Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 11 Mar 2003 08:43:46 +1100
From:      Tim Robbins <tjr@FreeBSD.org>
To:        John Baldwin <jhb@FreeBSD.org>
Cc:        Kris Kennaway <kris@obsecurity.org>, alfred@FreeBSD.org, current@FreeBSD.org, Poul-Henning Kamp <phk@phk.freebsd.dk>
Subject:   Re: NULL pointer problem in pid selection ?
Message-ID:  <20030311084346.A63542@dilbert.robbins.dropbear.id.au>
In-Reply-To: <XFMail.20030310130015.jhb@FreeBSD.org>; from jhb@FreeBSD.org on Mon, Mar 10, 2003 at 01:00:15PM -0500
References:  <20030308213535.GE56020@rot13.obsecurity.org> <XFMail.20030310130015.jhb@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Mon, Mar 10, 2003 at 01:00:15PM -0500, John Baldwin wrote:

> On 08-Mar-2003 Kris Kennaway wrote:
> > On Sat, Mar 08, 2003 at 11:46:34AM +0100, Poul-Henning Kamp wrote:
> >> 
> >> Just got this crash on -current, and I belive I have seen similar
> >> before.  addr2line(1) reports the faulting address to be
> >>      ../../../kern/kern_fork.c:395
> >> which is in the inner loop of pid collision avoidance.
> > 
> > I've been running this patch from Alfred for the past month or so on
> > bento, which has fixed a similar panic I was seeing regularly.
> 
> Using just a shared lock instead of an xlock should be ok there.  You
> aren't modifying the process tree, just looking at it.  OTOH, the
> proc lock is supposed to protect p_grp and p_session, so they shouldn't
> be NULL. :(

I have a suspiscion that the bug is actually in wait1():

        sx_xlock(&proctree_lock);
	[...]
	/*
	 * Remove other references to this process to ensure
	 * we have an exclusive reference.
	 */
	leavepgrp(p);

	sx_xlock(&allproc_lock);
	LIST_REMOVE(p, p_list); /* off zombproc */
	sx_xunlock(&allproc_lock);

	LIST_REMOVE(p, p_sibling);
	sx_xunlock(&proctree_lock);


Shouldn't we be removing the process from zombproc before setting
p_pgrp to NULL via leavepgrp()? Does this even matter at all when both
fork1() and wait1() are still protected by Giant?


Tim

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030311084346.A63542>