[Bug 200958] filemon has insufficient proc locking

Thu, 18 Jun 2015 14:25:20 -0700 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=200958

            Bug ID: 200958
           Summary: filemon has insufficient proc locking
           Product: Base System
           Version: 11.0-CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: freebsd-bugs@FreeBSD.org
          Reporter: pe...@freebsd.org

sys/dev/filemon_wrapper.c:filemon_pid_check() walks the curproc->p_pptr chain
without the required proc locking.

proc.h:
 *      c - locked by proc mtx
..
 *      e - locked by proctree_lock lock
.. 
 * If the locking key specifies two identifiers (for example, p_pptr) then
 * either lock is sufficient for read access, but both locks must be held
 * for write access.
..
        struct proc     *p_pptr;        /* (c + e) Pointer to parent process.
*/

The p_pptr scanner in filemon_pid_check() probably needs to hold a read rwlock
of proctree_lock.

This normally works fine, except when ptrace is involved.  With ptrace actively
reparenting things it can end up where it sits in an infinite loop in
filemon_pid_check().

Tracing pid 97757 tid 100728 td 0xfffff8012938a980
kdb_alt_break_internal() at kdb_alt_break_internal+0x197/frame
0xfffffe085fac7730
kdb_alt_break() at kdb_alt_break+0xb/frame 0xfffffe085fac7740
uart_intr_rxready() at uart_intr_rxready+0x99/frame 0xfffffe085fac7770
uart_intr() at uart_intr+0x111/frame 0xfffffe085fac77b0
intr_event_handle() at intr_event_handle+0x9b/frame 0xfffffe085fac7800
intr_execute_handlers() at intr_execute_handlers+0x48/frame 0xfffffe085fac7830
lapic_handle_intr() at lapic_handle_intr+0x3f/frame 0xfffffe085fac7850
Xapic_isr1() at Xapic_isr1+0xba/frame 0xfffffe085fac7850
--- interrupt, rip = 0xffffffff805244ed, rsp = 0xfffffe085fac7910, rbp =
0xfffffe085fac7990 ---
filemon_wrapper_freebsd32_stat() at filemon_wrapper_freebsd32_stat+0x6d/frame
0xfffffe085fac7990
ia32_syscall() at ia32_syscall+0x41b/frame 0xfffffe085fac7ab0
Xint0x80_syscall() at Xint0x80_syscall+0x95/frame 0xfffffe085fac7ab0
--- syscall (188, FreeBSD ELF32, filemon_wrapper_freebsd32_stat), rip =
0x284aa6d7, rsp = 0xffff987c, rbp = 0xffff9918 ---

In this case, it is looping infinitely in filemon_pid_check() and the process
in question is gdb from the gdb test suite.

On the ref* machines we ended up with 8 gdb processes all consuming 100% cpu in
this function.

-- 
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
freebsd-bugs@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"

Reply via email to