Date: Tue, 26 Feb 2002 02:37:47 +0000 From: Ian Dowse <iedowse@maths.tcd.ie> To: Kirk McKusick <mckusick@mckusick.com> Cc: Matthew Dillon <dillon@apollo.backplane.com>, Kris Kennaway <kris@obsecurity.org>, Tony Finch <dot@dotat.at>, fs@FreeBSD.ORG, fanf@chiark.greenend.org.uk Subject: Re: UFS panic on -stable Message-ID: <200202260237.aa51774@salmon.maths.tcd.ie> In-Reply-To: Your message of "Mon, 25 Feb 2002 17:41:08 PST." <200202260141.g1Q1f8i28365@beastie.mckusick.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <200202260141.g1Q1f8i28365@beastie.mckusick.com>, Kirk McKusick writ
es:
>this bug. It does point a big finger at the buffer cache code
>since that would be about the only place that data corruption
>could be happening here.
My feeling was that this particular crash may be caused by something
at the vnode level since it appeared that the inode had been fully
freed while the vnode was still referenced. The process was sshd,
so I was looking for something that could have changed the mode on
the inode after it had been inadvertantly freed. The best I've
found so far is in the ssh source there is the code:
/* Releases the tty. Its ownership is returned to root,
and permissions to 0666. */
void
pty_release(const char *ttyname)
{
if (chown(ttyname, (uid_t) 0, (gid_t) 0) < 0)
...
if (chmod(ttyname, (mode_t) 0666) < 0)
...
The inode looked as if a VOP_SETATTR to gid root, uid root, mode 666
had succeeded even though the inode was already free. That explains
the lack of IFMT bits in the mode argument to ffs_freefile().
Kris, if it's not too awkward to make changes to the cluster kernels,
could you try applying the following extra sanity check to ufs_chmod?
This should attempt to catch the bug a little bit earlier by detecting
an attempt to VOP_SETATTR a free inode.
Ian
Index: ufs_vnops.c
===================================================================
RCS file: /dump/FreeBSD-CVS/src/sys/ufs/ufs/ufs_vnops.c,v
retrieving revision 1.131.2.7
diff -u -r1.131.2.7 ufs_vnops.c
--- ufs_vnops.c 5 Feb 2002 18:35:04 -0000 1.131.2.7
+++ ufs_vnops.c 26 Feb 2002 02:28:02 -0000
@@ -570,6 +570,8 @@
if (!groupmember(ip->i_gid, cred) && (mode & ISGID))
return (EPERM);
}
+ if (ip->i_mode == 0)
+ panic("ufs_chmod: free inode");
ip->i_mode &= ~ALLPERMS;
ip->i_mode |= (mode & ALLPERMS);
ip->i_flag |= IN_CHANGE;
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-fs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi? <200202260237.aa51774>