shithub: riscv

Download patch

ref: e823ddb3b0703e034615fc8c62fdec0d5924e649
parent: 72be22cd3ad8236dba47d3c56d1ba8af5b16a1c2
author: cinap_lenrek <[email protected]>
date: Tue Jan 27 17:14:26 EST 2015

devmnt: handle rpc buffer exhaustion on mntflushalloc()

this bug happens when the kernel runs out of mount rpc
buffers when allocating a flush rpc. in this case, mntflushalloc()
will errorjump out of mountio() leaving the currently in
flight rpc in the mount. the caller of mountrpc()/mountio()
frees the rpc thats still queued in the mount leaving
to interesting results.

for the fix, we add a waserror() arround mntflushalloc() and
handle the error case like a mount rpc failure which will
properly dequeue the rpc's in flight.

--- a/sys/src/9/port/devmnt.c
+++ b/sys/src/9/port/devmnt.c
@@ -774,7 +774,7 @@
 	while(waserror()) {
 		if(m->rip == up)
 			mntgate(m);
-		if(strcmp(up->errstr, Eintr) != 0){
+		if(strcmp(up->errstr, Eintr) != 0 || waserror()){
 			r = mntflushfree(m, r);
 			switch(r->request.type){
 			case Tremove:
@@ -786,6 +786,7 @@
 			nexterror();
 		}
 		r = mntflushalloc(r, m->msize);
+		poperror();
 	}
 
 	lock(m);