Date: Mon, 19 Feb 2018 00:54:09 +0000 (UTC) From: Mateusz Guzik <mjg@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r329542 - head/sys/kern Message-ID: <201802190054.w1J0s9gd000151@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: mjg Date: Mon Feb 19 00:54:08 2018 New Revision: 329542 URL: https://svnweb.freebsd.org/changeset/base/329542 Log: Fix process exit vs reap race introduced in r329449 The race manifested itself mostly in terms of crashes with "spin lock held too long". Relevant parts of respective code paths: exit: reap: PROC_LOCK(p); PROC_SLOCK(p); p->p_state == PRS_ZOMBIE PROC_UNLOCK(p); PROC_LOCK(p); /* exit work */ if (p->p_state == PRS_ZOMBIE) /* true */ proc_reap() free proc /* more exit work */ PROC_SUNLOCK(p); Thus a still exiting process is reaped. Prior to the change the zombie check was followed by slock/sunlock trip which prevented the problem. Even code prior to this commit has a bug: the proc is still accessed for statistic collection purposes. However, the severity is rather small and the bug may be fixed in a future commit. Reported by: many Tested by: allanjude Modified: head/sys/kern/kern_exit.c Modified: head/sys/kern/kern_exit.c ============================================================================== --- head/sys/kern/kern_exit.c Mon Feb 19 00:47:03 2018 (r329541) +++ head/sys/kern/kern_exit.c Mon Feb 19 00:54:08 2018 (r329542) @@ -819,6 +819,8 @@ proc_reap(struct thread *td, struct proc *p, int *stat PROC_LOCK_ASSERT(p, MA_OWNED); KASSERT(p->p_state == PRS_ZOMBIE, ("proc_reap: !PRS_ZOMBIE")); + mtx_spin_wait_unlocked(&p->p_slock); + q = td->td_proc; if (status)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201802190054.w1J0s9gd000151>