trap with a kernel supped/built yesterday ...
Matthew Dillon
dillon at apollo.backplane.com
Tue Apr 20 13:26:33 PDT 2004
:Crashed pretty hard, still fscking filesystems ... once it comes up I should
:have a dump file ...
:
:--- trap 0x9, eip = 0xc039fd68, esp = 0xdabd69b8, ebp = 0xdabd69c0 ---
:lldt(dabd6da0,c01dc949,c0484a80,0,d5783180) at lldt
:cpu_heavy_restore(c0484a80,20,c0484a80,0,dabd6a48) at cpu_heavy_restore+0xbe
:cpu_intr_preempt(c0484a80,20,c02fb58f,d6d5e5a0,c04a3634) at cpu_intr_preempt+0x3e
:lwkt_schedule(c0484a80,10,7,dabd6a84,c039462a) at lwkt_schedule+0x273
:sched_ithd(b,0,ff800000,200297,c01dc9ae) at sched_ithd+0x3c
:splz_intr(c0487400,db107ee8,18,ff8003f4) at splz_intr+0x2a
:free(db107ee8,c0444d00,4000,d5783180,dabd6da0) at free+0x301
:user_ldt_free(dabd6da0,dabd6ae0,d7517360,d7517360,d48f5aa0) at user_ldt_free+0x7b
:...
I don't think I need the dump file, the traceback has sufficient
information. its a sequencing bug... it's freeing the LDT structure
before NULLing out pcb_ldt and an interrupt happened to preempt the
current process at just the wrong time and tried to restore the (now
dead) ldt when it returned back to the process.
Please try this patch. You don't have to try to reproduce the bug,
it would be very difficult to reproduce, but please run the program
(the one that crashed above) that is using a custom LDT to make sure
that I haven't blown up anything with the patch.
-Matt
Index: i386/i386/sys_machdep.c
===================================================================
RCS file: /cvs/src/sys/i386/i386/sys_machdep.c,v
retrieving revision 1.13
diff -u -r1.13 sys_machdep.c
--- i386/i386/sys_machdep.c 30 Mar 2004 19:14:04 -0000 1.13
+++ i386/i386/sys_machdep.c 20 Apr 2004 20:21:07 -0000
@@ -296,17 +296,19 @@
if (pcb_ldt == NULL)
return;
+ crit_enter();
if (pcb == curthread->td_pcb) {
lldt(_default_ldt);
mdcpu->gd_currentldt = _default_ldt;
}
+ pcb->pcb_ldt = NULL;
+ crit_exit();
if (--pcb_ldt->ldt_refcnt == 0) {
kmem_free(kernel_map, (vm_offset_t)pcb_ldt->ldt_base,
pcb_ldt->ldt_len * sizeof(union descriptor));
FREE(pcb_ldt, M_SUBPROC);
}
- pcb->pcb_ldt = NULL;
}
static int
More information about the Kernel
mailing list