NetBSD Problem Report #47255

From prlw1@inf.phy.cam.ac.uk  Tue Nov 27 14:25:09 2012
Return-Path: <prlw1@inf.phy.cam.ac.uk>
Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66])
	by www.NetBSD.org (Postfix) with ESMTP id 28CD163DFC7
	for <gnats-bugs@gnats.netbsd.org>; Tue, 27 Nov 2012 14:25:09 +0000 (UTC)
Message-Id: <E1TdM5w-0005Jc-Gq@quartz.inf.phy.cam.ac.uk>
Date: Tue, 27 Nov 2012 14:25:04 +0000
From: prlw1@cam.ac.uk
Sender: Patrick Welche <prlw1@inf.phy.cam.ac.uk>
Reply-To: prlw1@cam.ac.uk
To: gnats-bugs@gnats.NetBSD.org
Subject: openat kernel panic on tmpfs
X-Send-Pr-Version: 3.95

>Number:         47255
>Category:       kern
>Synopsis:       openat() of file/directory on tmpfs triggers diagnostic assertion
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    njoly
>State:          closed
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Nov 27 14:30:00 +0000 2012
>Closed-Date:    Mon Dec 03 12:58:21 +0000 2012
>Last-Modified:  Mon Dec 03 12:58:21 +0000 2012
>Originator:     Patrick Welche
>Release:        NetBSD 6.99.15
>Organization:

>Environment:
-current/amd64 of 26 Nov 2012 15:56 GMT
>Description:
The program below run as a normal user causes a diagnostic assertion to fail:

(hand copied:)
panic: kernel diagnostic assertion "VOP_ISLOCKED(vp" failed: file "../../../../fs/tmpfs/tmpfs_vnops.c", line 402
cpu3: Begin traceback...
kern_assert()
tmpfs_access() +0x15f
VOP_ACCESS() +0x33
do_sys_openat() +0xbe
sys_openat() +0x22
syscall number 468  +0x94

trap type 1 code 0 rip ffff ffffff 8019 1ccd cs 8 rflags 246 cr2 7f7f f796 3330 ilevel 8 rsp ffff fe80 01ae 1a60


sync fails to give a core dump (panic during attempt)


>How-To-Repeat:
==================== Makefile ====================
PROG=openat_test
CPPFLAGS+=-D_INCOMPLETE_XOPEN_C063
MKMAN=no
.include <bsd.prog.mk>
================== openat_test.c =================
#include <err.h>
#include <fcntl.h>
#include <unistd.h>

int main()
{
	int fd, dfd;

	if (mkdir("/tmp/openfoo", 0755) != 0)
		err(1, NULL);

	dfd = open("/tmp/openfoo", O_RDONLY, 0);
	if (dfd == -1)
		err(1, NULL);

	fd = openat(dfd, "/tmp/openfoo/bar", O_RDONLY, 0);
	if (fd == -1)
		err(1, NULL);

	if (close(dfd) != 0)
		err(1, NULL);

	if (close(fd) != 0)
		err(1, NULL);

	return 0;
}
==================================================
>Fix:


>Release-Note:

>Audit-Trail:
From: "Nicolas Joly" <njoly@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/47255 CVS commit: src/sys/kern
Date: Fri, 30 Nov 2012 13:26:37 +0000

 Module Name:	src
 Committed By:	njoly
 Date:		Fri Nov 30 13:26:37 UTC 2012

 Modified Files:
 	src/sys/kern: vfs_syscalls.c

 Log Message:
 Apply fix from hannken to ensure that VOP_ACCESS() is called on a
 locked vnode for fd_nameiat(), fd_nameiat_simple() and do_sys_openat().
 Fix both PR/47226 and PR/47255.


 To generate a diff of this commit:
 cvs rdiff -u -r1.461 -r1.462 src/sys/kern/vfs_syscalls.c

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

Responsible-Changed-From-To: kern-bug-people->njoly
Responsible-Changed-By: njoly@NetBSD.org
Responsible-Changed-When: Fri, 30 Nov 2012 14:32:05 +0000
Responsible-Changed-Why:
take


State-Changed-From-To: open->feedback
State-Changed-By: njoly@NetBSD.org
State-Changed-When: Fri, 30 Nov 2012 14:32:05 +0000
State-Changed-Why:
I just commited a fix for your problem.
Can you confirm that it works ?
Thanks.


From: Patrick Welche <prlw1@cam.ac.uk>
To: gnats-bugs@NetBSD.org
Cc: njoly@NetBSD.org, kern-bug-people@netbsd.org, netbsd-bugs@netbsd.org,
	gnats-admin@netbsd.org
Subject: Re: kern/47255 (openat() of file/directory on tmpfs triggers
 diagnostic assertion)
Date: Mon, 3 Dec 2012 12:04:06 +0000

 On Fri, Nov 30, 2012 at 02:32:09PM +0000, njoly@NetBSD.org wrote:
 > I just commited a fix for your problem.
 > Can you confirm that it works ?

 Indeed it does - thank you!
 (Now amended my test to actually use openat in the sense of relative path...)

State-Changed-From-To: feedback->closed
State-Changed-By: njoly@NetBSD.org
State-Changed-When: Mon, 03 Dec 2012 12:58:21 +0000
State-Changed-Why:
Confirmed fixed.
Thanks.


>Unformatted:

Home	PR Database Search