[DragonFlyBSD - Bug #2276] umount mfs crash - Fatal trap 12

[Venkatesh Srinivas via Redmine <bugtracker-admin@xxxxxxxxxxxxxxxxxxxxx>]

Issue #2276 has been updated by Venkatesh Srinivas.


Here's the problem:

MFS's mfs_start() routine is not like other filesystems; the userland mount_mfs enters the mfs_start routine and processes copyin/copyout requests to transfer data into its userland mmap-ed region. When it returns after either being signalled or the filesystem being unmounted, the mount structure is not valid.

Unfortunately, sys_unmount() already kfree-d the mount structure; both the accounting init and MPUNLOCK(mp) in vfs_vfsops.c:vfs_start() are not safe; they are accessing the mountpoint after it is freed.
----------------------------------------
Bug #2276: umount mfs crash - Fatal trap 12
http://bugs.dragonflybsd.org/issues/2276

Author: Thomas Nikolajsen
Status: New
Priority: Normal
Assignee: 
Category: 
Target version: 


Using fresh master (January 17th 2012),
umount of mfs mount crashes system.

This happens every time; core dump avail on request.

 -thomas
-
Fatal trap 12: page fault while in kernel mode
..
> trace
vfs_start()
sys_mount()


-- 
You have received this notification because you have either subscribed to it, or are involved in it.
To change your notification preferences, please click here: http://bugs.dragonflybsd.org/my/account