nullfs: panic: vrele: negative ref cnt
John Baldwin
jhb at freebsd.org
Mon Mar 9 13:42:38 PDT 2009
On Monday 09 March 2009 9:15:22 am Paul B. Mahol wrote:
> Hi,
> here is part of textdump:
>
> panic(c061db9e,0,c061cee6,88e,4,...) at panic+0x136
> vrele(c4326d9c,0,c433fb5f,82,c060f3c7,...) at vrele+0x111
> null_nodeget(c3fd4780,c4326d9c,c3ba8bf4,0,c3ba8be4,...) at null_nodeget+0xa0
> null_bypass(c3ba8be0,c3f35a78,c3ba8c28) at null_bypass+0x141
> VOP_VPTOCNP_APV(c4340240,c3ba8be0,c061bf01,387,c3cecc00,...) at
> VOP_VPTOCNP_APV+0xb3
Try this. null_bypass() can't handle VOP_VPTOCNP because VPTOCNP doesn't
return a vnode that is locked and VREF'd, but just a vnode that is vhold()'d.
This patch attempts to give nullfs a VOP_VPTONCP() method which remaps the
directory vnode properly on return by locking the directory vnode while
invoking null_nodeget().
--- //depot/user/jhb/lock/fs/nullfs/null_vnops.c
+++ /home/jhb/work/p4/lock/fs/nullfs/null_vnops.c
@@ -722,6 +722,34 @@
return VOP_VPTOFH(lvp, ap->a_fhp);
}
+static int
+null_vptocnp(struct vop_vptocnp_args *ap)
+{
+ struct vnode *lvp, *dvp;
+ int error;
+
+ /*
+ * We can't use null_bypass() because 'dvp' is not returned
+ * locked. It is merely 'vhold()'ed.
+ */
+ lvp = NULLVPTOLOWERVP(ap->a_vp);
+ error = VOP_VPTOCNP(lvp, &dvp, ap->a_buf, ap->a_buflen);
+ if (error)
+ return (error);
+
+ /*
+ * Map 'dvp' to the corresponding null node. We have to lock
+ * it before calling null_nodeget().
+ */
+ vn_lock(dvp, LK_SHARED | LK_RETRY);
+ error = null_nodeget(ap->a_vp->v_mount, dvp, ap->a_vpp);
+ if (error) {
+ vrele(dvp);
+ vdrop(dvp);
+ }
+ return (error);
+}
+
/*
* Global vfs data structures
*/
@@ -743,4 +771,5 @@
.vop_strategy = VOP_EOPNOTSUPP,
.vop_unlock = null_unlock,
.vop_vptofh = null_vptofh,
+ .vop_vptocnp = null_vptocnp,
};
--
John Baldwin
More information about the freebsd-current
mailing list