On Jan 3, 2014, at 10:18 PM, J. Hannken-Illjes <hann...@eis.cs.tu-bs.de> wrote:
> On Jan 3, 2014, at 10:13 PM, Mindaugas Rasiukevicius <rm...@netbsd.org> wrote: > >> "Juergen Hannken-Illjes" <hann...@netbsd.org> wrote: >>> Module Name: src >>> Committed By: hannken >>> Date: Fri Jan 3 09:53:12 UTC 2014 >>> >>> Modified Files: >>> src/sys/fs/tmpfs: tmpfs_subr.c tmpfs_vnops.c >>> >>> Log Message: >>> Fix a race where thread1 runs VOP_REMOVE() and gets preempted in >>> tmpfs_reclaim() before the call to tmpfs_free_node(). Thread2 >>> runs VFS_FHTOVP() and gets a new vnode attached to the node thread1 >>> is about to destroy. >>> >>> Change tmpfs_alloc_node() to always assign non-zero generation number >>> and tmpfs_inactive() to set the generation number of unlinked nodes >>> to zero. >> >> Can you explain how does this help? It still seems racy to me. > > Please describe the race in more detail. Tmpfs_fhtovp() will fail > as soon as an unlinked tmpfs node drops its last vnode reference. Ok -- got it. We check the generation number too early in tmpfs_fhtovp(). Should be fixed with tmpfs_vfsops.c Rev. 1.55 -- J. Hannken-Illjes - hann...@eis.cs.tu-bs.de - TU Braunschweig (Germany)
