Re: fusefs-kmod broken?

From: Ian FREISLICH <ianf_at_clue.co.za>
Date: Mon, 23 Aug 2010 15:29:06 +0200
Ian FREISLICH wrote:
> John Baldwin wrote:
> > The uart thing is a red herring, notice the actual PC value is '0'.  Someth
ing
> > in kern_open() invoked a NULL function pointer.  Doing 'l *kern_open+0x35' 
in
> > kgdb would be a good start of where to look.
> 
> (kgdb) l *kern_open+0x35
> 0xc0649ce5 is in kern_open (/usr/src/sys/kern/vfs_syscalls.c:1040).
> 1035    kern_open(struct thread *td, char *path, enum uio_seg pathseg, int fl
ags,
> 1036        int mode)
> 1037    {
> 1038
> 1039            return (kern_openat(td, AT_FDCWD, path, pathseg, flags, mode)
);
> 1040    }
> 1041
> 1042    int
> 1043    kern_openat(struct thread *td, int fd, char *path, enum uio_seg paths
eg,
> 1044        int flags, int mode)
> 
> That's what my reading seemed indicate.  I had to downgrade the
> system back to 8.0-STABLE at around 21 April 2010, to get the system
> working.
> 
> I'm currently doing a binary search to find offending commit, since
> CURRENT and STABLE panic reliably, and in the same way I'm sure
> that the problem is common to both.
> 
> I'm down to a window of 9 hours.  My money is currently on:
> 
> Working file: sys/kern/vfs_syscalls.c
> Approved by:    re (bz)
> ----------------------------
> revision 1.487.2.7
> date: 2010/04/27 10:47:54;  author: kib;  state: Exp;  lines: +2 -15
> SVN rev 207270 on 2010-04-27 10:47:54Z by kib
> 
> MFC r206547:
> Handle a case in kern_openat() when vn_open() change file type from
> DTYPE_VNODE.
> ----------------------------

Confirmed.

1.487.2.6 doesn't panic, 1.487.2.7 does.  This is the change that
results in the panic.

--- sys/kern/vfs_syscalls.c     16 Apr 2010 08:32:08 -0000      1.487.2.6
+++ sys/kern/vfs_syscalls.c     27 Apr 2010 10:47:54 -0000      1.487.2.7
_at__at_ -35,7 +35,7 _at__at_
  */
 
 #include <sys/cdefs.h>
-__FBSDID("$FreeBSD: src/sys/kern/vfs_syscalls.c,v 1.487.2.6 2010/04/16 08:32:08 kib Exp $");
+__FBSDID("$FreeBSD: src/sys/kern/vfs_syscalls.c,v 1.487.2.7 2010/04/27 10:47:54 kib Exp $");
 
 #include "opt_compat.h"
 #include "opt_kdtrace.h"
_at__at_ -1047,8 +1047,6 _at__at_
        struct filedesc *fdp = p->p_fd;
        struct file *fp;
        struct vnode *vp;
-       struct vattr vat;
-       struct mount *mp;
        int cmode;
        struct file *nfp;
        int type, indx, error;
_at__at_ -1141,7 +1139,7 _at__at_
        }
 
        VOP_UNLOCK(vp, 0);
-       if (flags & (O_EXLOCK | O_SHLOCK)) {
+       if (fp->f_type == DTYPE_VNODE && (flags & (O_EXLOCK | O_SHLOCK)) != 0) {
                lf.l_whence = SEEK_SET;
                lf.l_start = 0;
                lf.l_len = 0;
_at__at_ -1158,18 +1156,7 _at__at_
                atomic_set_int(&fp->f_flag, FHASLOCK);
        }
        if (flags & O_TRUNC) {
-               if ((error = vn_start_write(vp, &mp, V_WAIT | PCATCH)) != 0)
-                       goto bad;
-               VATTR_NULL(&vat);
-               vat.va_size = 0;
-               vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
-#ifdef MAC
-               error = mac_vnode_check_write(td->td_ucred, fp->f_cred, vp);
-               if (error == 0)
-#endif
-                       error = VOP_SETATTR(vp, &vat, td->td_ucred);
-               VOP_UNLOCK(vp, 0);
-               vn_finished_write(mp);
+               error = fo_truncate(fp, 0, td->td_ucred, td);
                if (error)
                        goto bad;
        }


mount:
/dev/fuse0 on /1-wire (fusefs, local, synchronous)

Something about it has a write 

echo -n 192 > /1-wire/29.A52A03000000/PIO.BYTE

Panic.  But not like:

echo -n 192 >> /1-wire/29.A52A03000000/PIO.BYTE

I suspect the truncate is not safe.  Or, at least this fuse presented
fite cannot be truncated.

Ian

-- 
Ian Freislich
Received on Mon Aug 23 2010 - 11:29:10 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:06 UTC