From root@mulet.e.kth.se Sat Nov 27 06:14:25 1999
Return-Path: <root@mulet.e.kth.se>
Received: from mulet.e.kth.se (mulet.e.kth.se [130.237.43.20])
	by hub.freebsd.org (Postfix) with ESMTP id 8128014CCF
	for <FreeBSD-gnats-submit@freebsd.org>; Sat, 27 Nov 1999 06:14:22 -0800 (PST)
	(envelope-from root@mulet.e.kth.se)
Received: (from root@localhost)
	by mulet.e.kth.se (8.9.3/8.9.3) id PAA00823;
	Sat, 27 Nov 1999 15:14:34 +0100 (CET)
	(envelope-from root)
Message-Id: <199911271414.PAA00823@mulet.e.kth.se>
Date: Sat, 27 Nov 1999 15:14:34 +0100 (CET)
From: assar@stacken.kth.se
Sender: root@mulet.e.kth.se
To: FreeBSD-gnats-submit@freebsd.org
Cc: assar@stacken.kth.se
Subject: vclean calls vrele leading to deadlock (if usecount > 0)
X-Send-Pr-Version: 3.2

>Number:         15117
>Category:       kern
>Synopsis:       vclean calls vrele leading to deadlock (if usecount > 0)
>Confidential:   no
>Severity:       critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Nov 27 06:20:00 PST 1999
>Closed-Date:    Sat Jan 29 07:24:09 PST 2000
>Last-Modified:  Sat Jan 29 07:26:31 PST 2000
>Originator:     Assar Westerlund
>Release:        FreeBSD 4.0-CURRENT i386
>Organization:
none
>Environment:

-current as of ~ today

>Description:

vclean() calls vrele() if v_usecount of the node was higher than one.
But before calling it, it sets the VXLOCK flag, which will make
vn_lock called from vrele dead-lock.

>How-To-Repeat:

>Fix:

[ largely based on the NetBSD - code ]

--- vfs_subr.c.orig	Sat Nov 27 14:54:10 1999
+++ vfs_subr.c	Sat Nov 27 15:11:47 1999
@@ -1693,8 +1693,23 @@
 	if (VOP_RECLAIM(vp, p))
 		panic("vclean: cannot reclaim");
 
-	if (active)
-		vrele(vp);
+	if (active) {
+		/*
+		 * Inline copy of vrele() since VOP_INACTIVE
+		 * has already been called.
+		 */
+		simple_lock(&vp->v_interlock);
+		if (--vp->v_usecount <= 0) {
+#ifdef DIAGNOSTIC
+			if (vp->v_usecount < 0 || vp->v_writecount != 0) {
+				vprint("vclean: bad ref count", vp);
+				panic("vclean: ref cnt");
+			}
+#endif
+			vfree(vp);
+		}
+		simple_unlock(&vp->v_interlock);
+	}
 
 	cache_purge(vp);
 	if (vp->v_vnlock) {

>Release-Note:
>Audit-Trail:

committed, thanks!

State-Changed-From-To: open->closed 
State-Changed-By: rwatson 
State-Changed-When: Sat Jan 29 07:24:09 PST 2000 
State-Changed-Why:  
committed, thanks! 
>Unformatted:
