kernel panic on HEAD from Oct. 4th sources

Nicolas Thery nthery at gmail.com
Sun Oct 21 04:55:19 PDT 2007


2007/10/21, Peter Avalos <pavalos at theshell.com>:
[...]
> Got another from sources with your fix in it:
>
> Fatal trap 12: page fault while in kernel mode
> mp_lock = 00000000; cpuid = 0; lapic.id = 00000000
> fault virtual address   = 0xa00
> fault code              = supervisor read, page not present
> instruction pointer     = 0x8:0xc018cc02
[...]
> #7  0xc018cc02 in fill_kinfo_proc (p=0xe9297860, kp=0xe9106628) at /usr/src/sys/kern/kern_kinfo.c:87
> #8  0xc0193efd in sysctl_out_proc (p=0xe9297860, req=0xe9106bf4, flags=0) at /usr/src/sys/kern/kern_proc.c:653
> #9  0xc01948b6 in sysctl_kern_proc (oidp=0xc033d9e0, arg1=0x0, arg2=0, req=0xe9106bf4) at /usr/src/sys/kern/kern_proc.c:782

It looks like p_sigsagts == NULL.  Presumably, p_sigsagts could be tested for
NULL in fill_kinfo_proc() (as p_pgrp).

However, the problem may be higher up in the call stack.  sysctl_kern_proc()
contains two calls to sysctl_out_proc().  One is protected by PHOLD/PRELE, the
other isn't.  I reckon both calls should be protected to delay reaping until
sysctl() processing completes.

The following patch is UNTESTED as I don't know how to reproduce the original
problem.

Index: kern_proc.c
===================================================================
RCS file: /home/dcvs/src/sys/kern/kern_proc.c,v
retrieving revision 1.39
diff -u -5 -r1.39 kern_proc.c
--- kern_proc.c	12 Aug 2007 16:32:13 -0000	1.39
+++ kern_proc.c	21 Oct 2007 10:34:28 -0000
@@ -714,11 +714,13 @@
 		p = pfind((pid_t)name[0]);
 		if (!p)
 			return (0);
 		if (!PRISON_CHECK(cr1, p->p_ucred))
 			return (0);
+		PHOLD(p);
 		error = sysctl_out_proc(p, req, flags);
+		PRELE(p);
 		return (error);
 	}

 	if (!req->oldptr) {
 		/* overestimate by 5 procs */





More information about the Bugs mailing list