Date: Fri, 10 Apr 2026 07:53:48 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 293382] Dead lock and kernel crash around closefp_impl Message-ID: <bug-293382-227-WV14tRQNO6@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-293382-227@https.bugs.freebsd.org/bugzilla/>
index | next in thread | previous in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=293382 --- Comment #52 from Paul <devgs@ukr.net> --- (In reply to Konstantin Belousov from comment #50) Hi, Thanks for the patch. Though, could't help but also include the assert implied by Kyle. It should't hurt to have an extra check, I hope. This is the final patch that we've applied to the current HEAD: diff --git a/sys/kern/kern_event.c b/sys/kern/kern_event.c index 01731ca46b6b..38b67d81dff2 100644 --- a/sys/kern/kern_event.c +++ b/sys/kern/kern_event.c @@ -2037,8 +2037,13 @@ kqueue_expand(struct kqueue *kq, const struct filterops *fops, uintptr_t ident, to_free = list; } else { if (kq->kq_knlist != NULL) { - bcopy(kq->kq_knlist, list, - kq->kq_knlistsize * sizeof(*list)); + volatile char *src, *dst; + src = (void *)kq->kq_knlist; + dst = (void *)list; + for (size_t i = 0; + i < kq->kq_knlistsize * sizeof(*list); + i++) + dst[i] = src[i]; to_free = kq->kq_knlist; kq->kq_knlist = NULL; } @@ -2953,8 +2958,9 @@ knote_drop_detached(struct knote *kn, struct thread *td) else list = &kq->kq_knhash[KN_HASH(kn->kn_id, kq->kq_knhashmask)]; - if (!SLIST_EMPTY(list)) - SLIST_REMOVE(list, kn, knote, kn_link); + KASSERT(!SLIST_EMPTY(list), + ("knote %p is not on the list of %lu", kn, kn->kn_id)); + SLIST_REMOVE(list, kn, knote, kn_link); if (kn->kn_status & KN_QUEUED) knote_dequeue(kn); KQ_UNLOCK_FLUX(kq); -- You are receiving this mail because: You are the assignee for the bug.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-293382-227-WV14tRQNO6>