[issue1996] panic: assertion: p->p_lock == 0 in kern_wait
Venkatesh Srinivas (via DragonFly issue tracker)
sinknull at leaf.dragonflybsd.org
Sun Jun 5 22:34:11 PDT 2011
Venkatesh Srinivas <vsrinivas at dragonflybsd.org> added the comment:
Hi,
I just saw a patch, 49aa3df0ca3e226c0a0d7097863a2426ee6fd534, go in to fix this
issue; it adds:
+
+ /*
+ * Temporary refs may still have been acquired while
+ * we removed the process, make sure they are all
+ * gone before kfree()ing. Now that the process has
+ * been removed from all lists and all references to
+ * it have gone away, no new refs can occur.
+ */
+ while (p->p_lock)
+ tsleep(p, 0, "reap4", hz);
kfree(p, M_PROC);
First, is anything required to ensure that p->p_lock is really loaded each loop
iteration? Is the compiler allowed to optimize away the load after the first loop?
Second, I don't understand how this is safe; the problem here is that another
code path obtained a reference to this process and was using it when the kfree()
happened. What prevents this?
A B
. ..
vm_waitproc(p)
while(p->p_lock)
tsleep(...)
/* get reference to process */
PHOLD(p)
kfree(p)
/* HEY! */
Thanks,
-- vs
_____________________________________________________
DragonFly issue tracker <bugs at lists.dragonflybsd.org>
<http://bugs.dragonflybsd.org/issue1996>
_____________________________________________________
More information about the Bugs
mailing list