I have a candidate patch for kern/28448, which at this point only
affects -6 (and -5, but it's presumably not getting fixed there) --
the issue is that lookups of ".." can deadlock.
The patch has passed an anita run, so it isn't overtly toxic, but
that's not itself all that persuasive. I don't have a -6 test
environment (or in fact anything with -6 other than transient VMs)
so it would be helpful if someone could try this out in the field.
It's not clear that anyone has ever seen this deadlock in the wild,
so evidence that the patch doesn't make layers explode is probably
sufficient.
because extracting patches from gnats is so much fun, here's a copy.
(for some reason the last N years it didn't occur to me that the
solution could be this simple... sigh)
Index: sys/miscfs/genfs/layer_vnops.c
===================================================================
RCS file: /cvsroot/src/sys/miscfs/genfs/layer_vnops.c,v
retrieving revision 1.50.8.1
diff -u -p -r1.50.8.1 layer_vnops.c
--- sys/miscfs/genfs/layer_vnops.c 18 Nov 2012 18:36:58 -0000 1.50.8.1
+++ sys/miscfs/genfs/layer_vnops.c 14 Oct 2015 20:14:42 -0000
@@ -382,7 +382,21 @@ layer_lookup(void *v)
vref(dvp);
*ap->a_vpp = dvp;
vrele(lvp);
- } else if (lvp != NULL) {
+ } else if (lvp == NULL) {
+ /* nothing */
+ } else if (cnp->cn_flags & ISDOTDOT) {
+ /* must unlock dvp temporarily to conform to lock ordering */
+ struct mount *mp;
+
+ /* mp can't disappear because we still hold a ref on dvp */
+ mp = dvp->v_mount;
+ VOP_UNLOCK(dvp);
+ error = layer_node_create(mp, lvp, ap->a_vpp);
+ vn_lock(dvp, LK_EXCLUSIVE | LK_RETRY);
+ if (error) {
+ vrele(lvp);
+ }
+ } else {
/* Note: dvp, ldvp and lvp are all locked. */
error = layer_node_create(dvp->v_mount, lvp, ap->a_vpp);
if (error) {
--
David A. Holland
dholl...@netbsd.org
