From owner-freebsd-current@FreeBSD.ORG Fri Aug 15 17:35:41 2003 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 762D037B401; Fri, 15 Aug 2003 17:35:41 -0700 (PDT) Received: from obsecurity.dyndns.org (adsl-64-169-107-97.dsl.lsan03.pacbell.net [64.169.107.97]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0AE4B43FB1; Fri, 15 Aug 2003 17:35:40 -0700 (PDT) (envelope-from kris@obsecurity.org) Received: from rot13.obsecurity.org (rot13.obsecurity.org [10.0.0.5]) by obsecurity.dyndns.org (Postfix) with ESMTP id 1649766D7A; Fri, 15 Aug 2003 17:35:35 -0700 (PDT) Received: by rot13.obsecurity.org (Postfix, from userid 1000) id F1A6D7D9; Fri, 15 Aug 2003 17:35:34 -0700 (PDT) Date: Fri, 15 Aug 2003 17:35:34 -0700 From: Kris Kennaway To: Kris Kennaway Message-ID: <20030816003534.GA71111@rot13.obsecurity.org> References: <20030809061112.GA4044@rot13.obsecurity.org> <20030811220932.GA43465@rot13.obsecurity.org> <20030811224702.GA44119@rot13.obsecurity.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="+HP7ph2BbKc20aGI" Content-Disposition: inline In-Reply-To: <20030811224702.GA44119@rot13.obsecurity.org> User-Agent: Mutt/1.4.1i cc: current@freebsd.org cc: phk@FreeBSD.org Subject: Re: LOR with filedesc structure and Giant X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 16 Aug 2003 00:35:41 -0000 --+HP7ph2BbKc20aGI Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Mon, Aug 11, 2003 at 03:47:02PM -0700, Kris Kennaway wrote: > > lock order reversal > > 1st 0xc3d25134 filedesc structure (filedesc structure) @ /a/asami/portbuild/i386/src-client/sys/kern/sys_generic.c:902 > > 2nd 0xc04aa500 Giant (Giant) @ /a/asami/portbuild/i386/src-client/sys/fs/specfs/spec_vnops.c:372 > #10 0xc02313e4 in spec_poll (ap=0xce655af8) > at /a/asami/portbuild/i386/src-client/sys/fs/specfs/spec_vnops.c:372 The problem seems to be due to select() being called on the /dev/null device, and it is holding the filedesc lock when it reaches PICKUP_GIANT() in spec_poll. (kgdb) frame 10 #10 0xc02313e4 in spec_poll (ap=0xce655af8) at /a/asami/portbuild/i386/src-client/sys/fs/specfs/spec_vnops.c:372 372 in /a/asami/portbuild/i386/src-client/sys/fs/specfs/spec_vnops.c (kgdb) print ap->a_vp->v_type $26 = VCHR (kgdb) print ap->a_vp->v_un->vu_spec->vu_cdev->si_udev $27 = 514 This may be related to the following commit of phk: --- date: 2002/09/27 19:47:59; author: phk; state: Exp; lines: +76 -13 Add a D_NOGIANT flag which can be set in a struct cdevsw to indicate that a particular device driver is not Giant-challenged. SPECFS will DROP_GIANT() ... PICKUP_GIANT() around calls to the driver in question. Notice that the interrupt path is not affected by this! This does _NOT_ work for drivers accessed through cdevsw->d_strategy() ie drivers for disk(-like), some tapes, maybe others. --- > #11 0xc02308d8 in spec_vnoperate (ap=0x0) > at /a/asami/portbuild/i386/src-client/sys/fs/specfs/spec_vnops.c:122 > #12 0xc02d152c in vn_poll (fp=0x0, events=0, active_cred=0xc42f6800, td=0x0) at vnode_if.h:537 > #13 0xc029491e in selscan (td=0xc3087720, ibits=0xce655b98, obits=0xce655b88, nfd=6) > at /a/asami/portbuild/i386/src-client/sys/sys/file.h:272 > #14 0xc029449f in kern_select (td=0xc3087720, nd=6, fd_in=0xbfbff5b0, fd_ou=0x0, fd_ex=0x0, tvp=0xce655cd4) > at /a/asami/portbuild/i386/src-client/sys/kern/sys_generic.c:822 > #15 0xc0294116 in select (td=0x0, uap=0xce655d10) > at /a/asami/portbuild/i386/src-client/sys/kern/sys_generic.c:726 > #16 0xc03f0233 in syscall (frame= > {tf_fs = 47, tf_es = 47, tf_ds = 47, tf_edi = 134565968, tf_esi = -1077938776, tf_ebp = 674425792, tf_isp = -832217740, tf_ebx = 0, tf_edx = -1077938768, tf_ecx = 0, tf_eax = 93, tf_trapno = 12, tf_err = 2, tf_eip = 671926988, tf_cs = 31, tf_eflags = 534, tf_esp = 674425704, tf_ss = 47}) > at /a/asami/portbuild/i386/src-client/sys/i386/i386/trap.c:1008 > #17 0xc03e011d in Xint0x80_syscall () at {standard input}:144 > ---Can't read userspace from dump, or kernel process--- --+HP7ph2BbKc20aGI Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (FreeBSD) iD8DBQE/PXxWWry0BWjoQKURAvgyAKDNFX71A1L9KukDh95W7cSow+0ySgCgwi9V 2C4qY3axQmNjW59d81Ac2qk= =n2AH -----END PGP SIGNATURE----- --+HP7ph2BbKc20aGI--