From kato@migmatite.eps.nagoya-u.ac.jp  Tue Feb  3 07:34:02 1998
Received: from marble.eps.nagoya-u.ac.jp (marble.eps.nagoya-u.ac.jp [133.6.124.146])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id HAA10981
          for <FreeBSD-gnats-submit@freebsd.org>; Tue, 3 Feb 1998 07:34:01 -0800 (PST)
          (envelope-from kato@migmatite.eps.nagoya-u.ac.jp)
Received: (from kato@localhost) by marble.eps.nagoya-u.ac.jp (8.8.8/3.4W4) id AAA00403; Wed, 4 Feb 1998 00:33:53 +0900 (JST)
Message-Id: <199802031533.AAA00403@marble.eps.nagoya-u.ac.jp>
Date: Wed, 4 Feb 1998 00:33:53 +0900 (JST)
From: KATO Takenori <kato@migmatite.eps.nagoya-u.ac.jp>
Reply-To: kato@migmatite.eps.nagoya-u.ac.jp
To: FreeBSD-gnats-submit@freebsd.org
Subject: locking violation in umapfs
X-Send-Pr-Version: 3.2

>Number:         5634
>Category:       kern
>Synopsis:       locking violation in umapfs
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Feb  3 07:40:01 PST 1998
>Closed-Date:    Sat Feb 7 00:45:47 PST 1998
>Last-Modified:  Sat Feb  7 00:47:31 PST 1998
>Originator:     KATO Takenori
>Release:        FreeBSD 3.0-CURRENT i386
>Organization:
Dept. Earth Planet. Sci, Nagoya Univ.
>Environment:

umapfs kernel

>Description:

The umap_node_find() calls vget at flags = 0.  This code assumes that
vget() does not lock vnode in it.  It is true in 4.4BSD-Lite2 but
vget() in FreeBSD may lock vnode in it.  Therefore, we should not
assume that vget() does not lock vnode.

>How-To-Repeat:

Using umapfs.

>Fix:
	
---------- BEGIN ----------
*** umap_subr.c.ORIG	Tue Feb  3 23:12:33 1998
--- umap_subr.c	Wed Feb  4 00:19:53 1998
***************
*** 143,148 ****
--- 143,150 ----
  	struct umap_node_hashhead *hd;
  	struct umap_node *a;
  	struct vnode *vp;
+ 	int	error;
+ 	int	vpunlocked;
  
  #ifdef UMAPFS_DIAGNOSTIC
  	printf("umap_node_find(mp = %x, target = %x)\n", mp, targetvp);
***************
*** 165,171 ****
  			 * stuff, but we don't want to lock
  			 * the lower node.
  			 */
! 			if (vget(vp, 0, p)) {
  #ifdef UMAPFS_DIAGNOSTIC
  				printf ("umap_node_find: vget failed.\n");
  #endif
--- 167,181 ----
  			 * stuff, but we don't want to lock
  			 * the lower node.
  			 */
! 			if (VOP_ISLOCKED(vp)) {
! 				VOP_UNLOCK(vp, 0, p);
! 				vpunlocked = 1;
! 			} else
! 				vpunlocked = 0;
! 			error = vget(vp, 0, p);
! 			if (vpunlocked)
! 				vn_lock(vp, LK_EXCLUSIVE|LK_RETRY, p);
! 			if (error) {
  #ifdef UMAPFS_DIAGNOSTIC
  				printf ("umap_node_find: vget failed.\n");
  #endif
---------- END ----------
>Release-Note:
>Audit-Trail:

From: KATO Takenori <kato@migmatite.eps.nagoya-u.ac.jp>
To: FreeBSD-gnats-submit@FreeBSD.ORG
Cc:  Subject: Re: kern/5634: locking violation in umapfs
Date: Wed, 04 Feb 1998 11:02:47 +0900

 KATO Takenori <kato@migmatite.eps.nagoya-u.ac.jp> wrote:
 
 > The umap_node_find() calls vget at flags = 0.  This code assumes that
 > vget() does not lock vnode in it.  It is true in 4.4BSD-Lite2 but
 > vget() in FreeBSD may lock vnode in it.  Therefore, we should not
 > assume that vget() does not lock vnode.
 
 Same problem exists in nullfs.
 
 ----
 KATO Takenori <kato@ganko.eps.nagoya-u.ac.jp>
 Dept. Earth Planet. Sci., Nagoya Univ.,  Nagoya, 464-01, Japan
 PGP public key: finger kato@eclogite.eps.nagoya-u.ac.jp
 ------------------- Powered by FreeBSD(98) -------------------
State-Changed-From-To: open->closed 
State-Changed-By: kato 
State-Changed-When: Sat Feb 7 00:45:47 PST 1998 
State-Changed-Why:  
vget() is fixed (vfs_subr.c revision 1.131). 
>Unformatted:
