Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 3 Apr 1997 01:48:16 +0200 (MET DST)
From:      Tor Egge <Tor.Egge@idi.ntnu.no>
To:        FreeBSD-gnats-submit@freebsd.org
Subject:   kern/3180: mlock() causes panic: lockmgr: upgrade exclusive lock
Message-ID:  <199704022348.BAA02775@ikke.idt.unit.no>
Resent-Message-ID: <199704022350.PAA07010@freefall.freebsd.org>
index | next in thread | raw e-mail 


>Number:         3180
>Category:       kern
>Synopsis:       mlock() causes panic: lockmgr: upgrade exclusive lock
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Apr  2 15:50:03 PST 1997
>Last-Modified:
>Originator:     Tor Egge
>Organization:
Norwegian University of Science and Technology, Trondheim, Norway
>Release:        FreeBSD 3.0-CURRENT i386
>Environment:

FreeBSD ikke.idt.unit.no 3.0-CURRENT FreeBSD 3.0-CURRENT #5: Thu Apr  3 00:28:21 MET DST 1997     root@ikke.idt.unit.no:/usr/src/sys/compile/TEGGE  i386

>Description:

lockmgr is called with wrong arguments in vm_map_user_pageable.

The first call will cause a panic: lockmgr: upgrade exclusive lock,
since we already have an exclusive lock.

The second call will cause a panic: lockmgr: not holding exclusive lock, due to
the lock having been silently downgraded to a shared lock as a side effect of
the call to vm_fault_user_wire.

>How-To-Repeat:

	Use the mlock() system call with valid parameters in a program.

>Fix:
	
Index: vm_map.c
===================================================================
RCS file: /home/ncvs/src/sys/vm/vm_map.c,v
retrieving revision 1.72
diff -u -r1.72 vm_map.c
--- vm_map.c	1997/02/22 09:48:23	1.72
+++ vm_map.c	1997/04/02 22:16:53
@@ -1443,19 +1443,8 @@
 
 			/* First we need to allow map modifications */
 			vm_map_set_recursive(map);
-			if (lockmgr(&map->lock, LK_EXCLUPGRADE,
-				(void *)0, curproc)) {
-				entry->wired_count--;
-				entry->eflags &= ~MAP_ENTRY_USER_WIRED;
-
-				vm_map_clear_recursive(map);
-				vm_map_unlock(map);
+			lockmgr(&map->lock, LK_DOWNGRADE,(void *)0, curproc);
 
-				(void) vm_map_user_pageable(map, start, entry->start, TRUE);
-				return rv;
-			}
-
-				
 			rv = vm_fault_user_wire(map, entry->start, entry->end);
 			if (rv) {
 
@@ -1470,7 +1459,7 @@
 			}
 
 			vm_map_clear_recursive(map);
-			lockmgr(&map->lock, LK_DOWNGRADE, (void *)0, curproc);
+			lockmgr(&map->lock, LK_UPGRADE, (void *)0, curproc);
 
 			goto rescan;
 		}

>Audit-Trail:
>Unformatted:
home | help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199704022348.BAA02775>