kern/116608: [panic] [patch] [msdosfs] msdosfs fails to check
mount options
Eugene Grosbein
eugen at grosbein.pp.ru
Tue Sep 25 08:40:07 PDT 2007
The following reply was made to PR kern/116608; it has been noted by GNATS.
From: Eugene Grosbein <eugen at grosbein.pp.ru>
To: bug-followup at freebsd.org
Cc: Bruce Evans <brde at optusnet.com.au>
Subject: Re: kern/116608: [panic] [patch] [msdosfs] msdosfs fails to check mount options
Date: Tue, 25 Sep 2007 23:32:15 +0800
On Mon, 24 Sep 2007, Bruce Evans wrote:
> I saw similar bogus errors and panics for the bug in rev.1.152 (-current)
> and 1.144.2.5 (RELENG_6). This bug is for remounting from rw to ro.
> markvoldirty() is called after changing to to, so it creates an unflushable
> buffer. Unflushable buffers are supposed to be retried endlessly, but
> another bug causes a panic. Committing of fixes for these bugs are
> pending.
While the patch I've sent in the PR is correct, it discovers another
panic if there is mountd process running at the moment of mount.
Or if it's run later. Here is a scenario:
1. mount_msdosfs(8) calls nmount() with options "ro" and "rw" (in this order).
2. vfs_donmount() notes "rw", clears MNT_RDONLY flag and adds "noro"
to the option list.
3. So, msdosfs_mount() is called without MNT_UPDATE flag, without MNT_RDONLY
flag and with options "ro", "rw" and "noro". It ignores "noro",
and with mentioned patch it ignores "ro" also and does read-write mount.
4. mountd(8) calls nmount() with exactly same options but adds
MNT_UPDATE flag
5. So, msdosfs_mount() is called second time, now with MNT_UPDATE,
ignores options "noro" and "rw", notes option "ro", tries to remount
filesystem from read-write to read-only and hits another unfixed bug
in the kernel you mentioned above and kernel panices a couple of second
later.
Well, I think that vfs_donmount() has to be fixed to remove "ro"
when it adds "noro", hasn't it?
Eugene Grosbein
More information about the freebsd-bugs
mailing list