NetBSD Problem Report #47226
From njoly@lynche.sis.pasteur.fr Wed Nov 21 10:21:27 2012
Return-Path: <njoly@lynche.sis.pasteur.fr>
Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66])
by www.NetBSD.org (Postfix) with ESMTP id 1445163DCB2
for <gnats-bugs@gnats.NetBSD.org>; Wed, 21 Nov 2012 10:21:27 +0000 (UTC)
Message-Id: <20121121102136.8C9FBBCA24@lynche.sis.pasteur.fr>
Date: Wed, 21 Nov 2012 11:21:36 +0100 (CET)
From: njoly@pasteur.fr
Reply-To: njoly@pasteur.fr
To: gnats-bugs@gnats.NetBSD.org
Subject: KASSERT while running t_faccessat on tmpfs mount
X-Send-Pr-Version: 3.95
>Number: 47226
>Category: kern
>Synopsis: KASSERT while running t_faccessat on tmpfs
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: njoly
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Wed Nov 21 10:25:00 +0000 2012
>Closed-Date: Fri Nov 30 14:25:55 +0000 2012
>Last-Modified: Fri Nov 30 14:25:55 +0000 2012
>Originator: Nicolas Joly
>Release: NetBSD 6.99.15
>Organization:
Institut Pasteur, Paris.
>Environment:
System: NetBSD lynche.sis.pasteur.fr 6.99.15 NetBSD 6.99.15 (LYNCHE) #2: Tue Nov 20 15:27:15 CET 2012 njoly@lynche.sis.pasteur.fr:/local/src/NetBSD/obj.amd64/sys/arch/amd64/compile/LYNCHE amd64
Architecture: x86_64
Machine: amd64
>Description:
Running new *at testcase using a tmpfs mount for /tmp makes the kernel
panic with a KASSERT ...
panic: kernel diagnostic assertion "VOP_ISLOCKED(vp)" failed: file "/local/src/NetBSD/src/sys/fs/tmpfs/tmpfs_vnops.c", line 402
cpu0: Begin traceback...
kern_assert() at netbsd:kern_assert+0x48
tmpfs_access() at netbsd:tmpfs_access+0x15f
VOP_ACCESS() at netbsd:VOP_ACCESS+0x33
fd_nameiat() at netbsd:fd_nameiat+0x75
do_sys_accessat() at netbsd:do_sys_accessat+0xc0
syscall() at netbsd:syscall+0x94
--- syscall (number 462) ---
7f7ff703a45a:
cpu0: End traceback...
>How-To-Repeat:
Use tmpfs mount for /tmp
cd /usr/tests/lib/libc/c063
atf-run | atf-report
>Fix:
Please
>Release-Note:
>Audit-Trail:
From: "J. Hannken-Illjes" <hannken@eis.cs.tu-bs.de>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: kern/47226: KASSERT while running t_faccessat on tmpfs mount
Date: Wed, 21 Nov 2012 19:39:27 +0100
--Apple-Mail=_A72DD895-6759-4925-9D1F-D9E3B2750077
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
charset=us-ascii
Both fd_nameiat() and fd_nameiat_simple() call VOP_ACCESS() on
an unlocked vnode which is wrong.
The untested diff attached could fix it.
--
J. Hannken-Illjes - hannken@eis.cs.tu-bs.de - TU Braunschweig (Germany)
--Apple-Mail=_A72DD895-6759-4925-9D1F-D9E3B2750077
Content-Disposition: attachment;
filename=diff.txt
Content-Type: text/plain;
x-unix-mode=0644;
name="diff.txt"
Content-Transfer-Encoding: 7bit
Index: vfs_syscalls.c
===================================================================
RCS file: /cvsroot/src/sys/kern/vfs_syscalls.c,v
retrieving revision 1.461
diff -p -u -2 -r1.461 vfs_syscalls.c
--- vfs_syscalls.c 19 Nov 2012 15:01:17 -0000 1.461
+++ vfs_syscalls.c 21 Nov 2012 18:40:17 -0000
@@ -183,5 +183,7 @@ fd_nameiat(struct lwp *l, int fdat, stru
if (!(dfp->f_flag & FSEARCH)) {
+ vn_lock(dfp->f_data, LK_EXCLUSIVE);
error = VOP_ACCESS(dfp->f_data, VEXEC, l->l_cred);
+ VOP_UNLOCK(dfp->f_data);
if (error)
goto cleanup;
@@ -213,5 +215,7 @@ fd_nameiat_simple_user(struct lwp *l, in
if (!(dfp->f_flag & FSEARCH)) {
+ vn_lock(dfp->f_data, LK_EXCLUSIVE);
error = VOP_ACCESS(dfp->f_data, VEXEC, l->l_cred);
+ VOP_UNLOCK(dfp->f_data);
if (error)
goto cleanup;
--Apple-Mail=_A72DD895-6759-4925-9D1F-D9E3B2750077--
From: Nicolas Joly <njoly@pasteur.fr>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: kern/47226: KASSERT while running t_faccessat on tmpfs mount
Date: Thu, 22 Nov 2012 18:29:20 +0100
On Wed, Nov 21, 2012 at 06:40:07PM +0000, J. Hannken-Illjes wrote:
> The following reply was made to PR kern/47226; it has been noted by GNATS.
>
> From: "J. Hannken-Illjes" <hannken@eis.cs.tu-bs.de>
> To: gnats-bugs@NetBSD.org
> Cc:
> Subject: Re: kern/47226: KASSERT while running t_faccessat on tmpfs mount
> Date: Wed, 21 Nov 2012 19:39:27 +0100
>
> --Apple-Mail=_A72DD895-6759-4925-9D1F-D9E3B2750077
> Content-Transfer-Encoding: 7bit
> Content-Type: text/plain;
> charset=us-ascii
>
> Both fd_nameiat() and fd_nameiat_simple() call VOP_ACCESS() on
> an unlocked vnode which is wrong.
>
> The untested diff attached could fix it.
It does, thanks !
I had to make the same locking dance to do_sys_openat() which,
likewise, calls VOP_ACCESS() without locking.
panic: kernel diagnostic assertion "VOP_ISLOCKED(vp)"failed: file "/local/src/N
etBSD/src/sys/fs/tmpfs/tmpfs_vnops.c",line 402
cpu1: Begin traceback...
kern_assert() at netbsd:kern_assert+0x48
tmpfs_access() at netbsd:tmpfs_access+0x15f
VOP_ACCESS() at netbsd:VOP_ACCESS+0x33
do_sys_openat() at netbsd:do_sys_openat+0xbe
sys_openat() at netbsd:sys_openat+0x22
syscall() at netbsd:syscall+0x94
--- syscall (number 468) ---
7f7ff7039cda:
cpu1: End traceback...
--
Nicolas Joly
Biology IT Center
Institut Pasteur, Paris.
From: "Nicolas Joly" <njoly@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/47226 CVS commit: src/sys/kern
Date: Fri, 30 Nov 2012 13:26:37 +0000
Module Name: src
Committed By: njoly
Date: Fri Nov 30 13:26:37 UTC 2012
Modified Files:
src/sys/kern: vfs_syscalls.c
Log Message:
Apply fix from hannken to ensure that VOP_ACCESS() is called on a
locked vnode for fd_nameiat(), fd_nameiat_simple() and do_sys_openat().
Fix both PR/47226 and PR/47255.
To generate a diff of this commit:
cvs rdiff -u -r1.461 -r1.462 src/sys/kern/vfs_syscalls.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Responsible-Changed-From-To: kern-bug-people->njoly
Responsible-Changed-By: njoly@NetBSD.org
Responsible-Changed-When: Fri, 30 Nov 2012 14:25:55 +0000
Responsible-Changed-Why:
take
State-Changed-From-To: open->closed
State-Changed-By: njoly@NetBSD.org
State-Changed-When: Fri, 30 Nov 2012 14:25:55 +0000
State-Changed-Why:
Fix apllied.
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.