From mboxrd@z Thu Jan  1 00:00:00 1970
From: erik quanstrom <quanstro@quanstro.net>
Date: Wed, 22 Aug 2012 21:53:47 -0400
To: 9fans@9fans.net
Message-ID: <2558025d29ad87b629bc88c6e6a043a3@kw.quanstro.net>
In-Reply-To: <9ddaa75136b16893053c2f5958d0b064@rei2.9hal>
References: <9ddaa75136b16893053c2f5958d0b064@rei2.9hal>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
Subject: Re: [9fans] devmnt crash, fix.
Topicbox-Message-UUID: ae3876ae-ead7-11e9-9d60-3106f5b1d025

On Wed Aug 22 19:33:52 EDT 2012, cinap_lenrek@gmx.de wrote:
> i think we'r seeing exactly what russ described on 9fans here:
>
> http://9fans.net/archive/2011/02/358
>
> after we set q->done = 1; (the unlock of m probably doesnt even
> matter) it might be possible for mountio()'s sleep() call to return
> immidiately and return, freeing the rpc before mountmux()
> on another proc/cpu even call wakeup() and potentialy hitting freed
> memory.

devaoe (9atom version) deals with a similar problem.  see strategy().

- erik