From owner-freebsd-current Mon May 21 13:37:21 2001 Delivered-To: freebsd-current@freebsd.org Received: from salmon.maths.tcd.ie (salmon.maths.tcd.ie [134.226.81.11]) by hub.freebsd.org (Postfix) with SMTP id 7C8AD37B422; Mon, 21 May 2001 13:37:16 -0700 (PDT) (envelope-from dwmalone@maths.tcd.ie) Received: from walton.maths.tcd.ie by salmon.maths.tcd.ie with SMTP id ; 21 May 2001 21:37:15 +0100 (BST) Date: Mon, 21 May 2001 21:37:14 +0100 From: David Malone To: Dima Dorfman Cc: mheffner@vt.edu, freebsd-current@freebsd.org, alfred@freebsd.org Subject: Re: panic: mutex vm not owned Message-ID: <20010521213714.A54189@walton.maths.tcd.ie> References: <200105210920.aa71413@salmon.maths.tcd.ie> <20010521084416.6E9763E28@bazooka.unixfreak.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010521084416.6E9763E28@bazooka.unixfreak.org>; from dima@unixfreak.org on Mon, May 21, 2001 at 01:44:16AM -0700 Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Mon, May 21, 2001 at 01:44:16AM -0700, Dima Dorfman wrote: > exit1 calls shmexit with vm_mtx held on line 228 of kern_exit.c > (rev. 1.127). Actually, shmexit_myhook should always be called with > vm_mtx held, so shm_delete_mapping can't assume it isn't held. The following seems to work. It's basically your patch, but it removes the patch which was originally committed, adds an extra assert, expands on one comment and grabs a mutex in one place it seemed to be needed after removing the others. David. Index: sysv_shm.c =================================================================== RCS file: /cvs/FreeBSD-CVS/src/sys/kern/sysv_shm.c,v retrieving revision 1.58 diff -u -r1.58 sysv_shm.c --- sysv_shm.c 2001/05/21 18:52:02 1.58 +++ sysv_shm.c 2001/05/21 20:24:03 @@ -181,10 +181,10 @@ struct shm_handle *shm_handle; size_t size; + /* for vm_object_deallocate */ + mtx_assert(&vm_mtx, MA_OWNED); shm_handle = shmseg->shm_internal; - mtx_lock(&vm_mtx); vm_object_deallocate(shm_handle->shm_object); - mtx_unlock(&vm_mtx); free((caddr_t)shm_handle, M_SHM); shmseg->shm_internal = NULL; size = round_page(shmseg->shm_segsz); @@ -202,12 +202,12 @@ int segnum, result; size_t size; + /* for vm_map_remove and shm_deallocate_segment */ + mtx_assert(&vm_mtx, MA_OWNED); segnum = IPCID_TO_IX(shmmap_s->shmid); shmseg = &shmsegs[segnum]; size = round_page(shmseg->shm_segsz); - mtx_lock(&vm_mtx); result = vm_map_remove(&p->p_vmspace->vm_map, shmmap_s->va, shmmap_s->va + size); - mtx_unlock(&vm_mtx); if (result != KERN_SUCCESS) return EINVAL; shmmap_s->shmid = -1; @@ -233,6 +233,7 @@ { struct shmmap_state *shmmap_s; int i; + int error; if (!jail_sysvipc_allowed && jailed(p->p_ucred)) return (ENOSYS); @@ -246,7 +247,10 @@ break; if (i == shminfo.shmseg) return EINVAL; - return shm_delete_mapping(p, shmmap_s); + mtx_lock(&vm_mtx); + error = shm_delete_mapping(p, shmmap_s); + mtx_unlock(&vm_mtx); + return error; } #ifndef _SYS_SYSPROTO_H_ @@ -455,7 +459,9 @@ shmseg->shm_perm.key = IPC_PRIVATE; shmseg->shm_perm.mode |= SHMSEG_REMOVED; if (shmseg->shm_nattch <= 0) { + mtx_lock(&vm_mtx); shm_deallocate_segment(shmseg); + mtx_unlock(&vm_mtx); shm_last_free = IPCID_TO_IX(uap->shmid); } break; @@ -663,6 +669,8 @@ struct shmmap_state *shmmap_s; int i; + /* shm_delete_mappings requires this */ + mtx_assert(&vm_mtx, MA_OWNED); shmmap_s = (struct shmmap_state *)p->p_vmspace->vm_shm; for (i = 0; i < shminfo.shmseg; i++, shmmap_s++) if (shmmap_s->shmid != -1) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message