DragonFly kernel List (threaded) for 2004-04
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]

Re: trap with a kernel supped/built yesterday ...

From:	Matthew Dillon <dillon@xxxxxxxxxxxxxxxxxxxx>
Date:	Tue, 20 Apr 2004 13:24:39 -0700 (PDT)

:Crashed pretty hard, still fscking filesystems ... once it comes up I should
:have a dump file ...
:
:--- trap 0x9, eip = 0xc039fd68, esp = 0xdabd69b8, ebp = 0xdabd69c0 ---
:lldt(dabd6da0,c01dc949,c0484a80,0,d5783180) at lldt
:cpu_heavy_restore(c0484a80,20,c0484a80,0,dabd6a48) at cpu_heavy_restore+0xbe
:cpu_intr_preempt(c0484a80,20,c02fb58f,d6d5e5a0,c04a3634) at cpu_intr_preempt+0x3e
:lwkt_schedule(c0484a80,10,7,dabd6a84,c039462a) at lwkt_schedule+0x273
:sched_ithd(b,0,ff800000,200297,c01dc9ae) at sched_ithd+0x3c
:splz_intr(c0487400,db107ee8,18,ff8003f4) at splz_intr+0x2a
:free(db107ee8,c0444d00,4000,d5783180,dabd6da0) at free+0x301
:user_ldt_free(dabd6da0,dabd6ae0,d7517360,d7517360,d48f5aa0) at user_ldt_free+0x7b
:...

    I don't think I need the dump file, the traceback has sufficient 
    information.  its a sequencing bug... it's freeing the LDT structure 
    before NULLing out pcb_ldt and an interrupt happened to preempt the
    current process at just the wrong time and tried to restore the (now
    dead) ldt when it returned back to the process.

    Please try this patch.  You don't have to try to reproduce the bug,
    it would be very difficult to reproduce, but please run the program
    (the one that crashed above) that is using a custom LDT to make sure
    that I haven't blown up anything with the patch.

							-Matt

Index: i386/i386/sys_machdep.c
===================================================================
RCS file: /cvs/src/sys/i386/i386/sys_machdep.c,v
retrieving revision 1.13
diff -u -r1.13 sys_machdep.c
--- i386/i386/sys_machdep.c	30 Mar 2004 19:14:04 -0000	1.13
+++ i386/i386/sys_machdep.c	20 Apr 2004 20:21:07 -0000
@@ -296,17 +296,19 @@
 	if (pcb_ldt == NULL)
 		return;
 
+	crit_enter();
 	if (pcb == curthread->td_pcb) {
 		lldt(_default_ldt);
 		mdcpu->gd_currentldt = _default_ldt;
 	}
+	pcb->pcb_ldt = NULL;
+	crit_exit();
 
 	if (--pcb_ldt->ldt_refcnt == 0) {
 		kmem_free(kernel_map, (vm_offset_t)pcb_ldt->ldt_base,
 			pcb_ldt->ldt_len * sizeof(union descriptor));
 		FREE(pcb_ldt, M_SUBPROC);
 	}
-	pcb->pcb_ldt = NULL;
 }
 
 static int

References:
- trap with a kernel supped/built yesterday ...
  - From: Andrew Atrens

[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]