fusefs-kmod broken?
Ian FREISLICH
ianf at clue.co.za
Mon Aug 23 13:29:10 UTC 2010
Ian FREISLICH wrote:
> John Baldwin wrote:
> > The uart thing is a red herring, notice the actual PC value is '0'. Someth
ing
> > in kern_open() invoked a NULL function pointer. Doing 'l *kern_open+0x35'
in
> > kgdb would be a good start of where to look.
>
> (kgdb) l *kern_open+0x35
> 0xc0649ce5 is in kern_open (/usr/src/sys/kern/vfs_syscalls.c:1040).
> 1035 kern_open(struct thread *td, char *path, enum uio_seg pathseg, int fl
ags,
> 1036 int mode)
> 1037 {
> 1038
> 1039 return (kern_openat(td, AT_FDCWD, path, pathseg, flags, mode)
);
> 1040 }
> 1041
> 1042 int
> 1043 kern_openat(struct thread *td, int fd, char *path, enum uio_seg paths
eg,
> 1044 int flags, int mode)
>
> That's what my reading seemed indicate. I had to downgrade the
> system back to 8.0-STABLE at around 21 April 2010, to get the system
> working.
>
> I'm currently doing a binary search to find offending commit, since
> CURRENT and STABLE panic reliably, and in the same way I'm sure
> that the problem is common to both.
>
> I'm down to a window of 9 hours. My money is currently on:
>
> Working file: sys/kern/vfs_syscalls.c
> Approved by: re (bz)
> ----------------------------
> revision 1.487.2.7
> date: 2010/04/27 10:47:54; author: kib; state: Exp; lines: +2 -15
> SVN rev 207270 on 2010-04-27 10:47:54Z by kib
>
> MFC r206547:
> Handle a case in kern_openat() when vn_open() change file type from
> DTYPE_VNODE.
> ----------------------------
Confirmed.
1.487.2.6 doesn't panic, 1.487.2.7 does. This is the change that
results in the panic.
--- sys/kern/vfs_syscalls.c 16 Apr 2010 08:32:08 -0000 1.487.2.6
+++ sys/kern/vfs_syscalls.c 27 Apr 2010 10:47:54 -0000 1.487.2.7
@@ -35,7 +35,7 @@
*/
#include <sys/cdefs.h>
-__FBSDID("$FreeBSD: src/sys/kern/vfs_syscalls.c,v 1.487.2.6 2010/04/16 08:32:08 kib Exp $");
+__FBSDID("$FreeBSD: src/sys/kern/vfs_syscalls.c,v 1.487.2.7 2010/04/27 10:47:54 kib Exp $");
#include "opt_compat.h"
#include "opt_kdtrace.h"
@@ -1047,8 +1047,6 @@
struct filedesc *fdp = p->p_fd;
struct file *fp;
struct vnode *vp;
- struct vattr vat;
- struct mount *mp;
int cmode;
struct file *nfp;
int type, indx, error;
@@ -1141,7 +1139,7 @@
}
VOP_UNLOCK(vp, 0);
- if (flags & (O_EXLOCK | O_SHLOCK)) {
+ if (fp->f_type == DTYPE_VNODE && (flags & (O_EXLOCK | O_SHLOCK)) != 0) {
lf.l_whence = SEEK_SET;
lf.l_start = 0;
lf.l_len = 0;
@@ -1158,18 +1156,7 @@
atomic_set_int(&fp->f_flag, FHASLOCK);
}
if (flags & O_TRUNC) {
- if ((error = vn_start_write(vp, &mp, V_WAIT | PCATCH)) != 0)
- goto bad;
- VATTR_NULL(&vat);
- vat.va_size = 0;
- vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
-#ifdef MAC
- error = mac_vnode_check_write(td->td_ucred, fp->f_cred, vp);
- if (error == 0)
-#endif
- error = VOP_SETATTR(vp, &vat, td->td_ucred);
- VOP_UNLOCK(vp, 0);
- vn_finished_write(mp);
+ error = fo_truncate(fp, 0, td->td_ucred, td);
if (error)
goto bad;
}
mount:
/dev/fuse0 on /1-wire (fusefs, local, synchronous)
Something about it has a write
echo -n 192 > /1-wire/29.A52A03000000/PIO.BYTE
Panic. But not like:
echo -n 192 >> /1-wire/29.A52A03000000/PIO.BYTE
I suspect the truncate is not safe. Or, at least this fuse presented
fite cannot be truncated.
Ian
--
Ian Freislich
More information about the freebsd-current
mailing list