kern/153938: [run] [panic] [patch] Workaround for use-after-free
panic
Juergen Lock
nox at jelal.kn-bremen.de
Sun Jan 30 22:00:20 UTC 2011
The following reply was made to PR kern/153938; it has been noted by GNATS.
From: Juergen Lock <nox at jelal.kn-bremen.de>
To: PseudoCylon <moonlightakkiy at yahoo.ca>
Cc: bug-followup at freebsd.org, Juergen Lock <nox at jelal.kn-bremen.de>
Subject: Re: kern/153938: [run] [panic] [patch] Workaround for use-after-free
panic
Date: Sun, 30 Jan 2011 22:50:42 +0100
On Sat, Jan 22, 2011 at 11:35:14PM -0800, PseudoCylon wrote:
> >panic
> >
> > It's possible this was triggered by the first DPRINTFN() in
> > run_node_cleanup() (that I turned into a device_printf() and meanwhile
> > have disabled, maybe it caused a taskswitch)
>
> Your bt says no.
>
I was more thinking the printf might have allowed the other
thread to run and grab the lock...
> > #5 0xffffffff8117839b in run_node_cleanup (ni=0xffffff8000f83000)
> > at
> >/data2v/home/nox/src-r81/src/sys/modules/usb/run/../../../dev/usb/wlan/if_run.c:1719
> >
> > 1719 RUN_LOCK(sc);
> > (kgdb) l
>
>
> run_node_cleanup() was called with node lock held. Happens all the time.
>
Ok but this time RUN_LOCK was held by the same thread that slept on the
node lock and thus there was deadlock...
> > - but in any case I'd
> > say this is not safe i.e. needs to be fixed. :)
> >
>
> Yes. Here is fix. This one shall work.
> http://gitorious.org/run/run/trees/fifo_fix/dev/usb/wlan
Anyway, I have been testing this version for maybe a week now and it
seems to work at least no worse than the previous one, minus the
deadlock. :) So it probably can go in.
Thanx!
Juergen
More information about the freebsd-net
mailing list