From rea@codelabs.ru Tue Jan 17 20:40:01 2012 Return-Path: Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 497CB1065673 for ; Tue, 17 Jan 2012 20:40:01 +0000 (UTC) (envelope-from rea@codelabs.ru) Received: from 0.mx.codelabs.ru (0.mx.codelabs.ru [144.206.177.45]) by mx1.freebsd.org (Postfix) with ESMTP id E39258FC13 for ; Tue, 17 Jan 2012 20:40:00 +0000 (UTC) Received: from void.codelabs.ru (void.codelabs.ru [144.206.177.25]) by 0.mx.codelabs.ru with esmtps (TLSv1:CAMELLIA256-SHA:256) id 1RnFeH-000C7h-5g for FreeBSD-gnats-submit@freebsd.org; Tue, 17 Jan 2012 23:28:54 +0300 Message-Id: <20120117202853.19F65DA81C@void.codelabs.ru> Date: Wed, 18 Jan 2012 00:28:53 +0400 (MSK) From: Eygene Ryabinkin Reply-To: Eygene Ryabinkin To: FreeBSD-gnats-submit@freebsd.org Cc: Subject: [patch] fix panic with NFS served from NULLFS X-Send-Pr-Version: 3.113 X-GNATS-Notify: kib@freebsd.org, attilio@freebsd.org, rmacklem@freebsd.org >Number: 164261 >Category: kern >Synopsis: [nullfs] [patch] fix panic with NFS served from NULLFS >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-fs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Jan 17 20:40:14 UTC 2012 >Closed-Date: >Last-Modified: Wed Jan 18 11:00:30 UTC 2012 >Originator: Eygene Ryabinkin >Release: FreeBSD 10.0-CURRENT amd64 >Organization: Code Labs >Environment: System: FreeBSD 10.0-CURRENT, FreeBSD 9.0-STABLE >Description: When one exports NULLFS filesystems via NFS, he can face kernel panics if external clients use readdir+ feature and are accessing same directories simultaneously. The example of the backtrace can be obtained at http://codelabs.ru/fbsd/prs/2012-jan-nullfs-LK_SHARED/panic-backtrace.txt This backtrace is from 9.x as of December 2011. The real problem is that the thread that loses the race in null_nodeget (/sys/fs/nullfs/null_subr.c) will put the native lock (vp->v_vnlock = &vp->v_lock) to the nullfs vnode that should be destroyed (because the thread lost the race). And null_reclaim (/sys/fs/nullfs/null_vnops.c) will try to lock vnode's v_lock in the exclusive mode. This will lead to panic, because v_vnlock is already locked at the time of VOP_RECLAIM processing and we have v_vnlock that points to v_lock. Bingo! >How-To-Repeat: See http://codelabs.ru/fbsd/prs/2012-jan-nullfs-LK_SHARED/README.txt section "How to reproduce". >Fix: Patches http://codelabs.ru/fbsd/prs/2012-jan-nullfs-LK_SHARED/0001-NULLFS-properly-destroy-node-hash.patch and http://codelabs.ru/fbsd/prs/2012-jan-nullfs-LK_SHARED/0002-NULLFS-fix-panics-when-lowervp-is-locked-with-LK_SHA.patch will fix the problem (in reality, the first patch is just some nitpicking). I had tested this patch on my 10-CURRENT machine; tomorrow I intend to test in on the 9.x production NFS server with 300-400 clients. >Release-Note: >Audit-Trail: Responsible-Changed-From-To: freebsd-bugs->freebsd-fs Responsible-Changed-By: linimon Responsible-Changed-When: Tue Jan 17 22:13:29 UTC 2012 Responsible-Changed-Why: Over to maintainer(s). http://www.freebsd.org/cgi/query-pr.cgi?pr=164261 From: Eygene Ryabinkin To: FreeBSD GNATS followup Cc: Subject: Re: kern/164261: [patch] fix panic with NFS served from NULLFS Date: Wed, 18 Jan 2012 14:36:04 +0400 --NDin8bjvE/0mNLFQ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable For the record, there is a discussion about this PR in freebsd-fs@, http://lists.freebsd.org/pipermail/freebsd-fs/2012-January/013438.html --=20 Eygene Ryabinkin ,,,^..^,,, [ Life's unfair - but root password helps! | codelabs.ru ] [ 82FE 06BC D497 C0DE 49EC 4FF0 16AF 9EAE 8152 ECFB | freebsd.org ] --NDin8bjvE/0mNLFQ Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (FreeBSD) iF4EABEIAAYFAk8WoJQACgkQFq+eroFS7Psw2wD9GnOwrSsAJOvKV5PYmXPzAeRs kxeLUdu0pN2RMgCiGe4A/Aj7b8LdTwQg2++lRs2exfmb6FFFKvjQ/x4E3jly9n2A =3Mep -----END PGP SIGNATURE----- --NDin8bjvE/0mNLFQ-- >Unformatted: