Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 28 Jun 2002 12:17:27 -0500 (CDT)
From:      Jonathan Lemon <jlemon@flugsvamp.com>
To:        don@sandvine.com, stable@freebsd.org
Subject:   Re: panic in 4.6 with knote_enqueue from kill
Message-ID:  <200206281717.g5SHHRw86464@prism.flugsvamp.com>
In-Reply-To: <local.mail.freebsd-stable/FE045D4D9F7AED4CBFF1B3B813C8533767660F@mail.sandvine.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

In article <local.mail.freebsd-stable/FE045D4D9F7AED4CBFF1B3B813C8533767660F@mail.sandvine.com> you write:
>I have a system panic occuring with FreeBSD 4.6. The stack trace is below...
>
>Debugger(c032d70a) at Debugger+0x34
>panic(c032bf57,e0f37000,800001e,e0f35ee4,c01ba339) at panic+0xa4
>knote_enqueue(e0f37000) at knote_enqueue+0x22
>knote(db433820,800001e) at knote+0x35
>psignal(db433700,1e,2,db433700,e0f35f80) at psignal+0x49
>kill(db433700,e0f35f80,281f8944,81a9000,818467c) at kill+0x7b
>syscall2(2821002f,281f002f,80f002f,818467c,81a9000) at syscall2+0x23d
>Xint0x80_syscall() at Xint0x80_syscall+0x2b

The assumption made when calling knote() is that we are already at the
correct spl level associated with a particular knote list, so no locking
should be required.  It appears that this isn't true for psignal(), it
can be called either from a syscall, or from an interrupt.

My guess is that in the call chain above, after checking the kn_status
in KNOTE_ACTIVATE(), but before reaching splhigh() in knote_enqueue, an
interrupt occurs which causes psignal() to be called again, and queues
the knote for retrieval.  This causes the assertion to be triggered.

Try the patch below. 
-- 
Jonathan

Index: kern_sig.c
===================================================================
RCS file: /ncvs/src/sys/kern/kern_sig.c,v
retrieving revision 1.72.2.14
diff -u -r1.72.2.14 kern_sig.c
--- kern_sig.c	14 Dec 2001 03:05:32 -0000	1.72.2.14
+++ kern_sig.c	28 Jun 2002 17:23:59 -0000
@@ -1011,7 +1011,9 @@
 		panic("psignal signal number");
 	}
 
+	s = splhigh();
 	KNOTE(&p->p_klist, NOTE_SIGNAL | sig);
+	splx(s);
 
 	prop = sigprop(sig);
 

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200206281717.g5SHHRw86464>