panic: Exit: Single threading fouled up
Julian Elischer
julian at elischer.org
Mon Apr 26 15:32:38 PDT 2004
On Mon, 26 Apr 2004, Daniel Eischen wrote:
>
> There is a race in kse_release() and kse_wakeup() that looks
> to have been introduced when sleepqueues were added. msleep()
> drops the mutex too early (in this case the proc lock) and
> TDF_SINTR gets set after the mutex has been released. So
> the code in thread_single():
>
> if (force_exit == SINGLE_EXIT) {
> if (TD_IS_SUSPENDED(td2)) {
> thread_unsuspend_one(td2);
> }
> -> if (TD_ON_SLEEPQ(td2) &&
> -> (td2->td_flags & TDF_SINTR)) {
> sleepq_abort(td2);
> }
>
> may not abort the thread in the sleep queue.
I don't see imediatly how that would allow two processes
to get into the same code twice.. or someone could leave the
pointer set after doing single-threading, but
it does show that this is tricky stuff.
More information about the freebsd-current
mailing list