misc/173120: jail delete causes panic (patch included)
Steven Hartland
steven.hartland at multiplay.co.uk
Fri Oct 26 09:50:01 UTC 2012
>Number: 173120
>Category: misc
>Synopsis: jail delete causes panic (patch included)
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Fri Oct 26 09:50:00 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator: Steven Hartland
>Release: 8.3-RELEASE
>Organization:
Multiplay
>Environment:
FreeBSD dev 8.3-RELEASE-p4 FreeBSD 8.3-RELEASE-p4 #22: Mon Sep 17 17:18:32 UTC 2012 root at dev:/usr/obj/usr/src/sys/MULTIPLAY amd64
>Description:
Stopping / starting a jail "can" cause kernel panic due to incorrect pr_uref accounting.
An old discussion on this issue can be found in the following thread:-
http://lists.freebsd.org/pipermail/freebsd-jail/2011-August/001623.html
>How-To-Repeat:
Stop and start jails a lot, its not a regular occurrence but with hundreds of start / stops panics do occur.
>Fix:
Apply the attached patch.
We've been running this for over a year now on highly hundreds of active jail machines and not single panic since apply the patch.
Patch attached with submission follows:
Fix panic on jail delete
--- sys/kern/kern_jail.c.orig 2011-08-20 21:17:14.856618854 +0100
+++ sys/kern/kern_jail.c 2011-08-21 01:56:58.429894825 +0100
@@ -2449,27 +2449,16 @@
mtx_lock(&pr->pr_mtx);
/* Decrement the user references in a separate loop. */
if (flags & PD_DEUREF) {
- for (tpr = pr;; tpr = tpr->pr_parent) {
- if (tpr != pr)
- mtx_lock(&tpr->pr_mtx);
- if (--tpr->pr_uref > 0)
- break;
- KASSERT(tpr != &prison0, ("prison0 pr_uref=0"));
- mtx_unlock(&tpr->pr_mtx);
- }
+ pr->pr_uref--;
/* Done if there were only user references to remove. */
if (!(flags & PD_DEREF)) {
- mtx_unlock(&tpr->pr_mtx);
+ mtx_unlock(&pr->pr_mtx);
if (flags & PD_LIST_SLOCKED)
sx_sunlock(&allprison_lock);
else if (flags & PD_LIST_XLOCKED)
sx_xunlock(&allprison_lock);
return;
}
- if (tpr != pr) {
- mtx_unlock(&tpr->pr_mtx);
- mtx_lock(&pr->pr_mtx);
- }
}
for (;;) {
@@ -2525,6 +2514,8 @@
/* Removing a prison frees a reference on its parent. */
pr = ppr;
mtx_lock(&pr->pr_mtx);
+ /* Ensure user reference added on create is removed */
+ pr->pr_uref--;
flags = PD_DEREF;
}
}
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list