[Bug 200958] filemon has insufficient proc locking

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Thu Jun 18 21:25:03 UTC 2015


            Bug ID: 200958
           Summary: filemon has insufficient proc locking
           Product: Base System
           Version: 11.0-CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: freebsd-bugs at FreeBSD.org
          Reporter: peter at FreeBSD.org

sys/dev/filemon_wrapper.c:filemon_pid_check() walks the curproc->p_pptr chain
without the required proc locking.

 *      c - locked by proc mtx
 *      e - locked by proctree_lock lock
 * If the locking key specifies two identifiers (for example, p_pptr) then
 * either lock is sufficient for read access, but both locks must be held
 * for write access.
        struct proc     *p_pptr;        /* (c + e) Pointer to parent process.

The p_pptr scanner in filemon_pid_check() probably needs to hold a read rwlock
of proctree_lock.

This normally works fine, except when ptrace is involved.  With ptrace actively
reparenting things it can end up where it sits in an infinite loop in

Tracing pid 97757 tid 100728 td 0xfffff8012938a980
kdb_alt_break_internal() at kdb_alt_break_internal+0x197/frame
kdb_alt_break() at kdb_alt_break+0xb/frame 0xfffffe085fac7740
uart_intr_rxready() at uart_intr_rxready+0x99/frame 0xfffffe085fac7770
uart_intr() at uart_intr+0x111/frame 0xfffffe085fac77b0
intr_event_handle() at intr_event_handle+0x9b/frame 0xfffffe085fac7800
intr_execute_handlers() at intr_execute_handlers+0x48/frame 0xfffffe085fac7830
lapic_handle_intr() at lapic_handle_intr+0x3f/frame 0xfffffe085fac7850
Xapic_isr1() at Xapic_isr1+0xba/frame 0xfffffe085fac7850
--- interrupt, rip = 0xffffffff805244ed, rsp = 0xfffffe085fac7910, rbp =
0xfffffe085fac7990 ---
filemon_wrapper_freebsd32_stat() at filemon_wrapper_freebsd32_stat+0x6d/frame
ia32_syscall() at ia32_syscall+0x41b/frame 0xfffffe085fac7ab0
Xint0x80_syscall() at Xint0x80_syscall+0x95/frame 0xfffffe085fac7ab0
--- syscall (188, FreeBSD ELF32, filemon_wrapper_freebsd32_stat), rip =
0x284aa6d7, rsp = 0xffff987c, rbp = 0xffff9918 ---

In this case, it is looping infinitely in filemon_pid_check() and the process
in question is gdb from the gdb test suite.

On the ref* machines we ended up with 8 gdb processes all consuming 100% cpu in
this function.

You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-bugs mailing list