ref: e823ddb3b0703e034615fc8c62fdec0d5924e649
parent: 72be22cd3ad8236dba47d3c56d1ba8af5b16a1c2
author: cinap_lenrek <cinap_lenrek@felloff.net>
date: Tue Jan 27 17:14:26 EST 2015
devmnt: handle rpc buffer exhaustion on mntflushalloc() this bug happens when the kernel runs out of mount rpc buffers when allocating a flush rpc. in this case, mntflushalloc() will errorjump out of mountio() leaving the currently in flight rpc in the mount. the caller of mountrpc()/mountio() frees the rpc thats still queued in the mount leaving to interesting results. for the fix, we add a waserror() arround mntflushalloc() and handle the error case like a mount rpc failure which will properly dequeue the rpc's in flight.
--- a/sys/src/9/port/devmnt.c
+++ b/sys/src/9/port/devmnt.c
@@ -774,7 +774,7 @@
while(waserror()) {if(m->rip == up)
mntgate(m);
- if(strcmp(up->errstr, Eintr) != 0){+ if(strcmp(up->errstr, Eintr) != 0 || waserror()){r = mntflushfree(m, r);
switch(r->request.type){case Tremove:
@@ -786,6 +786,7 @@
nexterror();
}
r = mntflushalloc(r, m->msize);
+ poperror();
}
lock(m);