From owner-freebsd-current@FreeBSD.ORG Mon Jul 28 15:39:00 2003 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5ED5737B401; Mon, 28 Jul 2003 15:39:00 -0700 (PDT) Received: from obsecurity.dyndns.org (adsl-63-207-60-135.dsl.lsan03.pacbell.net [63.207.60.135]) by mx1.FreeBSD.org (Postfix) with ESMTP id 155B243FB1; Mon, 28 Jul 2003 15:38:58 -0700 (PDT) (envelope-from kris@obsecurity.org) Received: from rot13.obsecurity.org (rot13.obsecurity.org [10.0.0.5]) by obsecurity.dyndns.org (Postfix) with ESMTP id 7655066BE5; Mon, 28 Jul 2003 15:38:55 -0700 (PDT) Received: by rot13.obsecurity.org (Postfix, from userid 1000) id 6AB5CD81; Mon, 28 Jul 2003 15:38:55 -0700 (PDT) Date: Mon, 28 Jul 2003 15:38:55 -0700 From: Kris Kennaway To: Kris Kennaway Message-ID: <20030728223855.GA4834@rot13.obsecurity.org> References: <20030727233351.GB80934@rot13.obsecurity.org> <20030728215312.GA89925@rot13.obsecurity.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="qMm9M+Fa2AknHoGS" Content-Disposition: inline In-Reply-To: <20030728215312.GA89925@rot13.obsecurity.org> User-Agent: Mutt/1.4.1i cc: alc@FreeBSD.org cc: Robert Watson cc: current@FreeBSD.org Subject: Re: Another LOR with filedesc structure and Giant X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Jul 2003 22:39:00 -0000 --qMm9M+Fa2AknHoGS Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Jul 28, 2003 at 02:53:12PM -0700, Kris Kennaway wrote: > On Mon, Jul 28, 2003 at 11:09:55AM -0400, Robert Watson wrote: > >=20 > > On Sun, 27 Jul 2003, Kris Kennaway wrote: > >=20 > > > After upgrading last night, one of the package machines found this: > >=20 > > I've bumped into some similar problems -- it's a property of how we > > current lock select(). We hold the file descriptor lock for the durati= on > > of polling each object being "selected", and if any of those objects has > > to grab a lock for any reason, it has to implicitly fall after the file > > descriptor lock. I actually run into this in some of our MAC code, > > because I need to grab a vnode lock to authorize polling the vnode using > > VOP_POLL(), and since the vnode lock is a sleep lock, this generates a > > WITNESS warning. Unfortunately, it's not immediately clear what a bett= er > > locking scheme would look like without going overboard on the fine-grai= ned > > side. We probably need to grab Giant before entering the select code > > since it's highly likely something in there will require Giant -- it > > reaches down into VFS, the device stuff, socket code, tc. >=20 > Also >=20 > lock order reversal > 1st 0xc6a69634 filedesc structure (filedesc structure) @ /a/asami/portbu= ild/i386/src-client/sys/kern/sys_generic.c:1071 > 2nd 0xc04aa120 Giant (Giant) @ /a/asami/portbuild/i386/src-client/sys/fs= /specfs/spec_vnops.c:372 > Stack backtrace: > backtrace(c043d4af,c04aa120,c0439aa4,c0439aa4,c0434e3d) at backtrace+0x17 > witness_lock(c04aa120,8,c0434e3d,174,246) at witness_lock+0x672 > _mtx_lock_flags(c04aa120,0,c0434e3d,174,c043daba) at _mtx_lock_flags+0xba > spec_poll(d8dfcb44,d8dfcb64,c02d119c,d8dfcb44,c04939a0) at spec_poll+0x134 > spec_vnoperate(d8dfcb44,c04939a0,c52cfa44,41,c6cfd280) at spec_vnoperate+= 0x18 > vn_poll(c45dc880,41,c6cfd280,c5f7a4c0,c6cfd280) at vn_poll+0x3c > pollscan(c5f7a4c0,d8dfcbd4,2,3e7,10) at pollscan+0xb0 > poll(c5f7a4c0,d8dfcd10,c0455899,3ee,3) at poll+0x252 > syscall(2f,2f,2f,0,2) at syscall+0x273 > Xint0x80_syscall() at Xint0x80_syscall+0x1d #8 0xc0290ed7 in witness_lock (lock=3D0xc04aa120, flags=3D8, file=3D0xc0434e3d "/a/asami/portbuild/i386/src-client/sys/fs/specfs/spe= c_vnops.c", line=3D372) at /a/asami/portbuild/i386/src-client/sys/kern/subr_witness.c:838 #9 0xc0261f4a in _mtx_lock_flags (m=3D0x0, opts=3D0, file=3D0xc04d1818 "",= line=3D-1068850912) at /a/asami/portbuild/i386/src-client/sys/kern/kern_mutex.c:334 #10 0xc0231154 in spec_poll (ap=3D0xd8dfcb44) at /a/asami/portbuild/i386/src-client/sys/fs/specfs/spec_vnops.c:372 #11 0xc0230648 in spec_vnoperate (ap=3D0x0) at /a/asami/portbuild/i386/src-client/sys/fs/specfs/spec_vnops.c:122 #12 0xc02d119c in vn_poll (fp=3D0x0, events=3D0, active_cred=3D0xc6cfd280, = td=3D0x0) at vnode_if.h:537 #13 0xc0294c50 in pollscan (td=3D0xc5f7a4c0, fds=3D0xd8dfcbdc, nfd=3D2) at /a/asami/portbuild/i386/src-client/sys/sys/file.h:272 #14 0xc02948a2 in poll (td=3D0xc5f7a4c0, uap=3D0xd8dfcd10) at /a/asami/portbuild/i386/src-client/sys/kern/sys_generic.c:1001 #15 0xc03ef9b3 in syscall (frame=3D {tf_fs =3D 47, tf_es =3D 47, tf_ds =3D 47, tf_edi =3D 0, tf_esi =3D 2= , tf_ebp =3D -1077940448, tf_isp =3D -656421516, tf_ebx =3D 673224876, tf_e= dx =3D 139153408, tf_ecx =3D 137314336, tf_eax =3D 209, tf_trapno =3D 0, tf= _err =3D 2, tf_eip =3D 672942388, tf_cs =3D 31, tf_eflags =3D 659, tf_esp = =3D -1077940508, tf_ss =3D 47}) at /a/asami/portbuild/i386/src-client/sys/i386/i386/trap.c:1008 #16 0xc03dfbed in Xint0x80_syscall () at {standard input}:144 ---Can't read userspace from dump, or kernel process--- Kris --qMm9M+Fa2AknHoGS Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (FreeBSD) iD8DBQE/JaX/Wry0BWjoQKURAvcxAJoDh3XhWKiH0fb+ZQDTEFehkCRj7gCgme5C ChpzZWtWGAnEQUPGocZk/+0= =tvjV -----END PGP SIGNATURE----- --qMm9M+Fa2AknHoGS--