Date: Mon, 21 May 2001 21:37:14 +0100 From: David Malone <dwmalone@maths.tcd.ie> To: Dima Dorfman <dima@unixfreak.org> Cc: mheffner@vt.edu, freebsd-current@freebsd.org, alfred@freebsd.org Subject: Re: panic: mutex vm not owned Message-ID: <20010521213714.A54189@walton.maths.tcd.ie> In-Reply-To: <20010521084416.6E9763E28@bazooka.unixfreak.org>; from dima@unixfreak.org on Mon, May 21, 2001 at 01:44:16AM -0700 References: <200105210920.aa71413@salmon.maths.tcd.ie> <20010521084416.6E9763E28@bazooka.unixfreak.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, May 21, 2001 at 01:44:16AM -0700, Dima Dorfman wrote:
> exit1 calls shmexit with vm_mtx held on line 228 of kern_exit.c
> (rev. 1.127). Actually, shmexit_myhook should always be called with
> vm_mtx held, so shm_delete_mapping can't assume it isn't held.
The following seems to work. It's basically your patch, but it
removes the patch which was originally committed, adds an extra
assert, expands on one comment and grabs a mutex in one place
it seemed to be needed after removing the others.
David.
Index: sysv_shm.c
===================================================================
RCS file: /cvs/FreeBSD-CVS/src/sys/kern/sysv_shm.c,v
retrieving revision 1.58
diff -u -r1.58 sysv_shm.c
--- sysv_shm.c 2001/05/21 18:52:02 1.58
+++ sysv_shm.c 2001/05/21 20:24:03
@@ -181,10 +181,10 @@
struct shm_handle *shm_handle;
size_t size;
+ /* for vm_object_deallocate */
+ mtx_assert(&vm_mtx, MA_OWNED);
shm_handle = shmseg->shm_internal;
- mtx_lock(&vm_mtx);
vm_object_deallocate(shm_handle->shm_object);
- mtx_unlock(&vm_mtx);
free((caddr_t)shm_handle, M_SHM);
shmseg->shm_internal = NULL;
size = round_page(shmseg->shm_segsz);
@@ -202,12 +202,12 @@
int segnum, result;
size_t size;
+ /* for vm_map_remove and shm_deallocate_segment */
+ mtx_assert(&vm_mtx, MA_OWNED);
segnum = IPCID_TO_IX(shmmap_s->shmid);
shmseg = &shmsegs[segnum];
size = round_page(shmseg->shm_segsz);
- mtx_lock(&vm_mtx);
result = vm_map_remove(&p->p_vmspace->vm_map, shmmap_s->va, shmmap_s->va + size);
- mtx_unlock(&vm_mtx);
if (result != KERN_SUCCESS)
return EINVAL;
shmmap_s->shmid = -1;
@@ -233,6 +233,7 @@
{
struct shmmap_state *shmmap_s;
int i;
+ int error;
if (!jail_sysvipc_allowed && jailed(p->p_ucred))
return (ENOSYS);
@@ -246,7 +247,10 @@
break;
if (i == shminfo.shmseg)
return EINVAL;
- return shm_delete_mapping(p, shmmap_s);
+ mtx_lock(&vm_mtx);
+ error = shm_delete_mapping(p, shmmap_s);
+ mtx_unlock(&vm_mtx);
+ return error;
}
#ifndef _SYS_SYSPROTO_H_
@@ -455,7 +459,9 @@
shmseg->shm_perm.key = IPC_PRIVATE;
shmseg->shm_perm.mode |= SHMSEG_REMOVED;
if (shmseg->shm_nattch <= 0) {
+ mtx_lock(&vm_mtx);
shm_deallocate_segment(shmseg);
+ mtx_unlock(&vm_mtx);
shm_last_free = IPCID_TO_IX(uap->shmid);
}
break;
@@ -663,6 +669,8 @@
struct shmmap_state *shmmap_s;
int i;
+ /* shm_delete_mappings requires this */
+ mtx_assert(&vm_mtx, MA_OWNED);
shmmap_s = (struct shmmap_state *)p->p_vmspace->vm_shm;
for (i = 0; i < shminfo.shmseg; i++, shmmap_s++)
if (shmmap_s->shmid != -1)
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010521213714.A54189>