kern/159663: sockets don't work though nullfs mounts

Robert Millan rmh at
Sun Sep 25 15:32:28 UTC 2011

2011/9/24 Robert Millan <rmh at>:
> I found a thread from 2007 with further discussion about this problem:


I've looked at the situation in a bit more detail, for now only with
sockets in mind (not named pipes).  My understanding is (please
correct me if I'm wrong):

- nullfs holds reference counts for each vnode, but sockets have their
own mechanism for reference counting (so_count / soref / sorele).
vnode reference counting doesn't protect against socket being closed,
which would leave a stale pointer in the upper nullfs layer.

- Increasing the reference count of the socket itself can't be done in
null_nodeget() because this function is merely a getter whose call
doesn't indicate any meaningful event.

- It's not clear to me that there's any event in time where the socket
reference can be increased.  If mounting a nullfs were that event,
then all existing sockets would be soref'ed but we wouldn't be
soref'ing future sockets created in the lower layer after the mount.
This doesn't seem correct.

- Possible solution: null_nodeget() semantics are replaced with
something that actually allows vnodes in the upper layer to be created
and destroyed.

- Possible solution: upper layer has a memory structure to keep track
of which sockets in the lower layer have been soref'ed.

More information about the freebsd-bugs mailing list