nullfs: panic: vrele: negative ref cnt

Mon Mar 9 15:23:58 PDT 2009

2009/3/9, Kostik Belousov <kostikbel at gmail.com>:
> On Mon, Mar 09, 2009 at 04:42:25PM -0400, John Baldwin wrote:
>  > On Monday 09 March 2009 9:15:22 am Paul B. Mahol wrote:
>  > > Hi,
>  > > here is part of textdump:
>  > >
>  > > panic(c061db9e,0,c061cee6,88e,4,...) at panic+0x136
>  > > vrele(c4326d9c,0,c433fb5f,82,c060f3c7,...) at vrele+0x111
>  > > null_nodeget(c3fd4780,c4326d9c,c3ba8bf4,0,c3ba8be4,...) at null_nodeget+0xa0
>  > > null_bypass(c3ba8be0,c3f35a78,c3ba8c28) at null_bypass+0x141
>  > > VOP_VPTOCNP_APV(c4340240,c3ba8be0,c061bf01,387,c3cecc00,...) at
>  > > VOP_VPTOCNP_APV+0xb3
>  >
>  > Try this.  null_bypass() can't handle VOP_VPTOCNP because VPTOCNP doesn't
>  > return a vnode that is locked and VREF'd, but just a vnode that is vhold()'d.
>  > This patch attempts to give nullfs a VOP_VPTONCP() method which remaps the
>  > directory vnode properly on return by locking the directory vnode while
>  > invoking null_nodeget().
>  >
>  > --- //depot/user/jhb/lock/fs/nullfs/null_vnops.c
>  > +++ /home/jhb/work/p4/lock/fs/nullfs/null_vnops.c
>  > @@ -722,6 +722,34 @@
>  >       return VOP_VPTOFH(lvp, ap->a_fhp);
>  >  }
>  >
>  > +static int
>  > +null_vptocnp(struct vop_vptocnp_args *ap)
>  > +{
>  > +     struct vnode *lvp, *dvp;
>  > +     int error;
>  > +
>  > +     /*
>  > +      * We can't use null_bypass() because 'dvp' is not returned
>  > +      * locked.  It is merely 'vhold()'ed.
>  > +      */
>  > +     lvp = NULLVPTOLOWERVP(ap->a_vp);
>  > +     error = VOP_VPTOCNP(lvp, &dvp, ap->a_buf, ap->a_buflen);
>  > +     if (error)
>  > +             return (error);
>  > +
>  > +     /*
>  > +      * Map 'dvp' to the corresponding null node.  We have to lock
>  > +      * it before calling null_nodeget().
>  > +      */
>  > +     vn_lock(dvp, LK_SHARED | LK_RETRY);
>  > +     error = null_nodeget(ap->a_vp->v_mount, dvp, ap->a_vpp);
>  > +     if (error) {
>  > +             vrele(dvp);
>  > +             vdrop(dvp);
>  > +     }
>  > +     return (error);
>  > +}
>  > +
>  >  /*
>  >   * Global vfs data structures
>  >   */
>  > @@ -743,4 +771,5 @@
>  >       .vop_strategy =         VOP_EOPNOTSUPP,
>  >       .vop_unlock =           null_unlock,
>  >       .vop_vptofh =           null_vptofh,
>  > +     .vop_vptocnp =          null_vptocnp,
>  >  };
>
>
> I do not think that nullfs-specific method is needed.
>  I already mailed the following patch to the reporters.
>
>  diff --git a/sys/fs/nullfs/null_vnops.c b/sys/fs/nullfs/null_vnops.c
>  index 5a6823f..38da43f 100644
>  --- a/sys/fs/nullfs/null_vnops.c
>  +++ b/sys/fs/nullfs/null_vnops.c
>  @@ -742,5 +742,6 @@ struct vop_vector null_vnodeops = {
>         .vop_setattr =          null_setattr,
>
>         .vop_strategy =         VOP_EOPNOTSUPP,
>         .vop_unlock =           null_unlock,
>
> +       .vop_vptocnp =          vop_stdvptocnp,
>         .vop_vptofh =           null_vptofh,
>   };

Speaking of which, I don't think nullfs should redefine
null_islocked() but it should choose the standard one.
While there you could handle that too?

Thanks,
Attilio

-- 
Peace can only be achieved by understanding - A. Einstein