Date: Fri, 14 Aug 1998 02:45:46 +0200 (CEST) From: Stefan Bethke <stb@hanse.de> To: freebsd-stable@FreeBSD.ORG Cc: freebsd-current@FreeBSD.ORG Subject: Re: Huge Bug in FreeBSD not fixed? Message-ID: <Pine.BSF.3.96.980814023617.9883A-300000@transit.hanse.de> In-Reply-To: <1682190.3111854089@d254.promo.de>
next in thread | previous in thread | raw e-mail | index | archive | help
This message is in MIME format. The first part should be readable text,
while the remaining parts are likely unreadable without MIME-aware tools.
Send mail to mime@docserver.cac.washington.edu for more info.
--0-1089576808-903055546=:9883
Content-Type: TEXT/PLAIN; charset=US-ASCII
[ please followup technical discussions to -current. ]
On Tue, 11 Aug 1998, Stefan Bethke wrote:
> On Die, 11. Aug 1998 13:33 Uhr +0200 Thomas Gellekum
> <tg@ihf.rwth-aachen.de> wrote:
>
> > I have run this program five times and it finished once. The other
> > four occasions I got
> >
> > Fatal trap 12: page fault while in kernel mode
> > fault virtual address = 0x18
> > fault code = supervisor write, page ot present
> > instruction pointer = 0x8:0xf0126d21
> > stack pointer = 0x10:0xefbffe50
> > frame pointer = 0x10:0xefbffe74
> > code segment = base 0x0, limit 0xfffff, type 0x1b
> > = DPL 0, pres 1, def32 1, gran 1
> > processor eflags = interrupt enabled, resume, IOPL = 0
> > current process = 395 (crashbsd)
> > interrupt mask =
> > kernel: type 12 trap, code=0
> > Stopped at _sosend+0x391: movl $0, 0x18(%ebx)
> >
> > After saving the core dump and recompiling a few object files with -g:
>
> > #9 0xf01c0a37 in trap (frame={tf_es = -2147483632, tf_ds = -272695280,
> > tf_edi = -272630136, tf_esi = -2147483648, tf_ebp = -272630156,
> > tf_isp = -272630212, tf_ebx = 0, tf_edx = 2147483647,
> > tf_ecx = -1073277766, tf_eax = 0, tf_trapno = 12, tf_err = 2,
> > tf_eip = -267227871, tf_cs = 8, tf_eflags = 66198, tf_esp = 0,
> > tf_ss = 1}) at ../../i386/i386/trap.c:324
> > #10 0xf0126d21 in sosend (so=0xf0937f00, addr=0x0, uio=0xefbffeb0,
> > top=0x0, control=0xf06fff00, flags=0) at ../../kern/uipc_socket.c:432
>
> Looking at kern/uipc_socket.c:sosend(), one can easily spot the problem
> Because sosend() expects a MGET(m, M_WAIT, MT_DATA) to always succeed, it
> pagefaults while trying to manipulate the non-allocated mbuf
> (m->m_pkthdr.len at 0+0x18).
> The solution would be either to make MGET() and MGETHRD() to always succeed
> (or sleep indefinitly), or check the result of any of those calls (as many
> callers already do).
> This in both -stable and -current.
I've made a simple patch to uipc_mbuf.c that makes sure M_GET() and
M_GETHDR() always succeed when called with M_WAIT.
The patch (attached) is against -current about 48 hrs ago.
I've done a little testing (slightly modified version of the test program,
also attached). It *seems* to work. I'd really appreciate comments from
those more knowledgable...
Cheers,
Stefan
--
Stefan Bethke
Muehlendamm 12 Phone: +49-40-256848, +49-177-3504009
D-22087 Hamburg <stefan.bethke@hanse.de>
Hamburg, Germany <stb@freebsd.org>
--0-1089576808-903055546=:9883
Content-Type: TEXT/PLAIN; charset=US-ASCII; name="m_retry.patch"
Content-Transfer-Encoding: BASE64
Content-ID: <Pine.BSF.3.96.980814024546.9883B@transit.hanse.de>
Content-Description:
SW5kZXg6IHVpcGNfbWJ1Zi5jDQo9PT09PT09PT09PT09PT09PT09PT09PT09
PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09DQpS
Q1MgZmlsZTogL2hvbWUvbmN2cy9zcmMvc3lzL2tlcm4vdWlwY19tYnVmLmMs
dg0KcmV0cmlldmluZyByZXZpc2lvbiAxLjM3DQpkaWZmIC11IC1yMS4zNyB1
aXBjX21idWYuYw0KLS0tIHVpcGNfbWJ1Zi5jCTE5OTgvMDcvMjcgMDM6NTk6
NDgJMS4zNw0KKysrIHVpcGNfbWJ1Zi5jCTE5OTgvMDgvMTQgMDA6MzQ6NTMN
CkBAIC0yNTAsNiArMjUwLDcgQEANCiAJaW50IGksIHQ7DQogew0KIAlyZWdp
c3RlciBzdHJ1Y3QgbWJ1ZiAqbTsNCisJc3RhdGljIGludCBoYXZlX3dhcm5l
ZCA9IDA7DQogDQogCS8qDQogCSAqIE11c3Qgb25seSBkbyB0aGUgcmVjbGFp
bSBpZiBub3QgaW4gYW4gaW50ZXJydXB0IGNvbnRleHQuDQpAQCAtMjY0LDkg
KzI2NSwzMCBAQA0KIAl9IGVsc2Ugew0KIAkJaWYgKGkgPT0gTV9ET05UV0FJ
VCkNCiAJCQltYnN0YXQubV9kcm9wcysrOw0KLQkJZWxzZQ0KLQkJCXBhbmlj
KCJPdXQgb2YgbWJ1ZiBjbHVzdGVycyIpOw0KKwkJZWxzZSB7DQorCQkJaWYg
KCFoYXZlX3dhcm5lZCkgew0KKwkJCQlwcmludGYgKCJPdXQgb2YgbWJ1ZnMg
LS0gaW5jcmVhc2UgTUFYVVNFUlNcbiIpOw0KKwkJCQloYXZlX3dhcm5lZCA9
IDE7DQorCQkJfQ0KKwkJCS8qDQorCQkJICogQmVjYXVzZSB0aGUgY2FsbGVy
IHBhc3NlZCBNX1dBSVQsIHdlJ3JlIGFsbG93ZWQgdG8NCisJCQkgKiB0c2xl
ZXAoKS4NCisJCQkgKi8NCisJCQl3aGlsZSAobSA9PSBOVUxMKSB7DQorCQkJ
CSh2b2lkKXRzbGVlcCgoY2FkZHJfdCkmbW1iZnJlZSwgUFNPQ0ssICJtbWJm
cmVlIiwgMTAwKTsNCisJCQkJLyogWFhYIHdlIHNob3VsZCBkbyBzb21ldGhp
bmcgd2l0aCB0aGUgcmV0dXJuIHZhbHVlPyAqLw0KKwkJCQltX3JlY2xhaW0o
KTsNCisJCQkJTUdFVChtLCBpLCB0KTsNCisJCQl9DQorCQl9DQogCX0NCisN
CisJLyogU2hvdWxkIGFub3RoZXIgY2FsbGVyIGNvbWUgYnkgYW5kIG1fcmVj
bGFpbSgpIGFjdHVhbGx5DQorCSAqIGZyZWUnZCBzb21lIG1idWZzLCB3YWtl
IHVwIHRoZSBvdGhlcnMgc2xlZXBpbmcuDQorCSAqLw0KKwlpZiAobW1iZnJl
ZSkNCisJCXdha2V1cCAoJm1tYmZyZWUpOw0KKw0KIAlyZXR1cm4gKG0pOw0K
IH0NCiANCkBAIC0yNzgsNiArMzAwLDcgQEANCiAJaW50IGksIHQ7DQogew0K
IAlyZWdpc3RlciBzdHJ1Y3QgbWJ1ZiAqbTsNCisJc3RhdGljIGludCBoYXZl
X3dhcm5lZCA9IDA7DQogDQogCS8qDQogCSAqIE11c3Qgb25seSBkbyB0aGUg
cmVjbGFpbSBpZiBub3QgaW4gYW4gaW50ZXJydXB0IGNvbnRleHQuDQpAQCAt
MjkyLDkgKzMxNSwzMCBAQA0KIAl9IGVsc2Ugew0KIAkJaWYgKGkgPT0gTV9E
T05UV0FJVCkNCiAJCQltYnN0YXQubV9kcm9wcysrOw0KLQkJZWxzZQ0KLQkJ
CXBhbmljKCJPdXQgb2YgbWJ1ZiBjbHVzdGVycyIpOw0KKwkJZWxzZSB7DQor
CQkJaWYgKCFoYXZlX3dhcm5lZCkgew0KKwkJCQlwcmludGYgKCJPdXQgb2Yg
bWJ1ZnMgLS0gaW5jcmVhc2UgTUFYVVNFUlNcbiIpOw0KKwkJCQloYXZlX3dh
cm5lZCA9IDE7DQorCQkJfQ0KKwkJCS8qDQorCQkJICogQmVjYXVzZSB0aGUg
Y2FsbGVyIHBhc3NlZCBNX1dBSVQsIHdlJ3JlIGFsbG93ZWQgdG8NCisJCQkg
KiB0c2xlZXAoKS4NCisJCQkgKi8NCisJCQl3aGlsZSAobSA9PSBOVUxMKSB7
DQorCQkJCSh2b2lkKXRzbGVlcCgoY2FkZHJfdCkmbW1iZnJlZSwgUFNPQ0ss
ICJtbWJmcmVlIiwgMTAwKTsNCisJCQkJLyogWFhYIHdlIHNob3VsZCBkbyBz
b21ldGhpbmcgd2l0aCB0aGUgcmV0dXJuIHZhbHVlPyAqLw0KKwkJCQltX3Jl
Y2xhaW0oKTsNCisJCQkJTUdFVChtLCBpLCB0KTsNCisJCQl9DQorCQl9DQog
CX0NCisNCisJLyogU2hvdWxkIGFub3RoZXIgY2FsbGVyIGNvbWUgYnkgYW5k
IG1fcmVjbGFpbSgpIGFjdHVhbGx5DQorCSAqIGZyZWUnZCBzb21lIG1idWZz
LCB3YWtlIHVwIHRoZSBvdGhlcnMgc2xlZXBpbmcuDQorCSAqLw0KKwlpZiAo
bW1iZnJlZSkNCisJCXdha2V1cCAoJm1tYmZyZWUpOw0KKw0KIAlyZXR1cm4g
KG0pOw0KIH0NCiANCg==
--0-1089576808-903055546=:9883
Content-Type: TEXT/PLAIN; charset=US-ASCII; name="bsdbug.c"
Content-Transfer-Encoding: BASE64
Content-ID: <Pine.BSF.3.96.980814024546.9883C@transit.hanse.de>
Content-Description:
LyogY3Jhc2hic2QuYw0KKioNCioqIFRISVMgUFJPR1JBTSBDQVVTRVMgS0VS
TkVMIFBBTklDIE9OIFNPTUUgU1lTVEVNUw0KKioNCioqIFVzYWdlOiBjcmFz
aG1lIFstLWhhcmRlcl0NCioqDQoqKiAtLWhhcmRlciBvcHRpb24gY2F1c2Vz
IHRoaXMgcHJvZ3JhbSB0byBsZWF2ZSBvcGVuZWQgZmlsZSBkZXNjcmlwdG9y
cyBoYW5naW5nDQoqKiB0aHVzIGluY3JlYXNpbmcgdGhlIHByb2JhYmlsaXR5
IG9mIHRoZSBjcmFzaC4NCioqDQoqLw0KDQojaW5jbHVkZSA8c3RkaW8uaD4N
CiNpbmNsdWRlIDxmY250bC5oPg0KI2luY2x1ZGUgPHVuaXN0ZC5oPg0KI2lu
Y2x1ZGUgPGVycm5vLmg+DQojaW5jbHVkZSA8c3lzL3R5cGVzLmg+DQojaW5j
bHVkZSA8c3lzL3VuLmg+DQojaW5jbHVkZSA8c3lzL3Vpby5oPg0KI2luY2x1
ZGUgPHN5cy9zb2NrZXQuaD4NCiNpbmNsdWRlIDxzeXMvd2FpdC5oPg0KDQpp
bnQgbWFpbihpbnQgYXJnYyxjaGFyICoqYXJndikgew0KCWludCBoYXJkZXI9
MCwgcCwgbnByb2MsIGgsIGksIHNvY2tldGZkc1syXTsNCgljaGFyIGFbMTBd
Ow0KCXN0cnVjdCBpb3ZlYyBpb3YxPXthLDF9Ow0KCXN0cnVjdCBjbXNnaGRy
ICpjbTsNCglzdHJ1Y3QgbXNnaGRyIG1zZzsNCgljaGFyIGJidWZmZXJbc2l6
ZW9mKHN0cnVjdCBjbXNnaGRyKStzaXplb2YoaW50KSoyNF07DQoNCglpZihh
cmdjPj0yJiYhc3RyY21wKGFyZ3ZbMV0sIi0taGFyZGVyIikpIGhhcmRlcj0x
Ow0KDQoJbnByb2M9LTE7DQoJZm9yKGk9MDtpPDYwO2krKykgew0KCQlpZiAo
KHA9Zm9yaygpKT09MCkgew0KCQkJaWYgKHNvY2tldHBhaXIoQUZfVU5JWCxT
T0NLX1NUUkVBTSwwLHNvY2tldGZkcykpIHsNCgkJCQlwZXJyb3IoInNvY2tl
dHBhaXIiKTsNCgkJCX0gZWxzZSB7DQoJCQkJY209KHN0cnVjdCBjbXNnaGRy
KiliYnVmZmVyOw0KCQkJCWNtLT5jbXNnX2xldmVsPVNPTF9TT0NLRVQ7DQoJ
CQkJY20tPmNtc2dfdHlwZT1TQ01fUklHSFRTOw0KCQkJCWNtLT5jbXNnX2xl
bj1zaXplb2Yoc3RydWN0IGNtc2doZHIpK3NpemVvZihpbnQpOw0KCQkJCW1z
Zy5tc2dfbmFtZT0oY2FkZHJfdCkwOw0KCQkJCW1zZy5tc2dfbmFtZWxlbj0w
Ow0KCQkJCW1zZy5tc2dfZmxhZ3M9MDsNCgkJCQltc2cubXNnX2lvdj0maW92
MTsNCgkJCQltc2cubXNnX2lvdmxlbj0xOw0KCQkJCW1zZy5tc2dfY29udHJv
bD0oY2FkZHJfdCljbTsNCgkJCQltc2cubXNnX2NvbnRyb2xsZW49Y20tPmNt
c2dfbGVuOw0KCQkJCWlmICgocD1mb3JrKCkpID4gMCkgew0KCQkJCQljbG9z
ZShzb2NrZXRmZHNbMF0pOw0KCQkJCQkqKGludCopKGJidWZmZXIrc2l6ZW9m
KHN0cnVjdCBjbXNnaGRyKSk9b3BlbigiL2Rldi9udWxsIixPX1JET05MWSk7
DQoJCQkJCWZvcihpPTA7aTwyMDQ4O2krKykgew0KCQkJCQkJZnByaW50Zihz
dGRvdXQsIiVkPiAiLGkrMSk7DQoJCQkJCQl3aGlsZShzZW5kbXNnKHNvY2tl
dGZkc1sxXSwmbXNnLDApIT0xKSB7DQoJCQkJCQkJaWYoZXJybm8hPUVBR0FJ
Tikgew0KCQkJCQkJCQlwZXJyb3IoIlxuc2VuZG1zZyIpOw0KCQkJCQkJCX0N
CgkJCQkgCQl9DQoJCQkJIAl9DQoJCQkJfSBlbHNlIHsNCgkJCQkJaWYgKHAg
PCAwKSB7DQoJCQkJCQlwZXJyb3IoImZvcmsiKTsNCgkJCQkJCWV4aXQgKDAp
Ow0KCQkJCQl9DQoJCQkJCWNsb3NlKHNvY2tldGZkc1sxXSk7DQoJCQkJCWZv
cihpPTA7aTwyMDQ4O2krKykgew0KCQkJCQkJKihpbnQqKShiYnVmZmVyK3Np
emVvZihzdHJ1Y3QgY21zZ2hkcikpPS0xOw0KCQkJCQkJZnByaW50ZihzdGRv
dXQsIj4lZCAiLGkrMSk7DQoJCQkJCQljbT0oc3RydWN0IGNtc2doZHIqKWJi
dWZmZXI7DQoJCQkJCQljbS0+Y21zZ19sZXZlbD1TT0xfU09DS0VUOw0KCQkJ
CQkJY20tPmNtc2dfdHlwZT1TQ01fUklHSFRTOw0KCQkJCQkJY20tPmNtc2df
bGVuPXNpemVvZihzdHJ1Y3QgY21zZ2hkcikrc2l6ZW9mKGludCkqMjQ7DQoJ
CQkJCQltc2cubXNnX25hbWU9KGNhZGRyX3QpMDsNCgkJCQkJCW1zZy5tc2df
bmFtZWxlbj0wOw0KCQkJCQkJaW92MS5pb3ZfbGVuPTEwOw0KCQkJCQkJbXNn
Lm1zZ19pb3Y9JmlvdjE7DQoJCQkJCQltc2cubXNnX2lvdmxlbj0xOw0KCQkJ
CQkJbXNnLm1zZ19jb250cm9sPShjYWRkcl90KWNtOw0KCQkJCQkJbXNnLm1z
Z19jb250cm9sbGVuPWNtLT5jbXNnX2xlbjsNCg0KCQkJCQkJaWYocmVjdm1z
Zyhzb2NrZXRmZHNbMF0sJm1zZywwKSE9MSl7DQoJCQkJCSAJCXBlcnJvcigi
XG5yZWN2bXNnIik7DQoJCQkJCSAJfSBlbHNlIHsNCgkJCQkJIAkJZnByaW50
ZihzdGRvdXQsIiglZCkgIiwqKGludCopKGJidWZmZXIrc2l6ZW9mKHN0cnVj
dCBjbXNnaGRyKSkpOw0KCQkJCQkJIAlpZighaGFyZGVyKSB7DQoJCQkJCQkJ
CWNsb3NlKCooaW50KikoYmJ1ZmZlcitzaXplb2Yoc3RydWN0IGNtc2doZHIp
KSk7DQoJCQkJCQkJfQ0KCQkJCQkJfQ0KCQkJCQl9DQoJCQkJCWV4aXQoMCk7
DQoJCQkJfQ0KCQkJCXdhaXQoJmgpOw0KCQkJfQ0KCQkJZXhpdCgwKTsNCgkJ
fSBlbHNlIHsNCgkJCWlmKHA8MCkgew0KCQkJCW5wcm9jPWk7DQoJCQkJYnJl
YWs7DQoJCQl9DQoJCX0NCgl9DQoJaWYobnByb2M8MCkNCgkJbnByb2M9NjA7
DQoJZm9yKGk9MDtpPG5wcm9jO2krKykgDQoJCXdhaXQoJmgpOw0KCWZwcmlu
dGYoc3RkZXJyLCJcbiVkIHByb2Nlc3NlcyBmaW5pc2hlZFxuIixucHJvYyk7
DQoJcmV0dXJuIDA7DQp9DQo=
--0-1089576808-903055546=:9883--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980814023617.9883A-300000>