From owner-freebsd-current  Wed Oct 24 13:29:56 2001
Delivered-To: freebsd-current@freebsd.org
Received: from mailman.zeta.org.au (mailman.zeta.org.au [203.26.10.16])
	by hub.freebsd.org (Postfix) with ESMTP id D878D37B401
	for <FreeBSD-current@FreeBSD.ORG>; Wed, 24 Oct 2001 13:29:49 -0700 (PDT)
Received: from bde.zeta.org.au (bde.zeta.org.au [203.2.228.102])
	by mailman.zeta.org.au (8.9.3/8.8.7) with ESMTP id GAA24218;
	Thu, 25 Oct 2001 06:29:09 +1000
Date: Thu, 25 Oct 2001 06:28:14 +1000 (EST)
From: Bruce Evans <bde@zeta.org.au>
X-X-Sender:  <bde@delplex.bde.org>
To: Jonathan Lemon <jlemon@flugsvamp.com>
Cc: Matthew Dillon <dillon@apollo.backplane.com>,
	Jun Kuriyama <kuriyama@imgsrc.co.jp>,
	David Wolfskill <david@catwhisker.org>,
	Current <FreeBSD-current@FreeBSD.ORG>
Subject: Re: panic: vrele: missed vn_close
In-Reply-To: <20011024135503.C75389@prism.flugsvamp.com>
Message-ID: <20011025060816.S73743-100000@delplex.bde.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-current.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-current>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-current>
X-Loop: FreeBSD.ORG

On Wed, 24 Oct 2001, Jonathan Lemon wrote:

> Hmm.  The way the revamped console code works is this:
>
>   cn_devopen() calls vn_open() to open the device.  If this is not a
> VCHR device, then it is closed.  Otherwise, the vnode is stashed in
> cnd->cnd_vp.
>
>   When the device is closed though cnclose(), it walks through a list
> of console devices, and if cnd_vp != NULL, calls vn_close() for that
> vnode, and then NULLs out cnd_vp. (drops the reference.)
>
>   My understanding is that vn_open/vn_close will track the count of
> outstanding references to the vnode, so this should be safe to do.

The reference counts were inadequate for handling controlling terminals
in the old version.  I don't see how this can work now.  You do extra
opens.  This will prevent controlling ttys going away properly.  E.g.,
suppose sio0 is a console device and is completely closed.  The following
sequence of operations should leave it a non-controlling tty:

				sio0's ref count
	open sio0		1
	make sio0 a ctty	2
	open cn			3
	close sio0		2
	lose sio0 as a ctty	1

sioclose() will not be called here since the reference count is > 0,
so ctty-related stuff in its tty struct will not be cleared, and things
break.

Similarly with sio0 and cn reversed.

The old code had kludges to handle one of these cases.  I had fixes
for the other one.  These are now invalid (sigh).  I didn't commit
them because there seemed to be a lot of races nearby.  Perhaps the
panic is caused a race.  The races are related to stashing of pointers
related to controlling terminals.  The lifetime of these pointers is
unclear.

Bruce


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message