[DragonFlyBSD - Bug #2276] umount mfs crash - Fatal trap 12
Venkatesh Srinivas via Redmine
bugtracker-admin at leaf.dragonflybsd.org
Thu Feb 16 05:54:56 PST 2012
Issue #2276 has been updated by Venkatesh Srinivas.
Here's the problem:
MFS's mfs_start() routine is not like other filesystems; the userland mount_mfs enters the mfs_start routine and processes copyin/copyout requests to transfer data into its userland mmap-ed region. When it returns after either being signalled or the filesystem being unmounted, the mount structure is not valid.
Unfortunately, sys_unmount() already kfree-d the mount structure; both the accounting init and MPUNLOCK(mp) in vfs_vfsops.c:vfs_start() are not safe; they are accessing the mountpoint after it is freed.
Bug #2276: umount mfs crash - Fatal trap 12
Author: Thomas Nikolajsen
Using fresh master (January 17th 2012),
umount of mfs mount crashes system.
This happens every time; core dump avail on request.
Fatal trap 12: page fault while in kernel mode
You have received this notification because you have either subscribed to it, or are involved in it.
To change your notification preferences, please click here: http://bugs.dragonflybsd.org/my/account
More information about the Bugs