Panic after mount() fail.
Robert Watson
rwatson at freebsd.org
Mon Nov 17 06:37:04 PST 2003
On Mon, 17 Nov 2003, Pawel Jakub Dawidek wrote:
> Hello.
>
> There is a problem with mount(2) failures. It can cause panics.
>
> How-to-repeat.
>
> # dd if=/dev/random of=/test.img bs=1m count=8
> # mdconfig -a -t vnode -f /test.img -u 25
> # mkdir -p /mnt/test
> # mount /dev/md25 /mnt/test
> (fail)
> # mount /dev/md25 /mnt/test
> (panic "Memory modified after free ...")
>
> This is because on failure mutex is not destroyed.
This appears not to apply (and possibly not need to apply) against
vfs_mount.c:1.115. Could you update to that revision and confirm that the
problem persists? The change introduces a common vfs_mount_destroy()
call, which is much more careful to destroy the struct mount mtx than the
previous code.
Robert N M Watson FreeBSD Core Team, TrustedBSD Projects
robert at fledge.watson.org Network Associates Laboratories
>
> Patch:
>
> --- vfs_mount.c.orig Sun Nov 16 15:46:56 2003
> +++ vfs_mount.c Sun Nov 16 15:21:48 2003
> @@ -1061,6 +1061,7 @@ update:
> vfs_unbusy(mp, td);
> else {
> mp->mnt_vfc->vfc_refcount--;
> + mtx_destroy(&mp->mnt_mtx);
> vfs_unbusy(mp, td);
> #ifdef MAC
> mac_destroy_mount(mp);
> @@ -1142,6 +1143,7 @@ update:
> vp->v_iflag &= ~VI_MOUNT;
> VI_UNLOCK(vp);
> mp->mnt_vfc->vfc_refcount--;
> + mtx_destroy(&mp->mnt_mtx);
> vfs_unbusy(mp, td);
> #ifdef MAC
> mac_destroy_mount(mp);
>
> --
> Pawel Jakub Dawidek pawel at dawidek.net
> UNIX Systems Programmer/Administrator http://garage.freebsd.pl
> Am I Evil? Yes, I Am! http://cerber.sourceforge.net
>
More information about the freebsd-current
mailing list