Date: Sun, 27 May 2001 21:30:59 +0200 From: Tor.Egge@fast.no To: mdharnois@home.com Cc: tmoestl@gmx.net, freebsd-current@FreeBSD.ORG, alfred@FreeBSD.ORG, jhb@FreeBSD.ORG, rwatson@FreeBSD.ORG Subject: Re: next panic: blockable sleep lock Message-ID: <200105271930.VAA90048@midten.fast.no> In-Reply-To: Your message of "27 May 2001 01:22:24 -0500" References: <86u22748gv.fsf_-_@mharnois.workgroup.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> freeing uidinfo: uid = 0, sbsize = 3197224 > freeing uidinfo: uid = 0, proccnt = 86 [...] > trap(c8d20018,c01d0010,c8cb0010,4,c0b3351c) at trap+0x5d0 > calltrap() at calltrap+0x5 > --- trap 0xc, eip = 0xc01ba652, esp = 0xc8d27ed4, ebp = 0xc8d27ee0 --- > _mtx_lock_sleep(c0b3351c,0,c035076c,364) at mtx_lock_sleep+0x342 > chgproccnt(c0b33500,ffffffff,0,c1280900,c03b0d40,c8d26bbc,c1280900) at chgproccnt+0x67 The ui_ref member in struct uidinfo is only 16 bits. This means that a fatal wraparound due to a missing call to uifree() can happen rather quickly. Index: sys/kern/kern_prot.c =================================================================== RCS file: /home/ncvs/src/sys/kern/kern_prot.c,v retrieving revision 1.91 diff -u -r1.91 kern_prot.c --- sys/kern/kern_prot.c 2001/05/25 16:59:06 1.91 +++ sys/kern/kern_prot.c 2001/05/27 07:10:10 @@ -1303,6 +1303,8 @@ */ if (cr->cr_uidinfo != NULL) uifree(cr->cr_uidinfo); + if (cr->cr_ruidinfo != NULL) + uifree(cr->cr_ruidinfo); /* * Free a prison, if any. */ - Tor Egge To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200105271930.VAA90048>