Date: Sun, 17 Mar 2002 22:17:39 -0800 From: Alfred Perlstein <alfred@freebsd.org> To: Dag-Erling Smorgrav <des@ofug.org> Cc: Kris Kennaway <kris@obsecurity.org>, current@FreeBSD.org, fs@FreeBSD.org Subject: Re: panic: bwrite: buffer is not busy??? Message-ID: <20020318061739.GB894@elvis.mu.org> In-Reply-To: <xzpadt6r1xr.fsf@flood.ping.uio.no> References: <20020317124958.A34008@xor.obsecurity.org> <xzpadt6r1xr.fsf@flood.ping.uio.no>
next in thread | previous in thread | raw e-mail | index | archive | help
* Dag-Erling Smorgrav <des@ofug.org> [020317 19:27] wrote:
>
> ...the process has no open files at all, because...
>
> (kgdb) p p->p_pid
> $4 = 10099
> (kgdb) p p->p_comm
> $5 = "wc\000oot", '\000' <repeats 13 times>
> (kgdb) p p->p_stat
> $6 = 3
> (kgdb) p/x p->p_flag
> $7 = 0x6000
>
> ...it's exiting, and fdfree() has already run.
>
> Solution: p->p_fd must be protected by p's proc lock; fdfree() must
> set it to NULL immediately after freeing it; checkdirs() must lock
> each process before examining its fd list.
>
> Other problem spotted while investigating this: fdfree() can fail
> silently; fdfree() should panic if fdp->fd_refcnt is non-zero.
Please let me know if this works for you.
Index: vfs_syscalls.c
===================================================================
RCS file: /home/ncvs/src/sys/kern/vfs_syscalls.c,v
retrieving revision 1.231
diff -u -r1.231 vfs_syscalls.c
--- vfs_syscalls.c 12 Mar 2002 04:00:10 -0000 1.231
+++ vfs_syscalls.c 18 Mar 2002 06:23:41 -0000
@@ -451,10 +451,14 @@
return;
sx_slock(&allproc_lock);
LIST_FOREACH(p, &allproc, p_list) {
+ PROC_LOCK(p);
fdp = p->p_fd;
- if (fdp == NULL)
+ if (fdp == NULL) {
+ PROC_UNLOCK(p);
continue;
+ }
FILEDESC_LOCK(fdp);
+ PROC_UNLOCK(p);
if (fdp->fd_cdir == olddp) {
VREF(newdp);
fdp->fd_cdir = newdp;
Index: kern_descrip.c
===================================================================
RCS file: /home/ncvs/src/sys/kern/kern_descrip.c,v
retrieving revision 1.128
diff -u -r1.128 kern_descrip.c
--- kern_descrip.c 15 Mar 2002 08:03:46 -0000 1.128
+++ kern_descrip.c 18 Mar 2002 06:23:39 -0000
@@ -1321,19 +1321,26 @@
fdfree(td)
struct thread *td;
{
- register struct filedesc *fdp = td->td_proc->p_fd;
+ register struct filedesc *fdp;
struct file **fpp;
register int i;
+ PROC_LOCK(td);
+ fdp = td->td_proc->p_fd;
/* Certain daemons might not have file descriptors. */
- if (fdp == NULL)
+ if (fdp == NULL) {
+ PROC_UNLOCK(td);
return;
+ }
FILEDESC_LOCK(fdp);
if (--fdp->fd_refcnt > 0) {
FILEDESC_UNLOCK(fdp);
+ PROC_UNLOCK(td);
return;
}
+ td->td_proc->p_fd = NULL;
+ PROC_UNLOCK(td);
/*
* we are the last reference to the structure, we can
* safely assume it will not change out from under us.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020318061739.GB894>