kern/159663: sockets don't work though nullfs mounts

Mikolaj Golub trociny at
Sun Sep 25 22:23:52 UTC 2011


On Sun, 25 Sep 2011 17:32:27 +0200 Robert Millan wrote:

 RM> 2011/9/24 Robert Millan <rmh at>:
 >> I found a thread from 2007 with further discussion about this problem:

 RM> Hi,

 RM> I've looked at the situation in a bit more detail, for now only with
 RM> sockets in mind (not named pipes).  My understanding is (please
 RM> correct me if I'm wrong):

 RM> - nullfs holds reference counts for each vnode, but sockets have their
 RM> own mechanism for reference counting (so_count / soref / sorele).
 RM> vnode reference counting doesn't protect against socket being closed,
 RM> which would leave a stale pointer in the upper nullfs layer.

 RM> - Increasing the reference count of the socket itself can't be done in
 RM> null_nodeget() because this function is merely a getter whose call
 RM> doesn't indicate any meaningful event.

 RM> - It's not clear to me that there's any event in time where the socket
 RM> reference can be increased.  If mounting a nullfs were that event,
 RM> then all existing sockets would be soref'ed but we wouldn't be
 RM> soref'ing future sockets created in the lower layer after the mount.
 RM> This doesn't seem correct.

 RM> - Possible solution: null_nodeget() semantics are replaced with
 RM> something that actually allows vnodes in the upper layer to be created
 RM> and destroyed.

 RM> - Possible solution: upper layer has a memory structure to keep track
 RM> of which sockets in the lower layer have been soref'ed.

It looks like there is no need in setting vp->v_un = lowervp->v_un for
VFIFO. They work without this modification bypassing vnode operations to lover
node and lowervp->v_un is used.

The issue is only with local sockets, because when bind or connnect is called
for nullfs file the upper v_un is used.

For me the approach "vp->v_un = lowervp->v_un" has many complications. May be
it is much easier to use always only lower vnode? What we need for this is to
make bind and connect get the lower vnode when they are called on nullfs file.

As a proof of concept below is a patch that implements it. Currently I am not
sure that vrele/vref magic is done properly, but it looks like it works for

The issues with this approach I see so far:

- we need an additional flag for namei;

- nullfs can be unmounted with a socket file still being opened.

Mikolaj Golub

-------------- next part --------------
A non-text attachment was scrubbed...
Name: nullfs.sockets.patch
Type: text/x-patch
Size: 2941 bytes
Desc: not available
Url :

More information about the freebsd-bugs mailing list