On Jan 3, 2014, at 10:18 PM, J. Hannken-Illjes <hann...@eis.cs.tu-bs.de> wrote:

> On Jan 3, 2014, at 10:13 PM, Mindaugas Rasiukevicius <rm...@netbsd.org> wrote:
>> "Juergen Hannken-Illjes" <hann...@netbsd.org> wrote:
>>> Module Name:        src
>>> Committed By:       hannken
>>> Date:               Fri Jan  3 09:53:12 UTC 2014
>>> Modified Files:
>>>     src/sys/fs/tmpfs: tmpfs_subr.c tmpfs_vnops.c
>>> Log Message:
>>> Fix a race where thread1 runs VOP_REMOVE() and gets preempted in
>>> tmpfs_reclaim() before the call to tmpfs_free_node().  Thread2
>>> runs VFS_FHTOVP() and gets a new vnode attached to the node thread1
>>> is about to destroy.
>>> Change tmpfs_alloc_node() to always assign non-zero generation number
>>> and tmpfs_inactive() to set the generation number of unlinked nodes
>>> to zero.
>> Can you explain how does this help?  It still seems racy to me.
> Please describe the race in more detail.  Tmpfs_fhtovp() will fail
> as soon as an unlinked tmpfs node drops its last vnode reference.

Ok -- got it.  We check the generation number too early in tmpfs_fhtovp().

Should be fixed with tmpfs_vfsops.c Rev. 1.55

J. Hannken-Illjes - hann...@eis.cs.tu-bs.de - TU Braunschweig (Germany)

Reply via email to