Panic after mount() fail.
Pawel Jakub Dawidek
nick at garage.freebsd.pl
Mon Nov 17 02:06:17 PST 2003
Hello.
There is a problem with mount(2) failures. It can cause panics.
How-to-repeat.
# dd if=/dev/random of=/test.img bs=1m count=8
# mdconfig -a -t vnode -f /test.img -u 25
# mkdir -p /mnt/test
# mount /dev/md25 /mnt/test
(fail)
# mount /dev/md25 /mnt/test
(panic "Memory modified after free ...")
This is because on failure mutex is not destroyed.
Patch:
--- vfs_mount.c.orig Sun Nov 16 15:46:56 2003
+++ vfs_mount.c Sun Nov 16 15:21:48 2003
@@ -1061,6 +1061,7 @@ update:
vfs_unbusy(mp, td);
else {
mp->mnt_vfc->vfc_refcount--;
+ mtx_destroy(&mp->mnt_mtx);
vfs_unbusy(mp, td);
#ifdef MAC
mac_destroy_mount(mp);
@@ -1142,6 +1143,7 @@ update:
vp->v_iflag &= ~VI_MOUNT;
VI_UNLOCK(vp);
mp->mnt_vfc->vfc_refcount--;
+ mtx_destroy(&mp->mnt_mtx);
vfs_unbusy(mp, td);
#ifdef MAC
mac_destroy_mount(mp);
--
Pawel Jakub Dawidek pawel at dawidek.net
UNIX Systems Programmer/Administrator http://garage.freebsd.pl
Am I Evil? Yes, I Am! http://cerber.sourceforge.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 305 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-current/attachments/20031117/fedab517/attachment.bin
More information about the freebsd-current
mailing list