Date: Thu, 10 May 2001 08:52:20 -0700 (PDT) From: John Baldwin <john@baldwin.cx> To: Dima Dorfman <dima@unixfreak.org> Cc: Dag-Erling Smorgrav <des@ofug.org>, freebsd-current@FreeBSD.org, Kris Kennaway <kris@obsecurity.org>, Robert Watson <rwatson@FreeBSD.org>, John Baldwin <jhb@FreeBSD.org> Subject: Re: pgm to kill 4.3 via vm Message-ID: <XFMail.010510085220.john@baldwin.cx> In-Reply-To: <20010509235953.B15453E0B@bazooka.unixfreak.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 09-May-01 Dima Dorfman wrote: > [ -stable dropped from cc list ] > > John Baldwin <jhb@FreeBSD.org> writes: >> >> On 09-May-01 Robert Watson wrote: >> > >> > On Tue, 8 May 2001, John Baldwin wrote: >> > >> >> That's easy enough. Well, it used to be at least. You can use 'ps' to >> >> find the address of the struct proc (first pointer in the display) and >> >> then do 'call psignal(addr, 9)' to send SIGKILL to the process. Then >> >> hit 'c' to continue and voila, the process dies. I think that may panic >> >> now due to proc lock not being held (though the debugger shouldn't need >> >> any locks in theory.) Perhaps mtx_assert() should honor db_active and >> >> not panic if it is set. >> > >> > I followed everything here fine until you asserted that the debugger >> > shouldn't need any locks. I guess I don't see why that is, at least in >> > terms of not corrupting structures. From a practical perspective, the >> > debugger is like any other interupt-driven preemptive code-path: if you >> > want to modify a structure, you need to synchronize appropriately to avoid >> > corrupting the structure. This may not be something you really want to do >> > in a debugger, so in that sense perhaps you *shouldn't* grab a lock in the >> > debugger, but to perform the described action safely, you *should* grab a >> > lock so as not to corrupt fields of the proc structure (i.e., if you broke >> > into the debugger during a non-atomic flags update). Violating system >> > invariants is something you should be allowed to do in a debugger, but >> > this sounded like it was a feature people were looking from to recover >> > from unhappy behavior, not to introduce it :-). >> >> I am more worried about the fact that you can deadlock the debugger. >> What does the debugger do if another process hold the proc lock on >> the process you want to kill? Cute, eh? The debugger is an extra >> special environment. Most of the time you've panic'ed when you are >> in there (but then the panicstr tests that skip lock operations save >> you from that). Also, in the debugger you know that no other >> threads are running. This is why 'show pcpu' can list spin locks on >> other cpu's safely, for example. I'm not sure if a ddb 'kill' >> command shouldn't be better implemented using a 'trylock' and >> refusing to send the signal if it can't get the lock so it can avoid >> doing really bad things. I suppose it wouldn't deadlock but would > > I think this makes sense. How should this be implemented, though? > pfind() locks the process before returning (as you well know). Not > using pfind() will work, but that breaks the abstraction. Is that > something to worry about? There's also no PROC_TRYLOCK macro, but > that's not hard to fix. For the per-process tracing I didn't use pfind but just walked the allproc list myself. Using that in combo with a trylock might be your best bet. -- John Baldwin <john@baldwin.cx> -- http://www.FreeBSD.org/~jhb/ PGP Key: http://www.baldwin.cx/~john/pgpkey.asc "Power Users Use the Power to Serve!" - http://www.FreeBSD.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?XFMail.010510085220.john>