From owner-freebsd-stable Tue Jul 2 14: 7:48 2002 Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E1B3237B500 for ; Tue, 2 Jul 2002 14:06:10 -0700 (PDT) Received: from mail.sandvine.com (sandvine.com [199.243.201.138]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0FFC044D8F for ; Tue, 2 Jul 2002 13:41:20 -0700 (PDT) (envelope-from don@sandvine.com) Received: by mail.sandvine.com with Internet Mail Service (5.5.2653.19) id ; Tue, 2 Jul 2002 16:41:18 -0400 Message-ID: From: Don Bowman To: 'Jonathan Lemon' , Don Bowman , stable@freebsd.org Subject: RE: panic in 4.6 with knote_enqueue from kill Date: Tue, 2 Jul 2002 16:41:11 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Just thought I'd mention that the below patch for sure resolves the issue I had, 5 days of running (on ~20 machines) where before there was < 1. It would be nice to commit this on the 4 branch since I'm reasonably sure anyone could run into it, and its easy to exploit to bring down a machine. > -----Original Message----- > From: Jonathan Lemon [mailto:jlemon@flugsvamp.com] > Sent: June 28, 2002 13:17 > To: don@sandvine.com; stable@freebsd.org > Subject: Re: panic in 4.6 with knote_enqueue from kill > > > In article > you write: > >I have a system panic occuring with FreeBSD 4.6. The stack > trace is below... > > > >Debugger(c032d70a) at Debugger+0x34 > >panic(c032bf57,e0f37000,800001e,e0f35ee4,c01ba339) at panic+0xa4 > >knote_enqueue(e0f37000) at knote_enqueue+0x22 > >knote(db433820,800001e) at knote+0x35 > >psignal(db433700,1e,2,db433700,e0f35f80) at psignal+0x49 > >kill(db433700,e0f35f80,281f8944,81a9000,818467c) at kill+0x7b > >syscall2(2821002f,281f002f,80f002f,818467c,81a9000) at syscall2+0x23d > >Xint0x80_syscall() at Xint0x80_syscall+0x2b > > The assumption made when calling knote() is that we are already at the > correct spl level associated with a particular knote list, so > no locking > should be required. It appears that this isn't true for psignal(), it > can be called either from a syscall, or from an interrupt. > > My guess is that in the call chain above, after checking the kn_status > in KNOTE_ACTIVATE(), but before reaching splhigh() in > knote_enqueue, an > interrupt occurs which causes psignal() to be called again, and queues > the knote for retrieval. This causes the assertion to be triggered. > > Try the patch below. > -- > Jonathan > > Index: kern_sig.c > =================================================================== > RCS file: /ncvs/src/sys/kern/kern_sig.c,v > retrieving revision 1.72.2.14 > diff -u -r1.72.2.14 kern_sig.c > --- kern_sig.c 14 Dec 2001 03:05:32 -0000 1.72.2.14 > +++ kern_sig.c 28 Jun 2002 17:23:59 -0000 > @@ -1011,7 +1011,9 @@ > panic("psignal signal number"); > } > > + s = splhigh(); > KNOTE(&p->p_klist, NOTE_SIGNAL | sig); > + splx(s); > > prop = sigprop(sig); > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message