Date: Fri, 12 Nov 2004 11:10:11 -0600 (CST) From: Mike Silbersack <silby@silby.com> To: Robert Watson <rwatson@FreeBSD.org> Cc: current@FreeBSD.org Subject: Re: Race in pipe tear-down, perhaps kqueue-related? (was: Re: Fatal trap , 12: page fault in kern/kern_mutex.c:744) Message-ID: <20041112110924.W90223@odysseus.silby.com> In-Reply-To: <Pine.NEB.3.96L.1041112120318.20686E-100000@fledge.watson.org> References: <Pine.NEB.3.96L.1041112120318.20686E-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 12 Nov 2004, Robert Watson wrote: > This looks like a bug in the pipe code where-in a partially initialized > pipe is free'd due to memory allocation problems (hitting a resource > limit). pipeclose() is called when pipe_create() fails on one of the two > pipe endpoints, but it looks like pipeclose() is unprepared for the > eventuality that this is the case, as it attempts to generate wakeup > events on the pipe endpoint using pipeselwakeup(), which is not the right > thing to do while the pipe is not yet initialized. Maybe we need a > special pipeclose() tear-down path that doesn't assume the pipe has > already been fully initialized? > > Robert N M Watson FreeBSD Core Team, TrustedBSD Projects > robert@fledge.watson.org Principal Research Scientist, McAfee Research I'll take a look into this over the weekend. Mike "Silby" Silbersack
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041112110924.W90223>