Date: Wed, 16 Dec 2015 16:09:17 +0100 From: Fabian Keil <freebsd-listen@fabiankeil.de> To: Konstantin Belousov <kostikbel@gmail.com> Cc: FreeBSD Current <freebsd-current@freebsd.org> Subject: Re: fork_findpid() - Fatal trap 12: page fault while in kernel mode Message-ID: <20151216160917.2a6a51ba@fabiankeil.de> In-Reply-To: <20151216121000.GV3625@kib.kiev.ua> References: <20151215174238.2d7cc3bb@fabiankeil.de> <20151216104227.GS3625@kib.kiev.ua> <20151216122116.09e1b27d@fabiankeil.de> <20151216121000.GV3625@kib.kiev.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] Konstantin Belousov <kostikbel@gmail.com> wrote: > On Wed, Dec 16, 2015 at 12:21:16PM +0100, Fabian Keil wrote: > > Konstantin Belousov <kostikbel@gmail.com> wrote: > > > It is the values of *p and *(p->p_pgrp) that are needed, from the frame 8. > > > > Unfortunately it's not available and apparently I removed the attempts > > to get it from the previous output. > > > allproc is available and the first one matches lastpid and has an invalid > > p_pgrp, but due to trypid being optimized out as well, it's not obvious > > (to me) that it's the right process. > > p_suspcount = 0, p_xthread = 0xfffff801162819a0, p_boundary_count = 0, p_pendingcnt = 0, p_itimers = 0x0, p_procdesc = 0x0, p_treeflag = 0, p_magic = 3203398350, p_osrel = 1100090, > > p_comm = 0xfffff800304df3c4 "privoxy", > p_pgrp = 0x618b0080, > > > I've changed p's declaration to static so hopefully its value will > > be available the next time the panic occurs, but it may take a while > > until that happens. > > From the state of the process you provided, it is a new (zigote) of the > forking process, which was already linked into allproc list. Also, > it seems that bzero part of the forking procedure was finished, but bcopy > was not yet. The p_pgrp cannot be a pointer, it is not yet initialized. > > There, we have at least one issue, since zigote is linked before the > p_pgrp is initialized, and the proctree/allproc locks are dropped. > As result, fork_findpid() accesses memory with undefined content. > > It seems that the least morbid solution is to slightly extend the scope > of the allproc lock in do_fork(), to prevent fork_findpid() from working > while we did not finished copying data from old to new process. Thanks. I'm currently testing the patch on three systems but it may take a while ... Fabian [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iEYEARECAAYFAlZxfp4ACgkQBYqIVf93VJ3IaQCbBDUU/tcTDciXRuFpUUoM8heq fEsAnRFnq5ztpJDJkIjOKAckqljFrV5x =EI03 -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20151216160917.2a6a51ba>