Date: Thu, 3 Apr 1997 01:48:16 +0200 (MET DST) From: Tor Egge <Tor.Egge@idi.ntnu.no> To: FreeBSD-gnats-submit@freebsd.org Subject: kern/3180: mlock() causes panic: lockmgr: upgrade exclusive lock Message-ID: <199704022348.BAA02775@ikke.idt.unit.no> Resent-Message-ID: <199704022350.PAA07010@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 3180
>Category: kern
>Synopsis: mlock() causes panic: lockmgr: upgrade exclusive lock
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Wed Apr 2 15:50:03 PST 1997
>Last-Modified:
>Originator: Tor Egge
>Organization:
Norwegian University of Science and Technology, Trondheim, Norway
>Release: FreeBSD 3.0-CURRENT i386
>Environment:
FreeBSD ikke.idt.unit.no 3.0-CURRENT FreeBSD 3.0-CURRENT #5: Thu Apr 3 00:28:21 MET DST 1997 root@ikke.idt.unit.no:/usr/src/sys/compile/TEGGE i386
>Description:
lockmgr is called with wrong arguments in vm_map_user_pageable.
The first call will cause a panic: lockmgr: upgrade exclusive lock,
since we already have an exclusive lock.
The second call will cause a panic: lockmgr: not holding exclusive lock, due to
the lock having been silently downgraded to a shared lock as a side effect of
the call to vm_fault_user_wire.
>How-To-Repeat:
Use the mlock() system call with valid parameters in a program.
>Fix:
Index: vm_map.c
===================================================================
RCS file: /home/ncvs/src/sys/vm/vm_map.c,v
retrieving revision 1.72
diff -u -r1.72 vm_map.c
--- vm_map.c 1997/02/22 09:48:23 1.72
+++ vm_map.c 1997/04/02 22:16:53
@@ -1443,19 +1443,8 @@
/* First we need to allow map modifications */
vm_map_set_recursive(map);
- if (lockmgr(&map->lock, LK_EXCLUPGRADE,
- (void *)0, curproc)) {
- entry->wired_count--;
- entry->eflags &= ~MAP_ENTRY_USER_WIRED;
-
- vm_map_clear_recursive(map);
- vm_map_unlock(map);
+ lockmgr(&map->lock, LK_DOWNGRADE,(void *)0, curproc);
- (void) vm_map_user_pageable(map, start, entry->start, TRUE);
- return rv;
- }
-
-
rv = vm_fault_user_wire(map, entry->start, entry->end);
if (rv) {
@@ -1470,7 +1459,7 @@
}
vm_map_clear_recursive(map);
- lockmgr(&map->lock, LK_DOWNGRADE, (void *)0, curproc);
+ lockmgr(&map->lock, LK_UPGRADE, (void *)0, curproc);
goto rescan;
}
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199704022348.BAA02775>