trap with a kernel supped/built yesterday ...

Matthew Dillon dillon at apollo.backplane.com
Tue Apr 20 13:26:33 PDT 2004


:Crashed pretty hard, still fscking filesystems ... once it comes up I should
:have a dump file ...
:
:--- trap 0x9, eip = 0xc039fd68, esp = 0xdabd69b8, ebp = 0xdabd69c0 ---
:lldt(dabd6da0,c01dc949,c0484a80,0,d5783180) at lldt
:cpu_heavy_restore(c0484a80,20,c0484a80,0,dabd6a48) at cpu_heavy_restore+0xbe
:cpu_intr_preempt(c0484a80,20,c02fb58f,d6d5e5a0,c04a3634) at cpu_intr_preempt+0x3e
:lwkt_schedule(c0484a80,10,7,dabd6a84,c039462a) at lwkt_schedule+0x273
:sched_ithd(b,0,ff800000,200297,c01dc9ae) at sched_ithd+0x3c
:splz_intr(c0487400,db107ee8,18,ff8003f4) at splz_intr+0x2a
:free(db107ee8,c0444d00,4000,d5783180,dabd6da0) at free+0x301
:user_ldt_free(dabd6da0,dabd6ae0,d7517360,d7517360,d48f5aa0) at user_ldt_free+0x7b
:...

    I don't think I need the dump file, the traceback has sufficient 
    information.  its a sequencing bug... it's freeing the LDT structure 
    before NULLing out pcb_ldt and an interrupt happened to preempt the
    current process at just the wrong time and tried to restore the (now
    dead) ldt when it returned back to the process.

    Please try this patch.  You don't have to try to reproduce the bug,
    it would be very difficult to reproduce, but please run the program
    (the one that crashed above) that is using a custom LDT to make sure
    that I haven't blown up anything with the patch.

							-Matt

Index: i386/i386/sys_machdep.c
===================================================================
RCS file: /cvs/src/sys/i386/i386/sys_machdep.c,v
retrieving revision 1.13
diff -u -r1.13 sys_machdep.c
--- i386/i386/sys_machdep.c	30 Mar 2004 19:14:04 -0000	1.13
+++ i386/i386/sys_machdep.c	20 Apr 2004 20:21:07 -0000
@@ -296,17 +296,19 @@
 	if (pcb_ldt == NULL)
 		return;
 
+	crit_enter();
 	if (pcb == curthread->td_pcb) {
 		lldt(_default_ldt);
 		mdcpu->gd_currentldt = _default_ldt;
 	}
+	pcb->pcb_ldt = NULL;
+	crit_exit();
 
 	if (--pcb_ldt->ldt_refcnt == 0) {
 		kmem_free(kernel_map, (vm_offset_t)pcb_ldt->ldt_base,
 			pcb_ldt->ldt_len * sizeof(union descriptor));
 		FREE(pcb_ldt, M_SUBPROC);
 	}
-	pcb->pcb_ldt = NULL;
 }
 
 static int





More information about the Kernel mailing list