[issue1996] panic: assertion: p->p_lock == 0 in kern_wait

Venkatesh Srinivas (via DragonFly issue tracker) sinknull at leaf.dragonflybsd.org
Sun Jun 5 22:34:11 PDT 2011


Venkatesh Srinivas <vsrinivas at dragonflybsd.org> added the comment:

Hi,

I just saw a patch, 49aa3df0ca3e226c0a0d7097863a2426ee6fd534, go in to fix this
issue; it adds:


+
+                       /*
+                        * Temporary refs may still have been acquired while
+                        * we removed the process, make sure they are all
+                        * gone before kfree()ing.  Now that the process has
+                        * been removed from all lists and all references to
+                        * it have gone away, no new refs can occur.
+                        */
+                       while (p->p_lock)
+                               tsleep(p, 0, "reap4", hz);
                        kfree(p, M_PROC);

First, is anything required to ensure that p->p_lock is really loaded each loop
iteration? Is the compiler allowed to optimize away the load after the first loop?

Second, I don't understand how this is safe; the problem here is that another
code path obtained a reference to this process and was using it when the kfree()
happened. What prevents this?

A                                   B
. ..
vm_waitproc(p)

while(p->p_lock)
   tsleep(...)
                                    /* get reference to process */
                                    PHOLD(p)
kfree(p)
                                    /* HEY! */

Thanks,
-- vs

_____________________________________________________
DragonFly issue tracker <bugs at lists.dragonflybsd.org>
<http://bugs.dragonflybsd.org/issue1996>
_____________________________________________________






More information about the Bugs mailing list