From owner-freebsd-bugs Wed Apr 2 15:50:09 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id PAA07026 for bugs-outgoing; Wed, 2 Apr 1997 15:50:09 -0800 (PST) Received: (from gnats@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id PAA07010; Wed, 2 Apr 1997 15:50:05 -0800 (PST) Resent-Date: Wed, 2 Apr 1997 15:50:05 -0800 (PST) Resent-Message-Id: <199704022350.PAA07010@freefall.freebsd.org> Resent-From: gnats (GNATS Management) Resent-To: freebsd-bugs Resent-Reply-To: FreeBSD-gnats@freefall.FreeBSD.org, Tor.Egge@idi.ntnu.no Received: from pat.idt.unit.no (0@pat.idt.unit.no [129.241.103.5]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id PAA06942 for ; Wed, 2 Apr 1997 15:49:14 -0800 (PST) Received: from ikke.idt.unit.no (tegge@ikke.idt.unit.no [129.241.111.65]) by pat.idt.unit.no (8.8.5/8.8.5) with ESMTP id BAA16892 for ; Thu, 3 Apr 1997 01:48:22 +0200 (MET DST) Received: (from tegge@localhost) by ikke.idt.unit.no (8.8.5/8.8.5) id BAA02775; Thu, 3 Apr 1997 01:48:16 +0200 (MET DST) Message-Id: <199704022348.BAA02775@ikke.idt.unit.no> Date: Thu, 3 Apr 1997 01:48:16 +0200 (MET DST) From: Tor Egge Reply-To: Tor.Egge@idi.ntnu.no To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.2 Subject: kern/3180: mlock() causes panic: lockmgr: upgrade exclusive lock Sender: owner-bugs@freebsd.org X-Loop: FreeBSD.org Precedence: bulk >Number: 3180 >Category: kern >Synopsis: mlock() causes panic: lockmgr: upgrade exclusive lock >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Apr 2 15:50:03 PST 1997 >Last-Modified: >Originator: Tor Egge >Organization: Norwegian University of Science and Technology, Trondheim, Norway >Release: FreeBSD 3.0-CURRENT i386 >Environment: FreeBSD ikke.idt.unit.no 3.0-CURRENT FreeBSD 3.0-CURRENT #5: Thu Apr 3 00:28:21 MET DST 1997 root@ikke.idt.unit.no:/usr/src/sys/compile/TEGGE i386 >Description: lockmgr is called with wrong arguments in vm_map_user_pageable. The first call will cause a panic: lockmgr: upgrade exclusive lock, since we already have an exclusive lock. The second call will cause a panic: lockmgr: not holding exclusive lock, due to the lock having been silently downgraded to a shared lock as a side effect of the call to vm_fault_user_wire. >How-To-Repeat: Use the mlock() system call with valid parameters in a program. >Fix: Index: vm_map.c =================================================================== RCS file: /home/ncvs/src/sys/vm/vm_map.c,v retrieving revision 1.72 diff -u -r1.72 vm_map.c --- vm_map.c 1997/02/22 09:48:23 1.72 +++ vm_map.c 1997/04/02 22:16:53 @@ -1443,19 +1443,8 @@ /* First we need to allow map modifications */ vm_map_set_recursive(map); - if (lockmgr(&map->lock, LK_EXCLUPGRADE, - (void *)0, curproc)) { - entry->wired_count--; - entry->eflags &= ~MAP_ENTRY_USER_WIRED; - - vm_map_clear_recursive(map); - vm_map_unlock(map); + lockmgr(&map->lock, LK_DOWNGRADE,(void *)0, curproc); - (void) vm_map_user_pageable(map, start, entry->start, TRUE); - return rv; - } - - rv = vm_fault_user_wire(map, entry->start, entry->end); if (rv) { @@ -1470,7 +1459,7 @@ } vm_map_clear_recursive(map); - lockmgr(&map->lock, LK_DOWNGRADE, (void *)0, curproc); + lockmgr(&map->lock, LK_UPGRADE, (void *)0, curproc); goto rescan; } >Audit-Trail: >Unformatted: