sys/dirent.h>
@@ -49,6 +49,7 @@ __KERNEL_RCSID(0, "$NetBSD: tmpfs_vnops.
#include <sys/vnode.h>
#include <sys/lockf.h>
#include <sys/kauth.h>
+#include <sys/atomic.h>
#include <uvm/uvm.h>
@@ -1052,7 +1053,15 @@ tmpfs_inactive(void *v)
KASSERT(VOP_ISLOCKED(vp));
node = VP_TO_TMPFS_NODE(vp);
- *ap->a_recycle = (node->tn_links == 0);
+ if (node->tn_links == 0) {
+ /*
+ * Mark node as dead by setting its generation to zero.
+ */
+ atomic_and_32(&node->tn_gen, ~TMPFS_NODE_GEN_MASK);
+ *ap->a_recycle = true;
+ } else {
+ *ap->a_recycle = false;
+ }
VOP_UNLOCK(vp);
return 0;
