devmnt: handle rpc buffer exhaustion on mntflushalloc()

this bug happens when the kernel runs out of mount rpc
buffers when allocating a flush rpc. in this case, mntflushalloc()
will errorjump out of mountio() leaving the currently in
flight rpc in the mount. the caller of mountrpc()/mountio()
frees the rpc thats still queued in the mount leaving
to interesting results.

for the fix, we add a waserror() arround mntflushalloc() and
handle the error case like a mount rpc failure which will
properly dequeue the rpc's in flight.

diff --git a/sys/src/9/port/devmnt.c b/sys/src/9/port/devmnt.c
index 9c34700681fca240fe850c1f97a34c3628e71016..5ed55b3fbfb15e275e72636be6a387877ce7a27e 100644 (file)
--- a/sys/src/9/port/devmnt.c
+++ b/sys/src/9/port/devmnt.c
@@ -774,7 +774,7 @@ mountio(Mnt *m, Mntrpc *r)
        while(waserror()) {
                if(m->rip == up)
                        mntgate(m);
-               if(strcmp(up->errstr, Eintr) != 0){
+               if(strcmp(up->errstr, Eintr) != 0 || waserror()){
                        r = mntflushfree(m, r);
                        switch(r->request.type){
                        case Tremove:
@@ -786,6 +786,7 @@ mountio(Mnt *m, Mntrpc *r)
                        nexterror();
                }
                r = mntflushalloc(r, m->msize);
+               poperror();
        }
 
        lock(m);