Date: Sat, 25 Jan 2003 18:34:06 +0000 From: "Peter Edwards" <pmedwards@eircom.net> To: freebsd-current@freebsd.org Subject: Opening /dev/tty in session leader after controlling terminal is revoked causes panic. Message-ID: <20030125183411.997FE43F43@mx1.FreeBSD.org>
next in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format.
---------3K5K4NHDM57INZZ7J97H8123
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
Attached is a panic and patch a patch for the problem in the Subject line.
The problem is in kern/tty_tty.c:ctty_clone. It's assuming that if the process
has its P_CONTROLT flag set, then it's session has a valid vnode for it's
controlling terminal. This doesn't hold if the terminal was revoked.
Cheers,
Peter Edwards.
---------3K5K4NHDM57INZZ7J97H8123
Content-Type: text/plain
Content-Disposition: attachment; filename="gdb.txt"
GNU gdb 5.2.1 (FreeBSD)
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-undermydesk-freebsd"...
panic: bdwrite: buffer is not busy
panic messages:
---
Fatal trap 12: page fault while in kernel mode
fault virtual address = 0x88
fault code = supervisor read, page not present
instruction pointer = 0x8:0xc020795a
stack pointer = 0x10:0xcdd7e7b8
frame pointer = 0x10:0xcdd7e7c8
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 986 (mozilla-bin)
trap number = 12
panic: page fault
syncing disks, buffers remaining... panic: bdwrite: buffer is not busy
Uptime: 20h40m24s
Dumping 256 MB
ata0: resetting devices ..
done
16 32 48 64 80 96 112 128 144 160 176 192[CTRL-C to abort] 208 224 240
---
#0 doadump () at /pub/FreeBSD/current/src/sys/kern/kern_shutdown.c:232
232 dumping++;
(kgdb) p/a 0xc020795a
$1 = 0xc020795a <ctty_clone+74>
(kgdb) bt
#0 doadump () at /pub/FreeBSD/current/src/sys/kern/kern_shutdown.c:232
#1 0xc01d1969 in boot (howto=260) at /pub/FreeBSD/current/src/sys/kern/kern_shutdown.c:364
#2 0xc01d1bc3 in panic () at /pub/FreeBSD/current/src/sys/kern/kern_shutdown.c:531
#3 0xc0214ea0 in bdwrite (bp=0xc7783bf0) at /pub/FreeBSD/current/src/sys/kern/vfs_bio.c:955
#4 0xc028abab in ffs_update (vp=0xc27d3b18, waitfor=0)
at /pub/FreeBSD/current/src/sys/ufs/ffs/ffs_inode.c:125
#5 0xc029f62f in ffs_fsync (ap=0xcdd7e5c0) at
/pub/FreeBSD/current/src/sys/ufs/ffs/ffs_vnops.c:315
#6 0xc029e5f7 in ffs_sync (mp=0xc2691000, waitfor=2, cred=0xc0eb6e80, td=0xc034f000)
at vnode_if.h:612
#7 0xc022a7db in sync (td=0xc034f000, uap=0x0)
at /pub/FreeBSD/current/src/sys/kern/vfs_syscalls.c:138
#8 0xc01d154c in boot (howto=256) at /pub/FreeBSD/current/src/sys/kern/kern_shutdown.c:273
#9 0xc01d1bc3 in panic () at /pub/FreeBSD/current/src/sys/kern/kern_shutdown.c:531
#10 0xc02f9c42 in trap_fatal (frame=0xcdd7e778, eva=0)
at /pub/FreeBSD/current/src/sys/i386/i386/trap.c:844
#11 0xc02f9922 in trap_pfault (frame=0xcdd7e778, usermode=0, eva=136)
at /pub/FreeBSD/current/src/sys/i386/i386/trap.c:758
#12 0xc02f93f0 in trap (frame=
{tf_fs = -841547752, tf_es = -841547760, tf_ds = -1069416432, tf_edi = -1033343948, tf_esi
= -
841487372, tf_ebp = -841488440, tf_isp = -841488476, tf_ebx = -841488376, tf_edx = -841488260,
tf_ec
x = -1070401078, tf_eax = 0, tf_trapno = 12, tf_err = 0, tf_eip = -1071613606, tf_cs = 8,
tf_eflags
= 66050, tf_esp = -841488264, tf_ss = -1070401082})
at /pub/FreeBSD/current/src/sys/i386/i386/trap.c:445
#13 0xc02e94a8 in calltrap () at {standard input}:98
#14 0xc0195f38 in devfs_lookupx (ap=0x0) at
/pub/FreeBSD/current/src/sys/fs/devfs/devfs_vnops.c:382
#15 0xc01961db in devfs_lookup (ap=0xcdd7e914)
at /pub/FreeBSD/current/src/sys/fs/devfs/devfs_vnops.c:448
#16 0xc021ed12 in lookup (ndp=0xcdd7ebcc) at vnode_if.h:52
#17 0xc021e71b in namei (ndp=0xcdd7ebcc) at /pub/FreeBSD/current/src/sys/kern/vfs_lookup.c:181
#18 0xc0231eb9 in vn_open_cred (ndp=0xcdd7ebcc, flagp=0xcdd7eccc, cmode=420, cred=0xc2afb500)
at /pub/FreeBSD/current/src/sys/kern/vfs_vnops.c:122
#19 0xc0231e59 in vn_open (ndp=0x0, flagp=0x0, cmode=0)
at /pub/FreeBSD/current/src/sys/kern/vfs_vnops.c:86
#20 0xc022b683 in kern_open (td=0xc264d8c0, path=0x0, pathseg=UIO_USERSPACE, flags=1538,
mode=438)
at /pub/FreeBSD/current/src/sys/kern/vfs_syscalls.c:662
#21 0xc022b490 in open (td=0x0, uap=0x0) at /pub/FreeBSD/current/src/sys/kern/vfs_syscalls.c:625
#22 0xc02f9f6a in syscall (frame=
{tf_fs = -65489, tf_es = -1078001617, tf_ds = -1078001617, tf_edi = 703138768, tf_esi =
678015
352, tf_ebp = -1077956120, tf_isp = -841486988, tf_ebx = 677213476, tf_edx = 1537, tf_ecx =
67801535
2, tf_eax = 5, tf_trapno = 12, tf_err = 2, tf_eip = 677550019, tf_cs = 31, tf_eflags = 518,
tf_esp =
-1077956148, tf_ss = 47}) at /pub/FreeBSD/current/src/sys/i386/i386/trap.c:1033
#23 0xc02e94fd in Xint0x80_syscall () at {standard input}:140
---Can't read userspace from dump, or kernel process---
(kgdb) disas ctty_clone
Dump of assembler code for function ctty_clone:
0xc0207910 <ctty_clone>: push %ebp
0xc0207911 <ctty_clone+1>: mov %esp,%ebp
0xc0207913 <ctty_clone+3>: sub $0x10,%esp
0xc0207916 <ctty_clone+6>: mov %ebx,0xfffffffc(%ebp)
0xc0207919 <ctty_clone+9>: mov 0x14(%ebp),%ebx
0xc020791c <ctty_clone+12>: cmpl $0xffffffff,(%ebx)
0xc020791f <ctty_clone+15>: jne 0xc0207970 <ctty_clone+96>
0xc0207921 <ctty_clone+17>: movl $0xc032f9c6,0x4(%esp,1)
0xc0207929 <ctty_clone+25>: mov 0xc(%ebp),%eax
0xc020792c <ctty_clone+28>: mov %eax,(%esp,1)
0xc020792f <ctty_clone+31>: call 0xc0234a20 <strcmp>
0xc0207934 <ctty_clone+36>: test %eax,%eax
0xc0207936 <ctty_clone+38>: jne 0xc0207970 <ctty_clone+96>
0xc0207938 <ctty_clone+40>: mov %fs:0x0,%eax
0xc020793e <ctty_clone+46>: mov (%eax),%eax
0xc0207940 <ctty_clone+48>: testb $0x2,0x38(%eax)
0xc0207944 <ctty_clone+52>: je 0xc0207962 <ctty_clone+82>
0xc0207946 <ctty_clone+54>: mov %fs:0x0,%eax
0xc020794c <ctty_clone+60>: mov (%eax),%eax
0xc020794e <ctty_clone+62>: mov 0x15c(%eax),%eax
0xc0207954 <ctty_clone+68>: mov 0xc(%eax),%eax
0xc0207957 <ctty_clone+71>: mov 0x8(%eax),%eax
0xc020795a <ctty_clone+74>: mov 0x88(%eax),%eax
0xc0207960 <ctty_clone+80>: jmp 0xc0207967 <ctty_clone+87>
0xc0207962 <ctty_clone+82>: mov 0xc0381eec,%eax
0xc0207967 <ctty_clone+87>: mov %eax,(%ebx)
0xc0207969 <ctty_clone+89>: lea 0x0(%esi,1),%esi
0xc0207970 <ctty_clone+96>: mov 0xfffffffc(%ebp),%ebx
0xc0207973 <ctty_clone+99>: mov %ebp,%esp
0xc0207975 <ctty_clone+101>: pop %ebp
0xc0207976 <ctty_clone+102>: ret
End of assembler dump.
(kgdb)
---------3K5K4NHDM57INZZ7J97H8123
Content-Type: text/plain
Content-Disposition: attachment; filename="ttypatch.txt"
Index: sys/kern/tty_tty.c
===================================================================
RCS file: /pub/FreeBSD/development/FreeBSD-CVS/src/sys/kern/tty_tty.c,v
retrieving revision 1.46
diff -u -r1.46 tty_tty.c
--- sys/kern/tty_tty.c 19 Jan 2003 11:03:07 -0000 1.46
+++ sys/kern/tty_tty.c 25 Jan 2003 18:22:55 -0000
@@ -66,12 +66,15 @@
ctty_clone(void *arg, char *name, int namelen, dev_t *dev)
{
+ struct proc *p = curthread->td_proc;
+ struct vnode *ttyvp;
+
if (*dev != NODEV)
return;
if (strcmp(name, "tty"))
return;
- if (curthread->td_proc->p_flag & P_CONTROLT)
- *dev = curthread->td_proc->p_session->s_ttyvp->v_rdev;
+ if (p->p_flag & P_CONTROLT && (ttyvp = p->p_session->s_ttyvp) != NULL)
+ *dev = ttyvp->v_rdev;
else
*dev = ctty;
}
---------3K5K4NHDM57INZZ7J97H8123--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030125183411.997FE43F43>