Re: nullfs: panic: vrele: negative ref cnt

From: Paul B. Mahol <onemda_at_gmail.com> Date: Mon, 9 Mar 2009 23:07:59 +0000 · This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:43 UTC

On 3/9/09, Kostik Belousov <kostikbel_at_gmail.com> wrote:
> On Mon, Mar 09, 2009 at 04:42:25PM -0400, John Baldwin wrote:
>> On Monday 09 March 2009 9:15:22 am Paul B. Mahol wrote:
>> > Hi,
>> > here is part of textdump:
>> >
>> > panic(c061db9e,0,c061cee6,88e,4,...) at panic+0x136
>> > vrele(c4326d9c,0,c433fb5f,82,c060f3c7,...) at vrele+0x111
>> > null_nodeget(c3fd4780,c4326d9c,c3ba8bf4,0,c3ba8be4,...) at
>> > null_nodeget+0xa0
>> > null_bypass(c3ba8be0,c3f35a78,c3ba8c28) at null_bypass+0x141
>> > VOP_VPTOCNP_APV(c4340240,c3ba8be0,c061bf01,387,c3cecc00,...) at
>> > VOP_VPTOCNP_APV+0xb3
>>
>> Try this.  null_bypass() can't handle VOP_VPTOCNP because VPTOCNP doesn't
>> return a vnode that is locked and VREF'd, but just a vnode that is
>> vhold()'d.
>> This patch attempts to give nullfs a VOP_VPTONCP() method which remaps the
>>
>> directory vnode properly on return by locking the directory vnode while
>> invoking null_nodeget().
>>
>> --- //depot/user/jhb/lock/fs/nullfs/null_vnops.c
>> +++ /home/jhb/work/p4/lock/fs/nullfs/null_vnops.c
>> _at__at_ -722,6 +722,34 _at__at_
>>  	return VOP_VPTOFH(lvp, ap->a_fhp);
>>  }
>>
>> +static int
>> +null_vptocnp(struct vop_vptocnp_args *ap)
>> +{
>> +	struct vnode *lvp, *dvp;
>> +	int error;
>> +
>> +	/*
>> +	 * We can't use null_bypass() because 'dvp' is not returned
>> +	 * locked.  It is merely 'vhold()'ed.
>> +	 */
>> +	lvp = NULLVPTOLOWERVP(ap->a_vp);
>> +	error = VOP_VPTOCNP(lvp, &dvp, ap->a_buf, ap->a_buflen);
>> +	if (error)
>> +		return (error);
>> +
>> +	/*
>> +	 * Map 'dvp' to the corresponding null node.  We have to lock
>> +	 * it before calling null_nodeget().
>> +	 */
>> +	vn_lock(dvp, LK_SHARED | LK_RETRY);
>> +	error = null_nodeget(ap->a_vp->v_mount, dvp, ap->a_vpp);
>> +	if (error) {
>> +		vrele(dvp);
>> +		vdrop(dvp);
>> +	}
>> +	return (error);
>> +}
>> +
>>  /*
>>   * Global vfs data structures
>>   */
>> _at__at_ -743,4 +771,5 _at__at_
>>  	.vop_strategy =		VOP_EOPNOTSUPP,
>>  	.vop_unlock =		null_unlock,
>>  	.vop_vptofh =		null_vptofh,
>> +	.vop_vptocnp =		null_vptocnp,
>>  };
>
> I do not think that nullfs-specific method is needed.
> I already mailed the following patch to the reporters.
>
> diff --git a/sys/fs/nullfs/null_vnops.c b/sys/fs/nullfs/null_vnops.c
> index 5a6823f..38da43f 100644
> --- a/sys/fs/nullfs/null_vnops.c
> +++ b/sys/fs/nullfs/null_vnops.c
> _at__at_ -742,5 +742,6 _at__at_ struct vop_vector null_vnodeops = {
>  	.vop_setattr =		null_setattr,
>  	.vop_strategy =		VOP_EOPNOTSUPP,
>  	.vop_unlock =		null_unlock,
> +	.vop_vptocnp =		vop_stdvptocnp,
>  	.vop_vptofh =		null_vptofh,
>  };
>

Fixed panic.