Date: Thu, 18 Jun 2015 21:25:03 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 200958] filemon has insufficient proc locking Message-ID: <bug-200958-8@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=200958 Bug ID: 200958 Summary: filemon has insufficient proc locking Product: Base System Version: 11.0-CURRENT Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: freebsd-bugs@FreeBSD.org Reporter: peter@FreeBSD.org sys/dev/filemon_wrapper.c:filemon_pid_check() walks the curproc->p_pptr chain without the required proc locking. proc.h: * c - locked by proc mtx .. * e - locked by proctree_lock lock .. * If the locking key specifies two identifiers (for example, p_pptr) then * either lock is sufficient for read access, but both locks must be held * for write access. .. struct proc *p_pptr; /* (c + e) Pointer to parent process. */ The p_pptr scanner in filemon_pid_check() probably needs to hold a read rwlock of proctree_lock. This normally works fine, except when ptrace is involved. With ptrace actively reparenting things it can end up where it sits in an infinite loop in filemon_pid_check(). Tracing pid 97757 tid 100728 td 0xfffff8012938a980 kdb_alt_break_internal() at kdb_alt_break_internal+0x197/frame 0xfffffe085fac7730 kdb_alt_break() at kdb_alt_break+0xb/frame 0xfffffe085fac7740 uart_intr_rxready() at uart_intr_rxready+0x99/frame 0xfffffe085fac7770 uart_intr() at uart_intr+0x111/frame 0xfffffe085fac77b0 intr_event_handle() at intr_event_handle+0x9b/frame 0xfffffe085fac7800 intr_execute_handlers() at intr_execute_handlers+0x48/frame 0xfffffe085fac7830 lapic_handle_intr() at lapic_handle_intr+0x3f/frame 0xfffffe085fac7850 Xapic_isr1() at Xapic_isr1+0xba/frame 0xfffffe085fac7850 --- interrupt, rip = 0xffffffff805244ed, rsp = 0xfffffe085fac7910, rbp = 0xfffffe085fac7990 --- filemon_wrapper_freebsd32_stat() at filemon_wrapper_freebsd32_stat+0x6d/frame 0xfffffe085fac7990 ia32_syscall() at ia32_syscall+0x41b/frame 0xfffffe085fac7ab0 Xint0x80_syscall() at Xint0x80_syscall+0x95/frame 0xfffffe085fac7ab0 --- syscall (188, FreeBSD ELF32, filemon_wrapper_freebsd32_stat), rip = 0x284aa6d7, rsp = 0xffff987c, rbp = 0xffff9918 --- In this case, it is looping infinitely in filemon_pid_check() and the process in question is gdb from the gdb test suite. On the ref* machines we ended up with 8 gdb processes all consuming 100% cpu in this function. -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-200958-8>