Differential D56497

virtio_p9fs: Fix kernel panic on module unload
AcceptedPublic
Actions

Authored by arichardson on Sat, Apr 18, 6:00 AM.

Tags

None

Referenced Files

	Unknown Object (File)
	Sat, Apr 18, 1:32 PM

	Unknown Object (File)
	Sat, Apr 18, 11:40 AM

Subscribers

Details

Reviewers

kib
markj

Summary

The virtio_p9fs module event handler can be invoked multiple times.
Previously, this caused p9_init_zones() and p9_register_trans() to be
executed multiple times, leaking UMA zones and corrupting the transport
list. During module unload, p9_destroy_zones() was also called multiple
times on the same zone pointers, triggering a duplicate free kernel panic
in uma_zdestroy().

This patch introduces a static reference counter in vt9p_modevent() to
ensure the zones and transports are only initialized and destroyed exactly
once, aligning with the approach used by other virtio drivers like vtnet.

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Passed

Unit

No Test Coverage

Build Status

Buildable 72318
Build 69201: arc lint + arc unit

Event Timeline

arichardson created this revision.Sat, Apr 18, 6:00 AM

Herald added a subscriber: imp. · View Herald TranscriptSat, Apr 18, 6:00 AM

arichardson requested review of this revision.Sat, Apr 18, 6:00 AM

Harbormaster completed remote builds in B72318: Diff 175820.Sat, Apr 18, 6:00 AM

arichardson added a child revision: D56492: p9fs: Move UMA zone initialization to VFS module lifecycle.Sat, Apr 18, 6:01 AM

kib accepted this revision.Sat, Apr 18, 7:51 PM

This revision is now accepted and ready to land.Sat, Apr 18, 7:51 PM

Revision Contents
Changeset List

Path

Size

sys/

dev/

virtio/

p9fs/

12 lines

Diff 175820

sys/dev/virtio/p9fs/virtio_p9fs.c

Loading...