Date: Mon, 21 May 2001 01:44:16 -0700 From: Dima Dorfman <dima@unixfreak.org> To: David Malone <dwmalone@maths.tcd.ie> Cc: mheffner@vt.edu, freebsd-current@freebsd.org, alfred@freebsd.org Subject: Re: panic: mutex vm not owned Message-ID: <20010521084416.6E9763E28@bazooka.unixfreak.org> In-Reply-To: <200105210920.aa71413@salmon.maths.tcd.ie>; from dwmalone@maths.tcd.ie on "Mon, 21 May 2001 09:20:31 %2B0100"
next in thread | previous in thread | raw e-mail | index | archive | help
David Malone <dwmalone@maths.tcd.ie> writes:
> > Please try the attached patch. I make no claims of its correctness,
> > but this e-mail is coming to you via X on -current updated a few hours
> > ago so it works here :-).
>
> I tried Dima's patch (the one which Alfred has committed) and I
> get an earlier mutex recursion panic, probably when a local progam
> that uses shm forks and exits. I scribbled down this trace from
> it:
Is there such a program in the base system?
> panic+0x70
> _mtx_assert+0x67
> lockmgr+0xdc
> vm_map_remove+0x42
> shm_delete_mapping+0xe1
> shmexit_myhook+0x29
> exit1+0x9eb
> exit1
>
> So it looks like those routines are sometime called with the mutex
> already held.
exit1 calls shmexit with vm_mtx held on line 228 of kern_exit.c
(rev. 1.127). Actually, shmexit_myhook should always be called with
vm_mtx held, so shm_delete_mapping can't assume it isn't held.
Attached is an untested patch to try to fix this. It's almost 02:00
here and I have to head to bed, but it may work for you. At least it
may be a starting point for someone.
Hope this helps,
Dima Dorfman
dima@unixfreak.org
Index: sysv_shm.c
===================================================================
RCS file: /stl/src/FreeBSD/src/sys/kern/sysv_shm.c,v
retrieving revision 1.56
diff -u -r1.56 sysv_shm.c
--- sysv_shm.c 2001/05/19 01:28:03 1.56
+++ sysv_shm.c 2001/05/21 08:41:29
@@ -200,6 +206,8 @@
int segnum, result;
size_t size;
+ /* for vm_map_remove */
+ mtx_assert(&vm_mtx, MA_OWNED);
segnum = IPCID_TO_IX(shmmap_s->shmid);
shmseg = &shmsegs[segnum];
size = round_page(shmseg->shm_segsz);
@@ -229,6 +237,7 @@
{
struct shmmap_state *shmmap_s;
int i;
+ int error;
if (!jail_sysvipc_allowed && jailed(p->p_ucred))
return (ENOSYS);
@@ -242,7 +251,10 @@
break;
if (i == shminfo.shmseg)
return EINVAL;
- return shm_delete_mapping(p, shmmap_s);
+ mtx_lock(&vm_mtx);
+ error = shm_delete_mapping(p, shmmap_s);
+ mtx_unlock(&vm_mtx);
+ return error;
}
#ifndef _SYS_SYSPROTO_H_
@@ -659,6 +671,8 @@
struct shmmap_state *shmmap_s;
int i;
+ /* shm_delete_mappings requires this */
+ mtx_assert(&vm_mtx, MA_OWNED);
shmmap_s = (struct shmmap_state *)p->p_vmspace->vm_shm;
for (i = 0; i < shminfo.shmseg; i++, shmmap_s++)
if (shmmap_s->shmid != -1)
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010521084416.6E9763E28>