DragonFly BSD
DragonFly bugs List (threaded) for 2011-06
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]

[issue1996] panic: assertion: p->p_lock == 0 in kern_wait


From: "Venkatesh Srinivas \(via DragonFly issue tracker\)" <sinknull@xxxxxxxxxxxxxxxxxxxxx>
Date: Mon, 06 Jun 2011 05:33:02 +0000

Venkatesh Srinivas <vsrinivas@dragonflybsd.org> added the comment:

Hi,

I just saw a patch, 49aa3df0ca3e226c0a0d7097863a2426ee6fd534, go in to fix this
issue; it adds:


+
+                       /*
+                        * Temporary refs may still have been acquired while
+                        * we removed the process, make sure they are all
+                        * gone before kfree()ing.  Now that the process has
+                        * been removed from all lists and all references to
+                        * it have gone away, no new refs can occur.
+                        */
+                       while (p->p_lock)
+                               tsleep(p, 0, "reap4", hz);
                        kfree(p, M_PROC);

First, is anything required to ensure that p->p_lock is really loaded each loop
iteration? Is the compiler allowed to optimize away the load after the first loop?

Second, I don't understand how this is safe; the problem here is that another
code path obtained a reference to this process and was using it when the kfree()
happened. What prevents this?

A                                   B
. ..
vm_waitproc(p)

while(p->p_lock)
   tsleep(...)
                                    /* get reference to process */
                                    PHOLD(p)
kfree(p)
                                    /* HEY! */

Thanks,
-- vs

_____________________________________________________
DragonFly issue tracker <bugs@lists.dragonflybsd.org>
<http://bugs.dragonflybsd.org/issue1996>
_____________________________________________________




[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]