Date: Tue, 2 Jul 2002 16:41:11 -0400 From: Don Bowman <don@sandvine.com> To: 'Jonathan Lemon' <jlemon@flugsvamp.com>, Don Bowman <don@sandvine.com>, stable@freebsd.org Subject: RE: panic in 4.6 with knote_enqueue from kill Message-ID: <FE045D4D9F7AED4CBFF1B3B813C8533767666C@mail.sandvine.com>
next in thread | raw e-mail | index | archive | help
Just thought I'd mention that the below patch for sure resolves
the issue I had, 5 days of running (on ~20 machines) where before
there was < 1.
It would be nice to commit this on the 4 branch since I'm
reasonably sure anyone could run into it, and its easy to
exploit to bring down a machine.
> -----Original Message-----
> From: Jonathan Lemon [mailto:jlemon@flugsvamp.com]
> Sent: June 28, 2002 13:17
> To: don@sandvine.com; stable@freebsd.org
> Subject: Re: panic in 4.6 with knote_enqueue from kill
>
>
> In article
> <local.mail.freebsd-stable/FE045D4D9F7AED4CBFF1B3B813C85337676
60F@mail.sandvine.com> you write:
> >I have a system panic occuring with FreeBSD 4.6. The stack
> trace is below...
> >
> >Debugger(c032d70a) at Debugger+0x34
> >panic(c032bf57,e0f37000,800001e,e0f35ee4,c01ba339) at panic+0xa4
> >knote_enqueue(e0f37000) at knote_enqueue+0x22
> >knote(db433820,800001e) at knote+0x35
> >psignal(db433700,1e,2,db433700,e0f35f80) at psignal+0x49
> >kill(db433700,e0f35f80,281f8944,81a9000,818467c) at kill+0x7b
> >syscall2(2821002f,281f002f,80f002f,818467c,81a9000) at syscall2+0x23d
> >Xint0x80_syscall() at Xint0x80_syscall+0x2b
>
> The assumption made when calling knote() is that we are already at the
> correct spl level associated with a particular knote list, so
> no locking
> should be required. It appears that this isn't true for psignal(), it
> can be called either from a syscall, or from an interrupt.
>
> My guess is that in the call chain above, after checking the kn_status
> in KNOTE_ACTIVATE(), but before reaching splhigh() in
> knote_enqueue, an
> interrupt occurs which causes psignal() to be called again, and queues
> the knote for retrieval. This causes the assertion to be triggered.
>
> Try the patch below.
> --
> Jonathan
>
> Index: kern_sig.c
> ===================================================================
> RCS file: /ncvs/src/sys/kern/kern_sig.c,v
> retrieving revision 1.72.2.14
> diff -u -r1.72.2.14 kern_sig.c
> --- kern_sig.c 14 Dec 2001 03:05:32 -0000 1.72.2.14
> +++ kern_sig.c 28 Jun 2002 17:23:59 -0000
> @@ -1011,7 +1011,9 @@
> panic("psignal signal number");
> }
>
> + s = splhigh();
> KNOTE(&p->p_klist, NOTE_SIGNAL | sig);
> + splx(s);
>
> prop = sigprop(sig);
>
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?FE045D4D9F7AED4CBFF1B3B813C8533767666C>