Subject: kern/1145: umount & df may panic NetBSD
To: None <gnats-admin@sun-lamp.pc.cs.cmu.edu>
From: Arne Henrik Juul <arnej@imf.unit.no>
List: netbsd-bugs
Date: 06/20/1995 05:20:12
>Number: 1145
>Category: kern
>Synopsis: umount & df may panic NetBSD
>Confidential: no
>Severity: serious
>Priority: low
>Responsible: kern-bug-people (Kernel Bug People)
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Tue Jun 20 05:20:10 1995
>Originator: Arne H. Juul
>Organization:
University of Trondheim, Norway
>Release: NetBSD-current as of about 9 Jun 1995
>Environment:
System: NetBSD rtfm.imf.unit.no 1.0A NetBSD 1.0A (RTFM) #1: Sun Jun 11 18:53:58 MET DST 1995 root@rtfm.imf.unit.no:/usr/src/sys/arch/i386/compile/RTFM i386
>Description:
If you run 'df' (or any program that uses getfsstat) while
an 'umount' is in progress the system may crash. This will
probably mostly happen when it's a NFS file system, but could
possibly also happen with local file systems.
>How-To-Repeat:
: If your /usr/src is NFS-mounted :
while true; do
mount /usr/src; ls -la /usr/src/lib/Makefile;
umount /usr/src; sleep 1;
done &
while :; do df; done
>Fix:
The following patch should fix the problem. At least I am no
longer able to provoke it with the above commands.
--- vfs_syscalls.c Fri Jun 2 12:06:46 1995
+++ vfs_syscalls.c.min Sun Jun 11 20:06:40 1995
@@ -547,7 +547,6 @@
sfsp = (caddr_t)SCARG(uap, buf);
for (count = 0,
mp = mountlist.cqh_first; mp != (void *)&mountlist; mp = nmp) {
- nmp = mp->mnt_list.cqe_next;
if (sfsp && count < maxcount &&
((mp->mnt_flag & MNT_MLOCK) == 0)) {
sp = &mp->mnt_stat;
@@ -564,6 +563,7 @@
return (error);
sfsp += sizeof(*sp);
}
+ nmp = mp->mnt_list.cqe_next;
count++;
}
if (sfsp && count > maxcount)
>Audit-Trail:
>Unformatted: