svn commit: r234386 - in head/sys: fs/coda fs/ext2fs fs/msdosfs fs/nfsclient kern nfsclient sys ufs/ffs ufs/ufs

Sergey Kandaurov pluknet at freebsd.org
Sat May 5 09:00:38 UTC 2012 

On 17 April 2012 20:28, Kirk McKusick <mckusick at freebsd.org> wrote:
> Author: mckusick
> Date: Tue Apr 17 16:28:22 2012
> New Revision: 234386
> URL: http://svn.freebsd.org/changeset/base/234386
>
> Log:
>  Replace the MNT_VNODE_FOREACH interface with MNT_VNODE_FOREACH_ALL.
>  The primary changes are that the user of the interface no longer
>  needs to manage the mount-mutex locking and that the vnode that
>  is returned has its mutex locked (thus avoiding the need to check
>  to see if its is DOOMED or other possible end of life senarios).
>
>  To minimize compatibility issues for third-party developers, the
>  old MNT_VNODE_FOREACH interface will remain available so that this
>  change can be MFC'ed to 9. Following the MFC to 9, MNT_VNODE_FOREACH
>  will be removed in head.
>
>  The reason for this update is to prepare for the addition of the
>  MNT_VNODE_FOREACH_ACTIVE interface that will loop over just the
>  active vnodes associated with a mount point (typically less than
>  1% of the vnodes associated with the mount point).
>
>  Reviewed by: kib
>  Tested by:   Peter Holm
>  MFC after:   2 weeks
>

Hi.

This commit crashes on old nfsclient. Looks like this change is missed.

Index: nfsclient/nfs_vfsops.c
===================================================================
--- nfsclient/nfs_vfsops.c      (revision 235051)
+++ nfsclient/nfs_vfsops.c      (working copy)
@@ -1452,6 +1452,7 @@
                MNT_IUNLOCK(mp);
                return (EBADF);
        }
+       MNT_IUNLOCK(mp);

        /*
         * Force stale buffer cache information to be flushed.


[...]
>
> Modified: head/sys/nfsclient/nfs_vfsops.c
> ==============================================================================
> --- head/sys/nfsclient/nfs_vfsops.c     Tue Apr 17 14:54:00 2012        (r234385)
> +++ head/sys/nfsclient/nfs_vfsops.c     Tue Apr 17 16:28:22 2012        (r234386)
> @@ -1457,19 +1457,15 @@ nfs_sync(struct mount *mp, int waitfor)
>         * Force stale buffer cache information to be flushed.
>         */
>  loop:
> -       MNT_VNODE_FOREACH(vp, mp, mvp) {
> -               VI_LOCK(vp);
> -               MNT_IUNLOCK(mp);
> +       MNT_VNODE_FOREACH_ALL(vp, mp, mvp) {

Now this call results in malloc() and MNT_ILOCK(mp) inside
__mnt_vnode_first_all().
But MNT_ILOCK(mp) is already done few lines above (probably because
its MNT_IUNLOCK() counterpart was missed in this commit?).


[...]
> +struct vnode *
> +__mnt_vnode_first_all(struct vnode **mvp, struct mount *mp)
> +{
> +       struct vnode *vp;
> +

To the moment it already holds MNT_ILOCK(mp) from
sys/nfsclient/nfs_vfsops.c:1445

> +       *mvp = malloc(sizeof(struct vnode), M_VNODE_MARKER, M_WAITOK | M_ZERO);
> +       MNT_ILOCK(mp);
> +       MNT_REF(mp);
> +       (*mvp)->v_type = VMARKER;
> +
> +       vp = TAILQ_FIRST(&mp->mnt_nvnodelist);
> +       while (vp != NULL && (vp->v_type == VMARKER ||
> +           (vp->v_iflag & VI_DOOMED) != 0))
> +               vp = TAILQ_NEXT(vp, v_nmntvnodes);
> +
> +       /* Check if we are done */
> +       if (vp == NULL) {
> +               *mvp = NULL;
> +               MNT_REL(mp);
> +               MNT_IUNLOCK(mp);
> +               free(*mvp, M_VNODE_MARKER);
> +               return (NULL);
> +       }
> +       (*mvp)->v_mount = mp;
> +       TAILQ_INSERT_AFTER(&mp->mnt_nvnodelist, vp, *mvp, v_nmntvnodes);
> +       VI_LOCK(vp);
> +       MNT_IUNLOCK(mp);
> +       return (vp);
> +}
[...]

uma_zalloc_arg: zone "1024" with the following non-sleepable locks held:
exclusive sleep mutex struct mount mtx (struct mount mtx) r = 0
(0xfffffe0002907750) locked @ /usr/src/sys/nfsclient/nfs_vfsops.c:1445
KDB: stack backtrace:
db_trace_self_wrapper() at 0xffffffff802c75aa = db_trace_self_wrapper+0x2a
kdb_backtrace() at 0xffffffff80476547 = kdb_backtrace+0x37
_witness_debugger() at 0xffffffff8048d48c = _witness_debugger+0x2c
witness_warn() at 0xffffffff8048e274 = witness_warn+0x2c4
uma_zalloc_arg() at 0xffffffff8068be24 = uma_zalloc_arg+0x384
malloc() at 0xffffffff80425026 = malloc+0xc6
__mnt_vnode_first_all() at 0xffffffff804dd3f9 = __mnt_vnode_first_all+0x29
nfs_sync() at 0xffffffff805f231d = nfs_sync+0x8d
sys_sync() at 0xffffffff804e8906 = sys_sync+0x146
amd64_syscall() at 0xffffffff806c780c = amd64_syscall+0x38c
Xfast_syscall() at 0xffffffff806b2c47 = Xfast_syscall+0xf7
--- syscall (36, FreeBSD ELF64, sys_sync), rip = 0x800a95a0c, rsp =
0x7fffffffd958, rbp = 0x7fffffffdd50 ---
panic: _mtx_lock_sleep: recursed on non-recursive mutex struct mount
mtx @ /usr/src/sys/kern/vfs_subr.c:4595

cpuid = 1
KDB: stack backtrace:
db_trace_self_wrapper() at 0xffffffff802c75aa = db_trace_self_wrapper+0x2a
kdb_backtrace() at 0xffffffff80476547 = kdb_backtrace+0x37
panic() at 0xffffffff8043bc3e = panic+0x1ce
_mtx_lock_sleep() at 0xffffffff80429058 = _mtx_lock_sleep+0x538
_mtx_lock_flags() at 0xffffffff804291e4 = _mtx_lock_flags+0x184
__mnt_vnode_first_all() at 0xffffffff804dd413 = __mnt_vnode_first_all+0x43
nfs_sync() at 0xffffffff805f231d = nfs_sync+0x8d
sys_sync() at 0xffffffff804e8906 = sys_sync+0x146
amd64_syscall() at 0xffffffff806c780c = amd64_syscall+0x38c
Xfast_syscall() at 0xffffffff806b2c47 = Xfast_syscall+0xf7
--- syscall (36, FreeBSD ELF64, sys_sync), rip = 0x800a95a0c, rsp =
0x7fffffffd958, rbp = 0x7fffffffdd50 ---
KDB: enter: panic
[ thread pid 1268 tid 100085 ]
Stopped at      0xffffffff8047620b = kdb_enter+0x3b:    movq
$0,0x75d252(%rip)
db>

-- 
wbr,
pluknet

More information about the svn-src-head mailing list