From nobody@FreeBSD.org  Thu Apr  5 09:13:16 2007
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 1781716A403
	for <freebsd-gnats-submit@FreeBSD.org>; Thu,  5 Apr 2007 09:13:16 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [69.147.83.33])
	by mx1.freebsd.org (Postfix) with ESMTP id 06EAF13C465
	for <freebsd-gnats-submit@FreeBSD.org>; Thu,  5 Apr 2007 09:13:16 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.13.1/8.13.1) with ESMTP id l359DFHC096693
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 5 Apr 2007 09:13:15 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.13.1/8.13.1/Submit) id l3598EIB095976;
	Thu, 5 Apr 2007 09:08:14 GMT
	(envelope-from nobody)
Message-Id: <200704050908.l3598EIB095976@www.freebsd.org>
Date: Thu, 5 Apr 2007 09:08:14 GMT
From: Zhouyi Zhou<zhouyi04@ios.cn>, zhouzhouyi@gmail.com
To: freebsd-gnats-submit@FreeBSD.org
Subject: FreeBSD kernel dead lock and a solution
X-Send-Pr-Version: www-3.0

>Number:         111261
>Category:       kern
>Synopsis:       FreeBSD kernel dead lock and a solution
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Apr 05 09:20:03 GMT 2007
>Closed-Date:    Thu Apr 05 10:01:23 GMT 2007
>Last-Modified:  Thu Apr 05 10:01:23 GMT 2007
>Originator:     Zhouyi Zhou
>Release:        FreeBSD 6
>Organization:
Institute of Software, Chinese Academy of Sciences
>Environment:
FreeBSD zzy 6.0-RELEASE FreeBSD 6.0-RELEASE #5 i386
>Description:
In the recently testing of FreeBSD using people.freebsd.org/~pho/stress/src/stress2.tgz, when running the 7 tests simulatanouly, the FreeBSD kernel will goto dead lock after three or more days .

The reason is as follows:
In function vm_fault at vm/vm_fault.c

299         fs.vp = vnode_pager_lock(fs.first_object);
300         KASSERT(fs.vp == NULL || !fs.map->system_map,

The kernel will try to get a lock on fs.vp with the fs.map still locks.

while in function do_execve at kern/kern_exec.c

462         if (p->p_sysent->sv_copyout_strings)
463                 stack_base = (*p->p_sysent->sv_copyout_strings)(imgp);
464         else
465                 stack_base = exec_copyout_strings(imgp);
466 
467         /*
468          * If custom stack fixup routine present for this process
469          * let it do the stack setup.
470          * Else stuff argument count as first item on stack
471          */
472         if (p->p_sysent->sv_fixup != NULL)
473                 (*p->p_sysent->sv_fixup)(&stack_base, imgp);
474         else
475                 suword(--stack_base, imgp->args->argc);
The copyout function may cause vm_fault on line 463 or 465, which will try to lock the kernel_map->root->object.sub_map, which is locked by another process in vm_fault above. While at mean time the imgp->vp is still got locked.   
>How-To-Repeat:
using people.freebsd.org/~pho/stress/src/stress2.tgz, when running the 7 tests simulatanouly, the FreeBSD kernel will goto dead lock after three or more days .
>Fix:
Add  VOP_UNLOCK(imgp->vp, 0, td)
before 
462         if (p->p_sysent->sv_copyout_strings)
463                 stack_base = (*p->p_sysent->sv_copyout_strings)(imgp);
464         else
And add  vn_lock(imgp->vp, LK_EXCLUSIVE | LK_RETRY, td);
after
474         else
475                 suword(--stack_base, imgp->args->argc);
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: linimon 
State-Changed-When: Thu Apr 5 10:01:08 UTC 2007 
State-Changed-Why:  
Duplicate of kern/111260. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=111261 
>Unformatted:
