panic: mutex process lock not owned at ../../../kern/sys_process.c:97

Sun May 4 09:48:15 PDT 2003

On Sun, 4 May 2003, Philippe Charnier wrote:

> On Wed, 30 Apr 2003, Radko Keves <rado at studnet.sk> got this panic. The
> panic is easy to reproduce using `truss ls'. John Baldwin asked for a
> stack trace.  Here is one: 

> 79              PROC_UNLOCK(p);
> 80              if (kl < 0)
> 81                      error = EINVAL;
> 82              else
> 83                      /* XXXKSE: */
> 84                      error = proc_read_regs(FIRST_THREAD_IN_PROC(p), &r);
> 85              if (error == 0)
> 86                      error = uiomove(kv, kl, uio);
> 87              PROC_LOCK(p);
> 88              if (error == 0 && uio->uio_rw == UIO_WRITE) {

Try moving the PROC_UNLOCK() call from line 79 to just after line 84
(i.e., before the error check and possible uiomove()).  It looks like some
similar bugs might exist in other bits of procfs.  I've attached a patch
that tries to more generally handle use of the proc lock more properly
with uiomove(), but might also not be perfect.

Robert N M Watson             FreeBSD Core Team, TrustedBSD Projects
robert at fledge.watson.org      Network Associates Laboratories

Index: procfs_dbregs.c
===================================================================
RCS file: /home/ncvs/src/sys/fs/procfs/procfs_dbregs.c,v
retrieving revision 1.21
diff -u -r1.21 procfs_dbregs.c

--- procfs_dbregs.c	29 Jun 2002 17:26:15 -0000	1.21
+++ procfs_dbregs.c	4 May 2003 16:45:28 -0000
@@ -87,8 +87,11 @@
 	else
 		/* XXXKSE: */
 		error = proc_read_dbregs(FIRST_THREAD_IN_PROC(p), &r);
-	if (error == 0)
+	if (error == 0) {
+		PROC_UNLOCK(p);
 		error = uiomove(kv, kl, uio);
+		PROC_LOCK(p);
+	}
 	if (error == 0 && uio->uio_rw == UIO_WRITE) {
 		if (!P_SHOULDSTOP(p)) /* XXXKSE should be P_TRACED? */
 			error = EBUSY;
Index: procfs_fpregs.c
===================================================================
RCS file: /home/ncvs/src/sys/fs/procfs/procfs_fpregs.c,v
retrieving revision 1.27
diff -u -r1.27 procfs_fpregs.c
--- procfs_fpregs.c	29 Jun 2002 17:26:15 -0000	1.27
+++ procfs_fpregs.c	4 May 2003 16:44:43 -0000
@@ -81,8 +81,11 @@
 	else
 		/* XXXKSE: */
 		error = proc_read_fpregs(FIRST_THREAD_IN_PROC(p), &r);
-	if (error == 0)
+	if (error == 0) {
+		PROC_UNLOCK(p);
 		error = uiomove(kv, kl, uio);
+		PROC_LOCK(p);
+	}
 	if (error == 0 && uio->uio_rw == UIO_WRITE) {
 		if (!P_SHOULDSTOP(p))
 			error = EBUSY;
Index: procfs_ioctl.c
===================================================================
RCS file: /home/ncvs/src/sys/fs/procfs/procfs_ioctl.c,v
retrieving revision 1.9
diff -u -r1.9 procfs_ioctl.c
--- procfs_ioctl.c	17 Apr 2003 22:13:46 -0000	1.9
+++ procfs_ioctl.c	4 May 2003 16:46:16 -0000
@@ -67,6 +67,9 @@
 		*(unsigned int *)data = p->p_pfsflags;
 		break;
 	case PIOCWAIT:
+		/*
+		 * Should PHOLD() and relase proc lock here?
+		 */
 		while (p->p_step == 0) {
 			/* sleep until p stops */
 			error = msleep(&p->p_stype, &p->p_mtx,
Index: procfs_regs.c
===================================================================
RCS file: /home/ncvs/src/sys/fs/procfs/procfs_regs.c,v
retrieving revision 1.26
diff -u -r1.26 procfs_regs.c
--- procfs_regs.c	29 Jun 2002 17:26:15 -0000	1.26
+++ procfs_regs.c	4 May 2003 16:44:57 -0000
@@ -76,15 +76,16 @@
 		kl = uio->uio_resid;
 
 	_PHOLD(p);
-	PROC_UNLOCK(p);
 	if (kl < 0)
 		error = EINVAL;
 	else
 		/* XXXKSE: */
 		error = proc_read_regs(FIRST_THREAD_IN_PROC(p), &r);
-	if (error == 0)
+	if (error == 0) {
+		PROC_UNLOCK(p);
 		error = uiomove(kv, kl, uio);
-	PROC_LOCK(p);
+		PROC_LOCK(p);
+	}
 	if (error == 0 && uio->uio_rw == UIO_WRITE) {
 		if (!P_SHOULDSTOP(p))
 			error = EBUSY;

