| commit | a9d06cca8c6894668c0d26cfa6846fb58975a647 | |
| author | Matthew Dillon <dillon@apollo.backplane.com> | |
| Fri, 10 Feb 2017 00:51:44 +0000 (9 16:51 -0800) | ||
| committer | Matthew Dillon <dillon@apollo.backplane.com> | |
| Fri, 10 Feb 2017 02:53:11 +0000 (9 18:53 -0800) | ||
| tree | 8d54110a460b36719a515249e81bc2c8820b7a02 | treesnapshot (tar.gz zip) |
| parent | 6ecfb2faec4c2a98c30079c69c9ba5d51cf549f7 | commitdiff |
kernel - Fix vmspace termination race (2)
* Fix a race and fix dangling cached mount points. At the point where
dounmount() checks to see if there are any dangling cache refs left
it has already dropped its own ref on the mp. The test, however,
was (refs > 1). The test needs to be (refs > 0).
This race was probably causing the corruption, and in fact its the
smoking gun because the mp->mnt_refs field is at the same offset as
the pmap->copyin field, and the pmap->copyin field was getting
corrupted by being decremented by 1.
* Fix a race where the unmount code was issuing tue dounmount() call
without any ref or hold on the mp. This race was unlikely (requires
two unmounts of the same partition at the same time).
* Fix a race and fix dangling cached mount points. At the point where
dounmount() checks to see if there are any dangling cache refs left
it has already dropped its own ref on the mp. The test, however,
was (refs > 1). The test needs to be (refs > 0).
This race was probably causing the corruption, and in fact its the
smoking gun because the mp->mnt_refs field is at the same offset as
the pmap->copyin field, and the pmap->copyin field was getting
corrupted by being decremented by 1.
* Fix a race where the unmount code was issuing tue dounmount() call
without any ref or hold on the mp. This race was unlikely (requires
two unmounts of the same partition at the same time).
| sys/kern/vfs_mount.c | diffblobblamehistory | |
| sys/kern/vfs_syscalls.c | diffblobblamehistory |