From owner-freebsd-current@FreeBSD.ORG Thu Jan 19 17:05:54 2006 Return-Path: X-Original-To: freebsd-current@freebsd.org Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D815216A41F; Thu, 19 Jan 2006 17:05:54 +0000 (GMT) (envelope-from des@des.no) Received: from tim.des.no (tim.des.no [194.63.250.121]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5DA5543D45; Thu, 19 Jan 2006 17:05:54 +0000 (GMT) (envelope-from des@des.no) Received: from tim.des.no (localhost [127.0.0.1]) by spam.des.no (Postfix) with ESMTP id 2199C20B8; Thu, 19 Jan 2006 18:05:49 +0100 (CET) X-Spam-Tests: AWL,BAYES_00,FORGED_RCVD_HELO X-Spam-Learn: ham X-Spam-Score: -3.2/3.0 X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on tim.des.no Received: from xps.des.no (des.no [80.203.243.180]) by tim.des.no (Postfix) with ESMTP id A927920A3; Thu, 19 Jan 2006 18:05:48 +0100 (CET) Received: by xps.des.no (Postfix, from userid 1001) id 89CE033C1D; Thu, 19 Jan 2006 18:05:48 +0100 (CET) To: Kris Kennaway References: <20060117204155.GA3472@troutmask.apl.washington.edu> <876011DA-7506-4DDF-8BCA-403EE1F10552@freebsd.org> <20060117213226.GA92805@xor.obsecurity.org> From: des@des.no (=?iso-8859-1?q?Dag-Erling_Sm=F8rgrav?=) Date: Thu, 19 Jan 2006 18:05:48 +0100 In-Reply-To: <20060117213226.GA92805@xor.obsecurity.org> (Kris Kennaway's message of "Tue, 17 Jan 2006 16:32:27 -0500") Message-ID: <86fynkw3kj.fsf@xps.des.no> User-Agent: Gnus/5.110002 (No Gnus v0.2) Emacs/21.3 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Cc: freebsd-current@freebsd.org, Jason Evans , Steve Kargl Subject: Re: malloc fallout and linprocfs X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Jan 2006 17:05:55 -0000 Kris Kennaway writes: > On Tue, Jan 17, 2006 at 12:50:06PM -0800, Jason Evans wrote: > > On Jan 17, 2006, at 12:41 PM, Steve Kargl wrote: > > > KDB: stack backtrace: > > > witness_warn() at witness_warn+0x262 > > > uma_zalloc_arg() at uma_zalloc_arg+0x217 > > > malloc() at malloc+0xa3 > > > vn_fullpath() at vn_fullpath+0x56 > > > linprocfs_doprocmaps() at linprocfs_doprocmaps+0x31e > > > pfs_read() at pfs_read+0x260 > > > VOP_READ_APV() at VOP_READ_APV+0x74 > > > vn_read() at vn_read+0x14f > > > dofileread() at dofileread+0x94 > > > kern_readv() at kern_readv+0x60 > > > read() at read+0x4a > > > ia32_syscall() at ia32_syscall+0x178 > > > Xint0x80_syscall() at Xint0x80_syscall+0x5d > > > malloc(M_WAITOK) of "1024", forcing M_NOWAIT with the following non-s= leepable locks held: > > > exclusive sleep mutex vm object (standard object) r =3D 0 (0xffffff02= b7846640) locked @ /usr/src/sys/compat/linprocfs/linprocfs.c:874 > > I don't think that libc's malloc is a factor here; the stacktrace > > above is all in the kernel, isn't it? > Yeah, must be some other bug. linprocfs_doprocmaps() calls vn_fullpath() while holding a mutex, but vn_fullpath() calls malloc(M_WAITOK); bad idea. Luckily for Steve, WITNESS spotted it and turned it into a less severe error (not checking the return value of malloc(M_NOWAIT)). Without WITNESS, the following is a good panic(9) implementation: $ cat /compat/linux/proc/self/maps I'm not entirely sure how to fix it, though. It might be OK to just remove the VM_OBJECT_LOCK() / VM_OBJECT_UNLOCK() calls. DES --=20 Dag-Erling Sm=F8rgrav - des@des.no