Possible kqueue related issue on STABLE/RC.

Konstantin Belousov kostikbel at gmail.com
Tue Sep 24 21:21:34 UTC 2013

On Tue, Sep 24, 2013 at 10:45:17AM -0700, John-Mark Gurney wrote:
> I'd like to understand why you think protecting these functions w/
> the _DETACHED check is correct...  In kern_event.c, all calls to
> f_detach are followed by knote_drop which will ensure that the knote
> is removed and free, so no more f_event calls will be called on that
> knote..

My current belief is that what happens is a glitch in the
kqueue_register(). After a new knote is created and attached, the kq
lock is dropped and then f_event() is called. If the vnode is reclaimed
or possible freed meantime, f_event() seems to dereference freed memory,
since kn_hook points to freed vnode.

The issue as I see it is that vnode lifecycle is detached from the knote
lifecycle.  Might be, only the second patch, which acquires a hold reference
on the vnode for each knote, is really needed.  But before going into any
conclusions, I want to see the testing results.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 834 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20130925/b6f55866/attachment.sig>

More information about the freebsd-stable mailing list