- Remove extraneous vhold()
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Advanced Search
Jul 3 2023
Jun 22 2023
Jun 20 2023
- Return the write sequence on coveredvp to the correct place, replace
Jun 19 2023
Right now this change is just a proposal. I've successfully run the unionfs and nullfs stress2 tests against it, and have also been running it on my -current machine for the last couple of months.
Of course it's entirely possible I've missed something that would make this change unworkable. But if you guys think this approach has merit, then I'll finish this patch by doing the following:
May 7 2023
May 6 2023
May 2 2023
May 1 2023
Apr 24 2023
Apr 23 2023
Apr 18 2023
Apr 10 2023
Mar 28 2023
- vfs_lookup(): re-check v_mountedhere on lock upgrade
In D39272#894822, @jah wrote:In D39272#894669, @pho wrote:I ran into this problem:
Fatal trap 12: page fault while in kernel mode cpuid = 2; apic id = 02 fault virtual address = 0x10 fault code = supervisor read data, page not present instruction pointer = 0x20:0xffffffff82753417 stack pointer = 0x0:0xfffffe01438a8a80 frame pointer = 0x0:0xfffffe01438a8aa0 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 2382 (find) rdi: fffffe015b22d700 rsi: 82000 rdx: fffffe01438a8ad8 rcx: 1 r8: 246 r9: 40000 rax: 0 rbx: fffffe015b22d700 rbp: fffffe01438a8aa0 r10: 1 r11: 0 r12: 80000 r13: fffffe01599802c0 r14: fffffe01438a8ad8 r15: 82000 trap number = 12 panic: page fault cpuid = 2 time = 1679981682 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe01438a8840 vpanic() at vpanic+0x152/frame 0xfffffe01438a8890 panic() at panic+0x43/frame 0xfffffe01438a88f0 trap_fatal() at trap_fatal+0x409/frame 0xfffffe01438a8950 trap_pfault() at trap_pfault+0xab/frame 0xfffffe01438a89b0 calltrap() at calltrap+0x8/frame 0xfffffe01438a89b0 --- trap 0xc, rip = 0xffffffff82753417, rsp = 0xfffffe01438a8a80, rbp = 0xfffffe01438a8aa0 --- unionfs_root() at unionfs_root+0x17/frame 0xfffffe01438a8aa0 vfs_lookup() at vfs_lookup+0x92a/frame 0xfffffe01438a8b40 namei() at namei+0x340/frame 0xfffffe01438a8bc0 kern_statat() at kern_statat+0x12f/frame 0xfffffe01438a8d00 sys_fstatat() at sys_fstatat+0x2f/frame 0xfffffe01438a8e00 amd64_syscall() at amd64_syscall+0x15a/frame 0xfffffe01438a8f30 fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe01438a8f30 --- syscall (552, FreeBSD ELF64, fstatat), rip = 0x1e9fa9c98, rbp = 0x1e9fa1989db0 ---https://people.freebsd.org/~pho/stress/log/log0429.txt
PS
The BIOS and IPMI firmware was just updated on this test box, but the page fault seems legit to me?Hmm. I'm probably missing something, but on initial investigation the panic doesn't seem to make sense.
It really looks as though unionfs_root() is seeing a partially constructed mount object: mp has the unionfs ops vector, but mnt_data is NULL (thus the page fault) and the stat object's fsid is 0.
This is consistent with the mount object state that would exist partway through unionfs_domount(), or if unionfs_domount() failed due to failure of unionfs_nodeget() or vfs_register_upper_from_vp(). There is another thread that appears to be partway through unionfs_domount(), and mp's busy count (mnt_lockref) of 2 is consistent with these 2 threads.
What doesn't make sense is how vfs_lookup() could observe a mount object in this state in the first place; vfs_domount_first() doesn't set coveredvp->v_mountedhere until after successful completion of VFS_MOUNT(), and it does so with coveredvp locked exclusive to avoid racing vfs_lookup().Some things to note:
--Besides a couple of added comments, this is the same patch you tested successfully at the end of January.
--Since then, I have found a couple of bugs in the cleanup logic in unionfs_domount() and unionfs_nodeget(), which I'll post in a separate review after this one, but I don't think they would explain this behavior.
--There does appear to be a third thread calling dounmount() and blocked on an FFS lock, but it's unclear if that has any impact on the crash.
In D39272#894669, @pho wrote:I ran into this problem:
Fatal trap 12: page fault while in kernel mode cpuid = 2; apic id = 02 fault virtual address = 0x10 fault code = supervisor read data, page not present instruction pointer = 0x20:0xffffffff82753417 stack pointer = 0x0:0xfffffe01438a8a80 frame pointer = 0x0:0xfffffe01438a8aa0 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 2382 (find) rdi: fffffe015b22d700 rsi: 82000 rdx: fffffe01438a8ad8 rcx: 1 r8: 246 r9: 40000 rax: 0 rbx: fffffe015b22d700 rbp: fffffe01438a8aa0 r10: 1 r11: 0 r12: 80000 r13: fffffe01599802c0 r14: fffffe01438a8ad8 r15: 82000 trap number = 12 panic: page fault cpuid = 2 time = 1679981682 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe01438a8840 vpanic() at vpanic+0x152/frame 0xfffffe01438a8890 panic() at panic+0x43/frame 0xfffffe01438a88f0 trap_fatal() at trap_fatal+0x409/frame 0xfffffe01438a8950 trap_pfault() at trap_pfault+0xab/frame 0xfffffe01438a89b0 calltrap() at calltrap+0x8/frame 0xfffffe01438a89b0 --- trap 0xc, rip = 0xffffffff82753417, rsp = 0xfffffe01438a8a80, rbp = 0xfffffe01438a8aa0 --- unionfs_root() at unionfs_root+0x17/frame 0xfffffe01438a8aa0 vfs_lookup() at vfs_lookup+0x92a/frame 0xfffffe01438a8b40 namei() at namei+0x340/frame 0xfffffe01438a8bc0 kern_statat() at kern_statat+0x12f/frame 0xfffffe01438a8d00 sys_fstatat() at sys_fstatat+0x2f/frame 0xfffffe01438a8e00 amd64_syscall() at amd64_syscall+0x15a/frame 0xfffffe01438a8f30 fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe01438a8f30 --- syscall (552, FreeBSD ELF64, fstatat), rip = 0x1e9fa9c98, rbp = 0x1e9fa1989db0 ---https://people.freebsd.org/~pho/stress/log/log0429.txt
PS
The BIOS and IPMI firmware was just updated on this test box, but the page fault seems legit to me?
Mar 26 2023
In D39272#894131, @kib wrote:For VOP_MKDIR() change. Please note that almost any VOP modifying metadata could drop the vnode lock. The list is like VOP_CREAT(), VOP_LINK(), VOP_REMOVE(), VOP_WHITEOUT(), VOP_RMDIR(), VOP_MAKEINODE(), VOP_RENAME().
Feb 10 2023
Jan 19 2023
Jan 16 2023
In D38091#865308, @kib wrote:Could you please show an example of the new output?
Dec 11 2022
Nov 22 2022
Style
Oct 29 2022
Oct 28 2022
Oops, I didn't realize that the mount path doesn't hold the covered vnode lock while updating the relevant fields.
It looks as though the unmount path does hold the lock across the relevant operations, so we should be safe from these fields being cleared out from under us, correct?
Would it make sense to add a comment here to that effect?
Oct 27 2022
Oct 21 2022
Apologies for letting this review stall, $WORK got in the way in a big way for a while.
I've rebased, incorporated some of @mjg's optimization suggestions, and retested.
Fix wording in comment, incoporate some suggested performance optimizations
Sep 21 2022
Aug 13 2022
Style
Aug 5 2022
Remove remaining WITNESS directives and no-longer used variables
Jul 29 2022
Jul 27 2022
Is the idea here to proactively update the DRIVER_MODULE because the devclass compat shims will be removed in a future version, or was there some build error on 14?
Jul 25 2022
- Fix typo, restore support for LK_INTERLOCK on vp_crossmp
Jul 20 2022
Jul 19 2022
- Replace runtime check with KASSERT, add comment on CROSSLOCK behavior
Jun 28 2022
Jun 14 2022
Jun 10 2022
May 15 2022
Apr 26 2022
Apr 25 2022
I don't really like this change, it feels like a hack to me. At the same time, I don't have another idea that seems clearly better, so I thought I would post this to at least start a discussion.
Mar 9 2022
Feb 26 2022
Feb 25 2022
Feb 24 2022
Feb 18 2022
prune whitespace
Remove unnecessary MNT_RDONLY check
Feb 17 2022
Return EACCES if we can't find a suitable upper vnode; add comments and assertion