From nobody@FreeBSD.org  Wed May 30 10:41:46 2001
Return-Path: <nobody@FreeBSD.org>
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id 5735337B422
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 30 May 2001 10:41:46 -0700 (PDT)
	(envelope-from nobody@FreeBSD.org)
Received: (from nobody@localhost)
	by freefall.freebsd.org (8.11.1/8.11.1) id f4UHfk704230;
	Wed, 30 May 2001 10:41:46 -0700 (PDT)
	(envelope-from nobody)
Message-Id: <200105301741.f4UHfk704230@freefall.freebsd.org>
Date: Wed, 30 May 2001 10:41:46 -0700 (PDT)
From: Jean-Luc.Richier@imag.fr
To: freebsd-gnats-submit@FreeBSD.org
Subject: rpc.lockd panic with FreeBSD-5.0
X-Send-Pr-Version: www-1.0

>Number:         27776
>Category:       kern
>Synopsis:       rpc.lockd panic with FreeBSD-5.0
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed May 30 10:50:00 PDT 2001
>Closed-Date:    Thu May 31 18:31:07 PDT 2001
>Last-Modified:  Fri Jun  1 09:10:05 PDT 2001
>Originator:     Jean-Luc Richier
>Release:        FreeBSD 5.0
>Organization:
IMAG
>Environment:
FreeBSD lagavulin.imag.fr 5.0-CURRENT FreeBSD 5.0-CURRENT #0: Wed May 30 12:53:26 MEST 2001   
>Description:
On a FreeBSD 5-0, source dated may 2001, kernel compiled with witness
option, activating rpc.lockd causes a panic (witness violation on
holding locks when syscall returns)

>How-To-Repeat:
make a kernel with WITNESS option, current file nfs/nfs_lock.c
(I checked with files dated 18 may 2001 or 26 may), start rpc.statd and
rpc.lockd, and make some locks on nfs shared files
The system will panic with witness error:
system call nfssvc returning with mutex(s) held

>Fix:
The problem is in nfslockdans in nfs/nfs_lock.c
This function call pfind which return a pointer to a locked proc.
But ther is no calls to PROC_UNLOCK done.
A patch is:
*** /usr/src/P50/sys/nfs/nfs_lock.c.DIST        Sat May 26 01:36:46 2001
--- /usr/src/P50/sys/nfs/nfs_lock.c     Wed May 30 11:58:06 2001
***************
*** 128,134 ****
        /*
         * XXX  -- I think this is wrong for anything other AF_INET.
         */
!       msg.lm_addr = *(VFSTONFS(vp->v_mount)->nm_nam);
        msg.lm_fh_len = NFS_ISV3(vp) ? VTONFS(vp)->n_fhsize : NFSX_V2FH;
        bcopy(VTONFS(vp)->n_fhp, msg.lm_fh, msg.lm_fh_len);
        msg.lm_nfsv3 = NFS_ISV3(vp);
--- 128,135 ----
        /*
         * XXX  -- I think this is wrong for anything other AF_INET.
         */
!       bcopy(VFSTONFS(vp->v_mount)->nm_nam, &msg.lm_addr,
!               min(sizeof msg.lm_addr, VFSTONFS(vp->v_mount)->nm_nam->sa_len));        msg.lm_fh_len = NFS_ISV3(vp) ? VTONFS(vp)->n_fhsize : NFSX_V2FH;
        bcopy(VTONFS(vp)->n_fhp, msg.lm_fh, msg.lm_fh_len);
        msg.lm_nfsv3 = NFS_ISV3(vp);
***************
*** 260,267 ****
            ((ansp->la_msg_ident.msg_seq != -1) &&
              (timevalcmp(&p->p_nlminfo->pid_start,
                        &ansp->la_msg_ident.pid_start, !=) ||
!              p->p_nlminfo->msg_seq != ansp->la_msg_ident.msg_seq)))
                return (EPIPE);

        p->p_nlminfo->retcode = ansp->la_errno;
        p->p_nlminfo->set_getlk_pid = ansp->la_set_getlk_pid;
--- 261,270 ----
            ((ansp->la_msg_ident.msg_seq != -1) &&
              (timevalcmp(&p->p_nlminfo->pid_start,
                        &ansp->la_msg_ident.pid_start, !=) ||
!              p->p_nlminfo->msg_seq != ansp->la_msg_ident.msg_seq))) {
                return (EPIPE);
+               PROC_UNLOCK(p);
+       }

        p->p_nlminfo->retcode = ansp->la_errno;
        p->p_nlminfo->set_getlk_pid = ansp->la_set_getlk_pid;
***************
*** 269,273 ****
--- 272,277 ----

        (void)wakeup((void *)p->p_nlminfo);

+       PROC_UNLOCK(p);
        return (0);
  }

>Release-Note:
>Audit-Trail:

From: Jean-Luc Richier <Jean-Luc.Richier@imag.fr>
To: freebsd-gnats-submit@FreeBSD.org, Jean-Luc.Richier@imag.fr
Cc:  
Subject: Re: kern/27776: rpc.lockd panic with FreeBSD-5.0
Date: Wed, 30 May 2001 20:03:00 +0200

 This is a multi-part message in MIME format.
 --------------010151A749A1FAC1BAFB19CD
 Content-Type: text/plain; charset=us-ascii
 Content-Transfer-Encoding: 7bit
 
 About the, proposed patch, I see I made a mistake as my diff contains
 a diff which is not for the bug, but for an attempt to prot to IPv6
 The correct patch is simpler, cf the attached file
 
 
 
 
 --
 Jean-Luc RICHIER (Jean-Luc.Richier@Imag.Fr  richier@imag.fr)
 Laboratoire Logiciels, Systemes et Reseaux (LSR-IMAG)
 IMAG-CAMPUS, BP 72, F-38402 St Martin d'Heres Cedex
 Tel : +33 4 76 82 72 32 Fax : +33 4 76 82 72 87
 
 
 --------------010151A749A1FAC1BAFB19CD
 Content-Type: text/plain; charset=us-ascii; name="patch_nfs_lock.c"
 Content-Transfer-Encoding: 7bit
 Content-Disposition: inline; filename="patch_nfs_lock.c"
 
 *** /usr/src/sys/nfs/nfs_lock.c.DIST	Sat May 26 01:36:46 2001
 --- /usr/src/sys/nfs/nfs_lock.c	Wed May 30 11:58:06 2001
 ***************
 *** 260,267 ****
   	    ((ansp->la_msg_ident.msg_seq != -1) &&
   	      (timevalcmp(&p->p_nlminfo->pid_start,
   			&ansp->la_msg_ident.pid_start, !=) ||
 ! 	       p->p_nlminfo->msg_seq != ansp->la_msg_ident.msg_seq)))
   		return (EPIPE);
   
   	p->p_nlminfo->retcode = ansp->la_errno;
   	p->p_nlminfo->set_getlk_pid = ansp->la_set_getlk_pid;
 --- 261,270 ----
   	    ((ansp->la_msg_ident.msg_seq != -1) &&
   	      (timevalcmp(&p->p_nlminfo->pid_start,
   			&ansp->la_msg_ident.pid_start, !=) ||
 ! 	       p->p_nlminfo->msg_seq != ansp->la_msg_ident.msg_seq))) {
 + 		PROC_UNLOCK(p);
   		return (EPIPE);
 + 	}
   
   	p->p_nlminfo->retcode = ansp->la_errno;
   	p->p_nlminfo->set_getlk_pid = ansp->la_set_getlk_pid;
 ***************
 *** 269,273 ****
 --- 272,277 ----
   
   	(void)wakeup((void *)p->p_nlminfo);
   
 + 	PROC_UNLOCK(p);
   	return (0);
   }
 
 --------------010151A749A1FAC1BAFB19CD--
 
State-Changed-From-To: open->closed 
State-Changed-By: jake 
State-Changed-When: Thu May 31 18:31:07 PDT 2001 
State-Changed-Why:  
Committed, thanks! 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=27776 

From: Peter Wemm <peter@wemm.org>
To: Jean-Luc.Richier@imag.fr
Cc: freebsd-gnats-submit@FreeBSD.ORG
Subject: Re: kern/27776: rpc.lockd panic with FreeBSD-5.0 
Date: Fri, 01 Jun 2001 09:08:38 -0700

 Jean-Luc.Richier@imag.fr wrote:
 [...]
 >             ((ansp->la_msg_ident.msg_seq != -1) &&
 >               (timevalcmp(&p->p_nlminfo->pid_start,
 >                         &ansp->la_msg_ident.pid_start, !=) ||
 > !              p->p_nlminfo->msg_seq != ansp->la_msg_ident.msg_seq))) {
 >                 return (EPIPE);
 > +               PROC_UNLOCK(p);
 > +       }
 
 I'm not sure that this section is going to work too well...
 
 Cheers,
 -Peter
 --
 Peter Wemm - peter@FreeBSD.org; peter@yahoo-inc.com; peter@netplex.com.au
 "All of this is for nothing if we don't go to the stars" - JMS/B5
 
>Unformatted:
