git: b764a426534f - main - There is a window where threads are removed from the process list and where the thread destructor is invoked. Catch that window by waiting for all task_struct allocations to be returned before freeing the UMA zone in the LinuxKPI. Else UMA may fail to release the zone due to concurrent access and panic:
Hans Petter Selasky
hps at selasky.org
Fri May 21 12:35:40 UTC 2021
On 5/21/21 1:51 PM, Konstantin Belousov wrote:
> On Fri, May 21, 2021 at 11:21:17AM +0000, Hans Petter Selasky wrote:
>> The branch main has been updated by hselasky:
>>
>> URL: https://cgit.FreeBSD.org/src/commit/?id=b764a426534f2f5f86d6625288c74dafdbc94d2b
>>
>> commit b764a426534f2f5f86d6625288c74dafdbc94d2b
>> Author: Hans Petter Selasky <hselasky at FreeBSD.org>
>> AuthorDate: 2021-05-21 11:17:42 +0000
>> Commit: Hans Petter Selasky <hselasky at FreeBSD.org>
>> CommitDate: 2021-05-21 11:18:41 +0000
>>
>> There is a window where threads are removed from the process list and where
>> the thread destructor is invoked. Catch that window by waiting for all
>> task_struct allocations to be returned before freeing the UMA zone in the
>> LinuxKPI. Else UMA may fail to release the zone due to concurrent access
>> and panic:
>>
>> panic() - Bad link element prev->next != elm
>> zone_release()
>> bucket_drain()
>> bucket_free()
>> zone_dtor()
>> zone_free_item()
>> uma_zdestroy()
>> linux_current_uninit()
>>
>> This failure can be triggered by loading and unloading the LinuxKPI module
>> in a loop:
>>
>> while true
>> do
>> kldload linuxkpi
>> kldunload linuxkpi
>> done
>>
>> Discussed with: kib@
> No, it was not discussed, with me.
> It contains parts of my half-done patches.
> And I disagree with what the global counting you added there, both on
> principle and on implementation.
Let's discuss this off-list. There are not that many choices from what I
can see.
--HPS
More information about the dev-commits-src-all
mailing list