Date: Sun, 25 Mar 2001 11:40:02 -0800 (PST) From: Ian Dowse <iedowse@maths.tcd.ie> To: freebsd-bugs@FreeBSD.org Subject: Re: i386/26049: bug in modular vn code causes a fatal trap 12 Message-ID: <200103251940.f2PJe2O42284@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR i386/26049; it has been noted by GNATS.
From: Ian Dowse <iedowse@maths.tcd.ie>
To: chervarium@nove.bg
Cc: freebsd-gnats-submit@FreeBSD.org, iedowse@maths.tcd.ie
Subject: Re: i386/26049: bug in modular vn code causes a fatal trap 12
Date: Sun, 25 Mar 2001 20:30:38 +0100
In message <200103241152.f2OBqOh33828@freefall.freebsd.org>, chervarium@nove.bg
writes:
>@@ -776,6 +776,7 @@
> vnclear(vn);
> free(vn, M_DEVBUF);
> }
>+ cdevsw_remove(&vn_cdevsw);
> break;
Thanks for the bug report, though it seems that this patch is not
quite enough to solve the problems that occur when unloading the
`vn' module after use.
If you attempt to use vnconfig again after the module has been
unloaded, it may appear to work, but the system could become unstable
and crash somewhere else. With 'options INVARIANTS' in the kernel
config file, this problem is much more obvious and the following
sequence of operations will cause a crash.
dd if=/dev/zero bs=1k count=100 of=/tmp/foo
vnconfig -e /dev/vn0 /tmp/foo
vnconfig -u /dev/vn0
kldunload vn
vnconfig -e /dev/vn0 /tmp/foo
The following patch, which includes the cdevsw_remove you suggested,
seems to solve this. The module stores a pointer to the vn_softc in
the device si_drv1 field, but this pointer will be stale if the
module is unloaded and then reloaded. This patch avoids the use
of this saved pointer in vnopen by forcing a full lookup.
Ian
Index: vn.c
===================================================================
RCS file: /dump/FreeBSD-CVS/src/sys/dev/vn/Attic/vn.c,v
retrieving revision 1.105.2.1
diff -u -r1.105.2.1 vn.c
--- vn.c 2000/05/15 16:50:33 1.105.2.1
+++ vn.c 2001/03/25 19:09:54
@@ -177,13 +177,10 @@
struct vn_softc *vn;
unit = dkunit(dev);
- vn = dev->si_drv1;
- if (!vn) {
- SLIST_FOREACH(vn, &vn_list, sc_list) {
- if (vn->sc_unit == unit) {
- dev->si_drv1 = vn;
- break;
- }
+ SLIST_FOREACH(vn, &vn_list, sc_list) {
+ if (vn->sc_unit == unit) {
+ dev->si_drv1 = vn;
+ break;
}
}
if (!vn) {
@@ -208,9 +205,7 @@
/*
* Locate preexisting device
*/
-
- if ((vn = dev->si_drv1) == NULL)
- vn = vnfindvn(dev);
+ vn = vnfindvn(dev);
/*
* Update si_bsize fields for device. This data will be overriden by
@@ -776,6 +771,7 @@
vnclear(vn);
free(vn, M_DEVBUF);
}
+ cdevsw_remove(&vn_cdevsw);
break;
default:
break;
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200103251940.f2PJe2O42284>