David Malone <[EMAIL PROTECTED]> writes:
> > Please try the attached patch.  I make no claims of its correctness,
> > but this e-mail is coming to you via X on -current updated a few hours
> > ago so it works here :-).
> 
> I tried Dima's patch (the one which Alfred has committed) and I
> get an earlier mutex recursion panic, probably when a local progam
> that uses shm forks and exits. I scribbled down this trace from
> it:

Is there such a program in the base system?

> panic+0x70
> _mtx_assert+0x67
> lockmgr+0xdc
> vm_map_remove+0x42
> shm_delete_mapping+0xe1
> shmexit_myhook+0x29
> exit1+0x9eb
> exit1
> 
> So it looks like those routines are sometime called with the mutex
> already held.

exit1 calls shmexit with vm_mtx held on line 228 of kern_exit.c
(rev. 1.127).  Actually, shmexit_myhook should always be called with
vm_mtx held, so shm_delete_mapping can't assume it isn't held.

Attached is an untested patch to try to fix this.  It's almost 02:00
here and I have to head to bed, but it may work for you.  At least it
may be a starting point for someone.

Hope this helps,

                                        Dima Dorfman
                                        [EMAIL PROTECTED]


Index: sysv_shm.c
===================================================================
RCS file: /stl/src/FreeBSD/src/sys/kern/sysv_shm.c,v
retrieving revision 1.56
diff -u -r1.56 sysv_shm.c
--- sysv_shm.c  2001/05/19 01:28:03     1.56
+++ sysv_shm.c  2001/05/21 08:41:29
@@ -200,6 +206,8 @@
        int segnum, result;
        size_t size;
 
+       /* for vm_map_remove */
+       mtx_assert(&vm_mtx, MA_OWNED);
        segnum = IPCID_TO_IX(shmmap_s->shmid);
        shmseg = &shmsegs[segnum];
        size = round_page(shmseg->shm_segsz);
@@ -229,6 +237,7 @@
 {
        struct shmmap_state *shmmap_s;
        int i;
+       int error;
 
        if (!jail_sysvipc_allowed && jailed(p->p_ucred))
                return (ENOSYS);
@@ -242,7 +251,10 @@
                        break;
        if (i == shminfo.shmseg)
                return EINVAL;
-       return shm_delete_mapping(p, shmmap_s);
+       mtx_lock(&vm_mtx);
+       error = shm_delete_mapping(p, shmmap_s);
+       mtx_unlock(&vm_mtx);
+       return error;
 }
 
 #ifndef _SYS_SYSPROTO_H_
@@ -659,6 +671,8 @@
        struct shmmap_state *shmmap_s;
        int i;
 
+       /* shm_delete_mappings requires this */
+       mtx_assert(&vm_mtx, MA_OWNED);
        shmmap_s = (struct shmmap_state *)p->p_vmspace->vm_shm;
        for (i = 0; i < shminfo.shmseg; i++, shmmap_s++)
                if (shmmap_s->shmid != -1)

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message

Reply via email to