Re: Fix potential panic with ddb command callout

Subject:	Re: Fix potential panic with ddb command callout
From:	Stefan Sperling <stsp@xxxxxxxxx>
Date:	Sun, 13 Jul 2008 23:28:17 UTC
Newsgroups:	fa.openbsd.tech


On Sat, May 10, 2008 at 11:44:36PM +0200, Pierre Riteau wrote:
> Hi.
>
> I managed to panic my system while playing with the callout command
> of ddb. It's quite simple to do, run callout, type q to go out of the
> pager, and run callout again.
>
> ddb{0}> ticks now: 1302
>     ticks  wheel       arg  func
>         1  0/23   d07dde94  nfs_timer
>        19  0/41   d07b9474  pffasttimo
>        24  0/46   d0edc800  uhci_poll_hub
>        49  0/71   d07b948c  pfslowtimo
>        67  0/89   d6257008  endtsleep
>        68  0/90   d0ecf400  vic_tick
>       100  0/98   d07f6c00  pckbc_poll
>        98  0/120  d07b94c8  if_slowtimo
>        98  0/120         0  nd6_timer
>        98  0/120  d07baf30  rt_timer_timer
>        98  0/120  d07b9234  schedcpu
>        99  0/121  d62f4c18  endtsleep
>       115  0/137  d6257818  endtsleep
>       199  0/221  d0eaa000  sensor_task_tick
>       698  1/263  d0e91c00  acpi_poll
>      2333  1/270  d62e9d74  realitexpire
>      2806  1/272  d62576c0  endtsleep
>      4742  1/279  d62f4810  endtsleep
>      4742  1/279  d62f4ac0  endtsleep
>     29282  1/375  d07baf48  arptimer
>  ddb{0}> ticks now: 1302
>     ticks  wheel       arg  func
> panic: mtx_enter: locking against myself

I got bitten by the exact same problem today (ddb freaking out on
mtx_enter locking against itself), and the patch does in fact fix it
for me as well.

Can someone commit this?

Thanks,
Stefan

> Stopped at    Debugger+0x4:   leave
>
> This is because typing 'q' does a longjmp to go back to the prompt, so
> the mutex protecting the timewheels is never unlocked.
> Fix is quite simple: override the setjmp to have the chance to unlock
> the mutex.
>
> Pierre Riteau
>
> Index: kern/kern_timeout.c
> ===================================================================
> RCS file: /cvs/src/sys/kern/kern_timeout.c,v
> retrieving revision 1.26
> diff -p -u -r1.26 kern_timeout.c
> --- kern/kern_timeout.c       20 Jan 2008 18:23:38 -0000      1.26
> +++ kern/kern_timeout.c       10 May 2008 21:24:25 -0000
> @@ -283,7 +283,15 @@ db_show_callout_bucket(struct circq *buc
>  void
>  db_show_callout(db_expr_t addr, int haddr, db_expr_t count, char *modif)
>  {
> -     int b;
> +     int              b;
> +     label_t          db_jmpbuf;
> +     label_t         *savejmp;
> +     extern label_t  *db_recover;
> +
> +     savejmp = db_recover;
> +     db_recover = &db_jmpbuf;
> +     if (setjmp(&db_jmpbuf))
> +             goto unlock;
>
>       db_printf("ticks now: %d\n", ticks);
>       db_printf("    ticks  wheel       arg  func\n");
> @@ -292,6 +300,10 @@ db_show_callout(db_expr_t addr, int hadd
>       db_show_callout_bucket(&timeout_todo);
>       for (b = 0; b < BUCKETS; b++)
>               db_show_callout_bucket(&timeout_wheel[b]);
> +
> +unlock:
>       mtx_leave(&timeout_mutex);
> +
> +     db_recover = savejmp;
>  }
>  #endif

[demime 1.01d removed an attachment of type application/pgp-signature]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: Fix potential panic with ddb command callout, Stefan Sperling <= Message not available Re: Fix potential panic with ddb command callout, Artur Grabowski Message not available Re: Fix potential panic with ddb command callout, Pierre Riteau

Previous by Date:	Re: re(4) users, a diff just for you, Markus Hennecke
Next by Date:	[PATCH] fix recent regression in acpibat(4), Stefan Sperling
Previous by Thread:	re(4) users, a diff just for you, Jonathan Gray
Next by Thread:	Re: Fix potential panic with ddb command callout, Artur Grabowski
Indexes:	[Date] [Thread] [Top] [All Lists]