1
0
mirror of https://git.FreeBSD.org/src.git synced 2025-01-13 14:40:22 +00:00
freebsd/sys/kern
Konstantin Belousov e2e1693f15 Destruction of the pipe calls knlist_cleardel() to remove the knotes
monitoring the pipe. The code sets pipe_present = 0 and enters
knlist_cleardel(), where the PIPE_MTX might be dropped when knl->kl_list
cannot be cleared due to influx knotes.

If the following often encountered code fragment
                if (!(kn->kn_status & KN_DETACHED))
                        kn->kn_fop->f_detach(kn);
                knote_drop(kn, td); [1]
is executed while the knlist lock is dropped, then the knote memory is freed
by the knote_drop() without knote being removed from the knlist, since
the filt_pipedetach() contains the following:
        if (kn->kn_filter == EVFILT_WRITE) {
                if (!cpipe->pipe_peer->pipe_present) {
                        PIPE_UNLOCK(cpipe);
                        return;

Now, the memory may be reused in the zone, causing the access to the
freed memory. I got the panics caused by the marker knote appearing on
the knlist, that, I believe, manifestation of the issue. In the Peter
Holm test scenarious, we got unkillable processes too.

The pipe_peer that has the knote for write shall be present. Ignore the
pipe_present value for EVFILT_WRITE in filt_pipedetach().

Debugging help and tested by:	pho
Discussed with:	jmg
MFC after:	2 weeks
2008-05-23 11:09:50 +00:00
..
bus_if.m Implement a BUS_BIND_INTR() method in the bus interface to bind an IRQ 2008-03-20 21:24:32 +00:00
clock_if.m
cpufreq_if.m
device_if.m
genassym.sh refactor code so it can run in a chroot without having to have /dev/mounted 2008-01-18 17:02:14 +00:00
imgact_aout.c VOP_LOCK1() (and so VOP_LOCK()) and VOP_UNLOCK() are only used in 2008-01-13 14:44:15 +00:00
imgact_elf32.c
imgact_elf64.c
imgact_elf.c Go back to using the process command name (p_comm) for the file name and 2008-05-15 03:07:34 +00:00
imgact_gzip.c VOP_LOCK1() (and so VOP_LOCK()) and VOP_UNLOCK() are only used in 2008-01-13 14:44:15 +00:00
imgact_shell.c
inflate.c
init_main.c In keeping with style(9)'s recommendations on macros, use a ';' 2008-03-16 10:58:09 +00:00
init_sysent.c Add code to allow the system to handle multiple routing tables. 2008-05-09 23:03:00 +00:00
kern_acct.c VOP_LOCK1() (and so VOP_LOCK()) and VOP_UNLOCK() are only used in 2008-01-13 14:44:15 +00:00
kern_alq.c In keeping with style(9)'s recommendations on macros, use a ';' 2008-03-16 10:58:09 +00:00
kern_clock.c Implement per-cpu callout threads, wheels, and locks. 2008-04-02 11:20:30 +00:00
kern_condvar.c - Pass the priority argument from *sleep() into sleepq and down into 2008-03-12 06:31:06 +00:00
kern_conf.c Implement the per-open file data for the cdev. 2008-05-21 09:31:44 +00:00
kern_context.c
kern_cpu.c Fix a few edge cases with error handling in cpufreq(4)'s CPUFREQ_GET() 2008-05-05 19:13:52 +00:00
kern_cpuset.c - Add the interrupt vector number to intr_event_create so MI code can 2008-04-11 03:26:41 +00:00
kern_ctf.c Add the CTF source file which gets shared with link_elf.c and link_elf_obj.c. 2008-05-23 03:04:27 +00:00
kern_descrip.c Implement the per-open file data for the cdev. 2008-05-21 09:31:44 +00:00
kern_dtrace.c Add support for the DTrace struct proc and struct thread extended 2008-05-18 19:43:52 +00:00
kern_environment.c
kern_event.c Kqueue_scan() may sleep when encountered the influx knotes. On the other 2008-05-10 11:37:05 +00:00
kern_exec.c Implement the fexecve(2) syscall. 2008-03-31 12:05:52 +00:00
kern_exit.c In abort2(2): Accept a NULL arg pointer if nargs == 0 2008-03-22 16:32:52 +00:00
kern_fork.c Fix the leak of the vmspace on the fork when the process limits 2008-03-20 15:24:49 +00:00
kern_idle.c In keeping with style(9)'s recommendations on macros, use a ';' 2008-03-16 10:58:09 +00:00
kern_intr.c - Make SCHED_STATS more generic by adding a wrapper to create the 2008-04-17 04:20:10 +00:00
kern_jail.c Instead of rolling our own jail number allocation procedure, use 2008-04-11 21:31:15 +00:00
kern_kthread.c Document the kproc_kthread_add() call 2008-04-29 22:43:15 +00:00
kern_ktr.c
kern_ktrace.c This patch adds a new ktrace(2) record type, KTR_STRUCT, whose payload 2008-02-23 01:01:49 +00:00
kern_linker.c Add the ctf_get function and update the args to linker_file_function_listall. 2008-05-23 07:08:59 +00:00
kern_lock.c Use a "rel" memory barrier for disowning the lock as it cames from an 2008-04-13 01:21:56 +00:00
kern_lockf.c When blocking on an F_FLOCK style lock request which is upgrading a 2008-05-09 10:34:23 +00:00
kern_malloc.c Add support for the DTrace malloc provider which can enable probes 2008-05-23 00:43:36 +00:00
kern_mbuf.c Reintroduce UMA_SLAB_KMAP; however, change its spelling to 2008-04-04 18:41:12 +00:00
kern_mib.c Make sysctl_kern_arnd return a random buffer instead of a random long, 2008-02-17 16:44:48 +00:00
kern_module.c In keeping with style(9)'s recommendations on macros, use a ';' 2008-03-16 10:58:09 +00:00
kern_mtxpool.c
kern_mutex.c Add KASSERT()'s to catch attempts to recurse on spin mutexes that aren't 2008-02-13 23:39:05 +00:00
kern_ntptime.c In keeping with style(9)'s recommendations on macros, use a ';' 2008-03-16 10:58:09 +00:00
kern_physio.c
kern_pmc.c Kernel and hwpmc(4) support for callchain capture. 2007-12-07 08:20:17 +00:00
kern_poll.c In keeping with style(9)'s recommendations on macros, use a ';' 2008-03-16 10:58:09 +00:00
kern_priv.c Add __FBSDID() tag. 2008-03-07 15:27:08 +00:00
kern_proc.c - Relax requirements for p_numthreads, p_threads, p_swtick, and p_nice from 2008-03-19 06:19:01 +00:00
kern_prot.c
kern_resource.c Remove extra uihold() call that accidentally sneak in during perforce 2008-03-19 07:52:07 +00:00
kern_rmlock.c Expand lock class with the "virtual" function lc_assert which will offer 2007-11-18 14:43:53 +00:00
kern_rwlock.c - Add sysctls at debug.rwlock to control the behavior of the speculative 2008-04-04 10:00:46 +00:00
kern_sdt.c Add kernel support for the Statically Defined Trace provider. 2008-05-18 19:32:36 +00:00
kern_sema.c
kern_shutdown.c In keeping with style(9)'s recommendations on macros, use a ';' 2008-03-16 10:58:09 +00:00
kern_sig.c - Add a new td flag TDF_NEEDSUSPCHK that is set whenever a thread needs 2008-03-21 08:23:25 +00:00
kern_subr.c - Make SCHED_STATS more generic by adding a wrapper to create the 2008-04-17 04:20:10 +00:00
kern_switch.c fix typo in runz_fuzz 2008-05-12 06:42:06 +00:00
kern_sx.c - Embed the recursion counter for any locking primitive directly in the 2008-05-15 20:10:06 +00:00
kern_synch.c - Make SCHED_STATS more generic by adding a wrapper to create the 2008-04-17 04:20:10 +00:00
kern_syscalls.c
kern_sysctl.c Add sysctl_rename_oid() to support device_set_unit() usage. Otherwise, 2007-11-30 21:29:08 +00:00
kern_tc.c In keeping with style(9)'s recommendations on macros, use a ';' 2008-03-16 10:58:09 +00:00
kern_thr.c Fix compiling problem. 2008-04-29 05:48:05 +00:00
kern_thread.c - Make SCHED_STATS more generic by adding a wrapper to create the 2008-04-17 04:20:10 +00:00
kern_time.c Make sure reading td_runtime in critical section since thread may be 2008-01-18 13:00:28 +00:00
kern_timeout.c - Correct a major error introduced in the per-cpu timeout commit. Sleep 2008-04-06 11:08:49 +00:00
kern_umtx.c Introduce command UMTX_OP_WAIT_UINT_PRIVATE and UMTX_OP_WAKE_PRIVATE 2008-04-29 03:48:48 +00:00
kern_uuid.c
kern_xxx.c
ksched.c
link_elf_obj.c Add hooks for the Compact C Type Format (CTF) data to be attached to 2008-05-23 00:49:39 +00:00
link_elf.c Add hooks for the Compact C Type Format (CTF) data to be attached to 2008-05-23 00:49:39 +00:00
linker_if.m Add the ctf_get method. 2008-05-23 04:06:49 +00:00
Make.tags.inc
Makefile style.Makefile(5) 2007-12-14 21:30:51 +00:00
makesyscalls.sh Generate another function for the DTrace syscall provider to specify 2008-03-27 01:53:44 +00:00
md4c.c
md5c.c
p1003_1b.c Remove kernel support for M:N threading. 2008-03-12 10:12:01 +00:00
posix4_mib.c
sched_4bsd.c - Add an integer argument to idle to indicate how likely we are to wake 2008-04-25 05:18:50 +00:00
sched_ule.c - Add an integer argument to idle to indicate how likely we are to wake 2008-04-25 05:18:50 +00:00
serdev_if.m
subr_acl_posix1e.c
subr_autoconf.c In keeping with style(9)'s recommendations on macros, use a ';' 2008-03-16 10:58:09 +00:00
subr_blist.c add malloc flag to blist so that it can be used in ithread context 2008-05-05 19:48:54 +00:00
subr_bus.c devctl_process_running(): Check for devsoftc.inuse == 1 instead of 2008-05-18 13:55:51 +00:00
subr_clist.c In keeping with style(9)'s recommendations on macros, use a ';' 2008-03-16 10:58:09 +00:00
subr_clock.c Now that all platforms use genclock, shuffle things around slightly 2008-04-22 19:38:30 +00:00
subr_devstat.c
subr_disk.c
subr_eventhandler.c In keeping with style(9)'s recommendations on macros, use a ';' 2008-03-16 10:58:09 +00:00
subr_fattime.c
subr_firmware.c Do image loading in a context known to have a root directory: 2008-04-09 19:07:48 +00:00
subr_hints.c
subr_kdb.c Expand kdb_alt_break a little, most commonly used with the option 2008-05-04 23:29:38 +00:00
subr_kobj.c
subr_lock.c - Embed the recursion counter for any locking primitive directly in the 2008-05-15 20:10:06 +00:00
subr_log.c In keeping with style(9)'s recommendations on macros, use a ';' 2008-03-16 10:58:09 +00:00
subr_mbpool.c
subr_mchain.c Replaced the misleading uses of a historical artefact M_TRYWAIT with M_WAIT. 2008-03-25 09:39:02 +00:00
subr_module.c
subr_msgbuf.c
subr_param.c - Export HZ value via kern.hz sysctl (this is the same name as for the 2008-05-09 07:42:02 +00:00
subr_pcpu.c generally we are interested in what thread did something as 2007-11-14 06:21:24 +00:00
subr_power.c
subr_prf.c
subr_prof.c In keeping with style(9)'s recommendations on macros, use a ';' 2008-03-16 10:58:09 +00:00
subr_rman.c
subr_rtc.c Now that all platforms use genclock, shuffle things around slightly 2008-04-22 19:38:30 +00:00
subr_sbuf.c
subr_scanf.c
subr_sleepqueue.c - Make SCHED_STATS more generic by adding a wrapper to create the 2008-04-17 04:20:10 +00:00
subr_smp.c Allow a rendezvous with just a specified CPU too. 2008-05-23 04:05:26 +00:00
subr_stack.c When a symbol name can't be resolved, return "??" as the name, rather 2007-12-03 14:44:35 +00:00
subr_taskqueue.c Use kthread_exit() to terminate a taskqueue thread rather than kproc_exit() 2008-04-11 17:35:54 +00:00
subr_trap.c - Make SCHED_STATS more generic by adding a wrapper to create the 2008-04-17 04:20:10 +00:00
subr_turnstile.c - Make SCHED_STATS more generic by adding a wrapper to create the 2008-04-17 04:20:10 +00:00
subr_unit.c
subr_witness.c - Embed the recursion counter for any locking primitive directly in the 2008-05-15 20:10:06 +00:00
sys_generic.c - Remove stale comment. 2008-03-19 07:33:16 +00:00
sys_pipe.c Destruction of the pipe calls knlist_cleardel() to remove the knotes 2008-05-23 11:09:50 +00:00
sys_process.c - Relax requirements for p_numthreads, p_threads, p_swtick, and p_nice from 2008-03-19 06:19:01 +00:00
sys_socket.c Add code to allow the system to handle multiple routing tables. 2008-05-09 23:03:00 +00:00
syscalls.c Add code to allow the system to handle multiple routing tables. 2008-05-09 23:03:00 +00:00
syscalls.master Add code to allow the system to handle multiple routing tables. 2008-05-09 23:03:00 +00:00
systrace_args.c Add code to allow the system to handle multiple routing tables. 2008-05-09 23:03:00 +00:00
sysv_ipc.c
sysv_msg.c
sysv_sem.c
sysv_shm.c Make sure we restrict Linux only IPC calls from being executed 2008-02-12 20:55:03 +00:00
tty_compat.c
tty_conf.c
tty_cons.c The "free-lance" timer in the i8254 is only used for the speaker 2008-03-26 20:09:21 +00:00
tty_pts.c In keeping with style(9)'s recommendations on macros, use a ';' 2008-03-16 10:58:09 +00:00
tty_pty.c In keeping with style(9)'s recommendations on macros, use a ';' 2008-03-16 10:58:09 +00:00
tty_subr.c In keeping with style(9)'s recommendations on macros, use a ';' 2008-03-16 10:58:09 +00:00
tty_tty.c In keeping with style(9)'s recommendations on macros, use a ';' 2008-03-16 10:58:09 +00:00
tty.c Implement POSIX function tcgetsid() which returns session id. 2008-04-15 08:33:32 +00:00
uipc_accf.c
uipc_cow.c Give MEXTADD() another argument to make both void pointers to the 2008-02-01 19:36:27 +00:00
uipc_debug.c Add missing sb_sndptr* fields to db_print_sockbuf(). 2008-01-03 15:19:31 +00:00
uipc_domain.c In keeping with style(9)'s recommendations on macros, use a ';' 2008-03-16 10:58:09 +00:00
uipc_mbuf2.c
uipc_mbuf.c Attempt to make the print types more friendly to other architectures. 2008-04-30 20:00:30 +00:00
uipc_mqueue.c - Use vget() to lock the vnode rather than refing without a lock and 2008-03-29 23:30:40 +00:00
uipc_sem.c Attempt to improve convergence of POSIX semaphore code with style(9). 2008-05-16 18:10:07 +00:00
uipc_shm.c Initialize the vm object's flags to include OBJ_NOSPLIT, just like the 2008-04-13 21:08:34 +00:00
uipc_sockbuf.c Update the kernel to count the number of mbufs and clusters 2008-05-15 20:18:44 +00:00
uipc_socket.c Add code to allow the system to handle multiple routing tables. 2008-05-09 23:03:00 +00:00
uipc_syscalls.c When sendto(2) is called with an explicit destination address 2008-05-22 07:18:54 +00:00
uipc_usrreq.c Move unlock of global UNIX domain socket lock slightly lower in 2008-01-18 19:16:03 +00:00
vfs_acl.c Add the support for the AT_FDCWD and fd-relative name lookups to the 2008-03-31 12:01:21 +00:00
vfs_aio.c Use FEATURE() macro to advertise aio availability. 2008-02-01 11:59:14 +00:00
vfs_bio.c b_waiters cannot be adequately protected by the interlock because it is 2008-03-28 12:30:12 +00:00
vfs_cache.c - Use LK_TYPE_MASK where needed. Actually after sys/sys/lockmgr.h:1.69 it is 2008-04-09 20:19:55 +00:00
vfs_cluster.c - Complete part of the unfinished bufobj work by consistently using 2008-03-22 09:15:16 +00:00
vfs_default.c Move the head of byte-level advisory lock list from the 2008-04-16 11:33:32 +00:00
vfs_export.c Add code to allow the system to handle multiple routing tables. 2008-05-09 23:03:00 +00:00
vfs_extattr.c Add the support for the AT_FDCWD and fd-relative name lookups to the 2008-03-31 12:01:21 +00:00
vfs_hash.c In keeping with style(9)'s recommendations on macros, use a ';' 2008-03-16 10:58:09 +00:00
vfs_init.c
vfs_lookup.c Implement the linux syscalls 2008-04-08 09:45:49 +00:00
vfs_mount.c Lock filedesc exclusively when modifying fd_[cr]dir. 2008-04-29 21:40:11 +00:00
vfs_subr.c Be more friendly for DDB pager. 2008-05-18 21:08:12 +00:00
vfs_syscalls.c vfs_syscalls.c 1.452 mistakenly swapped the behavior of chown() and lchown(). 2008-04-07 00:29:32 +00:00
vfs_vnops.c Add the support for the O_EXEC open(2) mode, as specified by the 2008-03-31 11:57:18 +00:00
vnode_if.src Add the new kernel-mode NFS Lock Manager. To use it instead of the 2008-03-26 15:23:12 +00:00