CVS commit: [netbsd-7] src/sys/fs/puffs

Sun, 09 Nov 2014 02:09:57 -0800 

Module Name:    src
Committed By:   msaitoh
Date:           Sun Nov  9 10:09:32 UTC 2014

Modified Files:
        src/sys/fs/puffs [netbsd-7]: puffs_node.c puffs_vnops.c

Log Message:
Pull up following revision(s) (requested by manu in ticket #194):
        sys/fs/puffs/puffs_vnops.c: revision 1.197
        sys/fs/puffs/puffs_node.c: revision 1.35
Fix PUFFS node use-after-reclaim
When puffs_cookie2vnode() misses an entry, vcache_get()
creates a new node (puffs_vfsop_loadvnode being called to
initialize the PUFFS part), then it discovers it is VNON,
and tries to vrele() it. vrele() calls VOP_INACTIVE(),
which led us in puffs_vnop_inactive() where we sent a
request to the filesystem for a node that already had been
reclaimed.
The fix is to check for VNON nodes in puffs_vnop_inactive()
and to return without doing anyting. This is suboptimal, but
a better workaround would probably need to modify vcache API,
with an impact on other filesystems. Let us keep it simple.


To generate a diff of this commit:
cvs rdiff -u -r1.31.4.3 -r1.31.4.4 src/sys/fs/puffs/puffs_node.c
cvs rdiff -u -r1.182.2.10 -r1.182.2.11 src/sys/fs/puffs/puffs_vnops.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/sys/fs/puffs/puffs_node.c
diff -u src/sys/fs/puffs/puffs_node.c:1.31.4.3 src/sys/fs/puffs/puffs_node.c:1.31.4.4
--- src/sys/fs/puffs/puffs_node.c:1.31.4.3	Tue Sep 30 18:14:22 2014
+++ src/sys/fs/puffs/puffs_node.c	Sun Nov  9 10:09:32 2014
@@ -1,4 +1,4 @@
-/*	$NetBSD: puffs_node.c,v 1.31.4.3 2014/09/30 18:14:22 martin Exp $	*/
+/*	$NetBSD: puffs_node.c,v 1.31.4.4 2014/11/09 10:09:32 msaitoh Exp $	*/
 
 /*
  * Copyright (c) 2005, 2006, 2007  Antti Kantee.  All Rights Reserved.
@@ -30,7 +30,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: puffs_node.c,v 1.31.4.3 2014/09/30 18:14:22 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: puffs_node.c,v 1.31.4.4 2014/11/09 10:09:32 msaitoh Exp $");
 
 #include <sys/param.h>
 #include <sys/hash.h>
@@ -266,6 +266,7 @@ puffs_cookie2vnode(struct puffs_mount *p
 	mutex_enter((*vpp)->v_interlock);
 	if ((*vpp)->v_type == VNON) {
 		mutex_exit((*vpp)->v_interlock);
+		/* XXX vrele() calls VOP_INACTIVE() with VNON node */
 		vrele(*vpp);
 		*vpp = NULL;
 		return PUFFS_NOSUCHCOOKIE;

Index: src/sys/fs/puffs/puffs_vnops.c
diff -u src/sys/fs/puffs/puffs_vnops.c:1.182.2.10 src/sys/fs/puffs/puffs_vnops.c:1.182.2.11
--- src/sys/fs/puffs/puffs_vnops.c:1.182.2.10	Sun Nov  9 10:07:31 2014
+++ src/sys/fs/puffs/puffs_vnops.c	Sun Nov  9 10:09:32 2014
@@ -1,4 +1,4 @@
-/*	$NetBSD: puffs_vnops.c,v 1.182.2.10 2014/11/09 10:07:31 msaitoh Exp $	*/
+/*	$NetBSD: puffs_vnops.c,v 1.182.2.11 2014/11/09 10:09:32 msaitoh Exp $	*/
 
 /*
  * Copyright (c) 2005, 2006, 2007  Antti Kantee.  All Rights Reserved.
@@ -30,7 +30,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: puffs_vnops.c,v 1.182.2.10 2014/11/09 10:07:31 msaitoh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: puffs_vnops.c,v 1.182.2.11 2014/11/09 10:09:32 msaitoh Exp $");
 
 #include <sys/param.h>
 #include <sys/buf.h>
@@ -1336,6 +1336,18 @@ puffs_vnop_inactive(void *v)
 	struct puffs_node *pnode;
 	bool recycle = false;
 
+	/*
+	 * When puffs_cookie2vnode() misses an entry, vcache_get()
+	 * creates a new node (puffs_vfsop_loadvnode being called to
+	 * initialize the PUFFS part), then it discovers it is VNON,
+	 * and tries to vrele() it. This leads us there, while the 
+	 * cookie was stall and the node likely already reclaimed. 
+	 */
+	if (vp->v_type == VNON) {
+		VOP_UNLOCK(vp);
+		return 0;
+	}
+
 	pnode = vp->v_data;
 	mutex_enter(&pnode->pn_sizemtx);

Reply via email to