From rea@codelabs.ru  Tue Jan 17 20:40:01 2012
Return-Path: <rea@codelabs.ru>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 497CB1065673
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 17 Jan 2012 20:40:01 +0000 (UTC)
	(envelope-from rea@codelabs.ru)
Received: from 0.mx.codelabs.ru (0.mx.codelabs.ru [144.206.177.45])
	by mx1.freebsd.org (Postfix) with ESMTP id E39258FC13
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 17 Jan 2012 20:40:00 +0000 (UTC)
Received: from void.codelabs.ru (void.codelabs.ru [144.206.177.25])
	by 0.mx.codelabs.ru with esmtps (TLSv1:CAMELLIA256-SHA:256)
	id 1RnFeH-000C7h-5g for FreeBSD-gnats-submit@freebsd.org; Tue, 17 Jan 2012 23:28:54 +0300
Message-Id: <20120117202853.19F65DA81C@void.codelabs.ru>
Date: Wed, 18 Jan 2012 00:28:53 +0400 (MSK)
From: Eygene Ryabinkin <rea@freebsd.org>
Reply-To: Eygene Ryabinkin <rea@freebsd.org>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: [patch] fix panic with NFS served from NULLFS
X-Send-Pr-Version: 3.113
X-GNATS-Notify: kib@freebsd.org, attilio@freebsd.org, rmacklem@freebsd.org

>Number:         164261
>Category:       kern
>Synopsis:       [nullfs] [patch] fix panic with NFS served from NULLFS
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-fs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Jan 17 20:40:14 UTC 2012
>Closed-Date:    
>Last-Modified:  Wed Jan 18 11:00:30 UTC 2012
>Originator:     Eygene Ryabinkin
>Release:        FreeBSD 10.0-CURRENT amd64
>Organization:
Code Labs
>Environment:

System: FreeBSD 10.0-CURRENT, FreeBSD 9.0-STABLE

>Description:

When one exports NULLFS filesystems via NFS, he can face kernel
panics if external clients use readdir+ feature and are accessing
same directories simultaneously.

The example of the backtrace can be obtained at
  http://codelabs.ru/fbsd/prs/2012-jan-nullfs-LK_SHARED/panic-backtrace.txt
This backtrace is from 9.x as of December 2011.

The real problem is that the thread that loses the race in
null_nodeget (/sys/fs/nullfs/null_subr.c) will put the native lock
(vp->v_vnlock = &vp->v_lock) to the nullfs vnode that should be
destroyed (because the thread lost the race).  And null_reclaim
(/sys/fs/nullfs/null_vnops.c) will try to lock vnode's v_lock in the
exclusive mode.  This will lead to panic, because v_vnlock is already
locked at the time of VOP_RECLAIM processing and we have v_vnlock that
points to v_lock.  Bingo!

>How-To-Repeat:

See http://codelabs.ru/fbsd/prs/2012-jan-nullfs-LK_SHARED/README.txt
section "How to reproduce".

>Fix:

Patches
  http://codelabs.ru/fbsd/prs/2012-jan-nullfs-LK_SHARED/0001-NULLFS-properly-destroy-node-hash.patch
and
  http://codelabs.ru/fbsd/prs/2012-jan-nullfs-LK_SHARED/0002-NULLFS-fix-panics-when-lowervp-is-locked-with-LK_SHA.patch
will fix the problem (in reality, the first patch is just some
nitpicking).

I had tested this patch on my 10-CURRENT machine; tomorrow I intend
to test in on the 9.x production NFS server with 300-400 clients.
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->freebsd-fs 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Tue Jan 17 22:13:29 UTC 2012 
Responsible-Changed-Why:  
Over to maintainer(s). 

http://www.freebsd.org/cgi/query-pr.cgi?pr=164261 

From: Eygene Ryabinkin <rea@freebsd.org>
To: FreeBSD GNATS followup <bug-followup@freebsd.org>
Cc:  
Subject: Re: kern/164261: [patch] fix panic with NFS served from NULLFS
Date: Wed, 18 Jan 2012 14:36:04 +0400

 --NDin8bjvE/0mNLFQ
 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: inline
 Content-Transfer-Encoding: quoted-printable
 
 For the record, there is a discussion about this PR in freebsd-fs@,
   http://lists.freebsd.org/pipermail/freebsd-fs/2012-January/013438.html
 --=20
 Eygene Ryabinkin                                        ,,,^..^,,,
 [ Life's unfair - but root password helps!           | codelabs.ru ]
 [ 82FE 06BC D497 C0DE 49EC  4FF0 16AF 9EAE 8152 ECFB | freebsd.org ]
 
 --NDin8bjvE/0mNLFQ
 Content-Type: application/pgp-signature
 
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.18 (FreeBSD)
 
 iF4EABEIAAYFAk8WoJQACgkQFq+eroFS7Psw2wD9GnOwrSsAJOvKV5PYmXPzAeRs
 kxeLUdu0pN2RMgCiGe4A/Aj7b8LdTwQg2++lRs2exfmb6FFFKvjQ/x4E3jly9n2A
 =3Mep
 -----END PGP SIGNATURE-----
 
 --NDin8bjvE/0mNLFQ--
>Unformatted:
