From nobody@FreeBSD.org  Fri Oct 26 09:44:55 2012
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id A3568CE6
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 26 Oct 2012 09:44:55 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22])
	by mx1.freebsd.org (Postfix) with ESMTP id 71A948FC18
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 26 Oct 2012 09:44:55 +0000 (UTC)
Received: from red.freebsd.org (localhost [127.0.0.1])
	by red.freebsd.org (8.14.5/8.14.5) with ESMTP id q9Q9isYo086369
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 26 Oct 2012 09:44:54 GMT
	(envelope-from nobody@red.freebsd.org)
Received: (from nobody@localhost)
	by red.freebsd.org (8.14.5/8.14.5/Submit) id q9Q9isc6086368;
	Fri, 26 Oct 2012 09:44:54 GMT
	(envelope-from nobody)
Message-Id: <201210260944.q9Q9isc6086368@red.freebsd.org>
Date: Fri, 26 Oct 2012 09:44:54 GMT
From: Steven Hartland <steven.hartland@multiplay.co.uk>
To: freebsd-gnats-submit@FreeBSD.org
Subject: jail delete causes panic (patch included)
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         173120
>Category:       kern
>Synopsis:       [kernel] [jail] jail delete causes panic (patch included)
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-jail
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Oct 26 09:50:00 UTC 2012
>Closed-Date:    Sat Nov 03 21:53:06 UTC 2012
>Last-Modified:  Sat Nov 03 21:53:06 UTC 2012
>Originator:     Steven Hartland
>Release:        8.3-RELEASE
>Organization:
Multiplay
>Environment:
FreeBSD dev 8.3-RELEASE-p4 FreeBSD 8.3-RELEASE-p4 #22: Mon Sep 17 17:18:32 UTC 2012     root@dev:/usr/obj/usr/src/sys/MULTIPLAY  amd64
>Description:
Stopping / starting a jail "can" cause kernel panic due to incorrect pr_uref accounting.

An old discussion on this issue can be found in the following thread:-
http://lists.freebsd.org/pipermail/freebsd-jail/2011-August/001623.html

>How-To-Repeat:
Stop and start jails a lot, its not a regular occurrence but with hundreds of start / stops panics do occur.
>Fix:
Apply the attached patch.

We've been running this for over a year now on highly hundreds of active jail machines and not single panic since apply the patch.

Patch attached with submission follows:

Fix panic on jail delete
--- sys/kern/kern_jail.c.orig	2011-08-20 21:17:14.856618854 +0100
+++ sys/kern/kern_jail.c	2011-08-21 01:56:58.429894825 +0100
@@ -2449,27 +2449,16 @@
 		mtx_lock(&pr->pr_mtx);
 	/* Decrement the user references in a separate loop. */
 	if (flags & PD_DEUREF) {
-		for (tpr = pr;; tpr = tpr->pr_parent) {
-			if (tpr != pr)
-				mtx_lock(&tpr->pr_mtx);
-			if (--tpr->pr_uref > 0)
-				break;
-			KASSERT(tpr != &prison0, ("prison0 pr_uref=0"));
-			mtx_unlock(&tpr->pr_mtx);
-		}
+		pr->pr_uref--;
 		/* Done if there were only user references to remove. */
 		if (!(flags & PD_DEREF)) {
-			mtx_unlock(&tpr->pr_mtx);
+			mtx_unlock(&pr->pr_mtx);
 			if (flags & PD_LIST_SLOCKED)
 				sx_sunlock(&allprison_lock);
 			else if (flags & PD_LIST_XLOCKED)
 				sx_xunlock(&allprison_lock);
 			return;
 		}
-		if (tpr != pr) {
-			mtx_unlock(&tpr->pr_mtx);
-			mtx_lock(&pr->pr_mtx);
-		}
 	}
 
 	for (;;) {
@@ -2525,6 +2514,8 @@
 		/* Removing a prison frees a reference on its parent. */
 		pr = ppr;
 		mtx_lock(&pr->pr_mtx);
+		/* Ensure user reference added on create is removed */
+		pr->pr_uref--;
 		flags = PD_DEREF;
 	}
 }


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->freebsd-jail 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Sat Oct 27 04:17:21 UTC 2012 
Responsible-Changed-Why:  
Over to maintainer(s). 

http://www.freebsd.org/cgi/query-pr.cgi?pr=173120 
State-Changed-From-To: open->closed 
State-Changed-By: jamie 
State-Changed-When: Sat Nov 3 21:49:55 UTC 2012 
State-Changed-Why:  
Patched with a long overdue MFC of r225191. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=173120 
>Unformatted:
