From owner-freebsd-stable@FreeBSD.ORG Fri Jun 23 16:04:01 2006 Return-Path: X-Original-To: freebsd-stable@freebsd.org Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CBB1816A47B; Fri, 23 Jun 2006 16:04:01 +0000 (UTC) (envelope-from gavin.atkinson@ury.york.ac.uk) Received: from mail-gw4.york.ac.uk (mail-gw4.york.ac.uk [144.32.128.249]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0324E43D46; Fri, 23 Jun 2006 16:04:00 +0000 (GMT) (envelope-from gavin.atkinson@ury.york.ac.uk) Received: from buffy.york.ac.uk (buffy-128.york.ac.uk [144.32.128.160]) by mail-gw4.york.ac.uk (8.13.6/8.13.6) with ESMTP id k5NG3vP5019491; Fri, 23 Jun 2006 17:03:57 +0100 (BST) Received: from buffy.york.ac.uk (localhost [127.0.0.1]) by buffy.york.ac.uk (8.13.6/8.13.6) with ESMTP id k5NG3rgu070878; Fri, 23 Jun 2006 17:03:57 +0100 (BST) (envelope-from gavin.atkinson@ury.york.ac.uk) Received: (from ga9@localhost) by buffy.york.ac.uk (8.13.6/8.13.6/Submit) id k5NG3rWF070877; Fri, 23 Jun 2006 17:03:53 +0100 (BST) (envelope-from gavin.atkinson@ury.york.ac.uk) X-Authentication-Warning: buffy.york.ac.uk: ga9 set sender to gavin.atkinson@ury.york.ac.uk using -f From: Gavin Atkinson To: Martin Blapp In-Reply-To: <20060623133915.S14714@godot.imp.ch> References: <20060621202508.S17514@godot.imp.ch> <20060621193941.Y8526@fledge.watson.org> <20060622205806.GA6542@FreeBSD.czest.pl> <20060622223630.V17514@godot.imp.ch> <1151056731.62769.2.camel@buffy.york.ac.uk> <20060623133915.S14714@godot.imp.ch> Content-Type: text/plain Content-Transfer-Encoding: 7bit Date: Fri, 23 Jun 2006 17:03:52 +0100 Message-Id: <1151078632.62769.30.camel@buffy.york.ac.uk> Mime-Version: 1.0 X-Mailer: Evolution 2.6.1 FreeBSD GNOME Team Port X-York-MailScanner: Found to be clean X-York-MailScanner-From: gavin.atkinson@ury.york.ac.uk Cc: Robert Watson , Patrick Guelat , "Wojciech A. Koszek" , freebsd-stable@freebsd.org Subject: Re: Crash with FreeBSD 6.1 STABLE of today X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Jun 2006 16:04:01 -0000 On Fri, 2006-06-23 at 13:46 +0200, Martin Blapp wrote: > Hi, > > Maybe this is the solution ? IMHO there is a race window > open between the first tp->t_session test and the locking > of the proc tree. I'm not sure if t_session is supposed to be protected by the proctree lock though. With an initial glance of the code, it would seem odd to be protected by the proctree lock, although I can't see any other locks Someone with more knowledge of this code will probably know the answer to this. There does seem to be a worrying comment above tty_close (which is the only place that t_session seems to be set to NULL): * XXX our caller should have done `spltty(); l_close(); tty_close();' * and l_close() should have flushed, but we repeat the spltty() and * the flush in case there are buggy callers. As I understand it, spltty() is now a no-op. Does this mean that this code is now essentially running without any locks that were used to serialise changes to struct tty in days gone by? Or is the whole tty subsystem still running under Giant? Gavin > > +++ src/sys/kern/tty.c > --- src/sys/kern/tty.c > > + sx_slock(&proctree_lock); > if (tp->t_session) { > - sx_slock(&proctree_lock); > if (tp->t_session->s_leader) { > struct proc *p; > > p = tp->t_session->s_leader; > PROC_LOCK(p); > psignal(p, SIGHUP); > PROC_UNLOCK(p); > } > - sx_sunlock(&proctree_lock); > } > + sx_sunlock(&proctree_lock);