On Feb 11, 2008 9:32 AM, Frank Batschulat (Home) <[EMAIL PROTECTED]> wrote: > On Wed, 30 Jan 2008 20:44:34 +0100, Jeffrey Hutzelman <[EMAIL PROTECTED]> > wrote: > > > --On Wednesday, January 30, 2008 06:14:02 PM +1100 Mike Battersby > > <[EMAIL PROTECTED]> wrote: > > > >> 1. SSYS process exiting considered harmful > >> > >> The first problem is that setting process flag SSYS on a process that > >> exits, as the afs_osi_Invisible routine on Solaris 10 does, causes the > >> system not to clean up the contract state of the process. This leaves > >> a dangling kernel-memory pointer in the contract table which used to > >> point to the process struct. > >> > >> Any user can corrupt kernel memory and cause a panic with the 'ctstat' > >> command and the system cannot shut down without either panicing or > >> going into an infinite loop as svc.startd repeatedly tries to kill the > >> non-existent process. > >> > >> I really don't know why the code would set SSYS on a userland process > >> that's about to exit in the first place. Can anyone shed any light? > > > > Threads that call afs_osi_Invisible are not about to exit; they're about to > > become long-lived AFS kernel threads. Setting SSYS is correct; we just > > Actually it is not appropriate for an arbitrary thread/proc to set SSYS. > > Only system processes [they exist only in kernel, i,e p_as is set to kas] > created with newproc() are eligible for SSYS, and that happens automatically > in newproc().
This is a system process, just not one created by newproc(). Presumably we need to do something analogous to the linux kernel_thread code, calling newproc. _______________________________________________ OpenAFS-devel mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-devel
