From Tor.Egge@idi.ntnu.no  Wed Apr  2 15:49:17 1997
Received: from pat.idt.unit.no (0@pat.idt.unit.no [129.241.103.5])
          by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id PAA06942
          for <FreeBSD-gnats-submit@freebsd.org>; Wed, 2 Apr 1997 15:49:14 -0800 (PST)
Received: from ikke.idt.unit.no (tegge@ikke.idt.unit.no [129.241.111.65])
	by pat.idt.unit.no (8.8.5/8.8.5) with ESMTP id BAA16892
	for <FreeBSD-gnats-submit@freebsd.org>; Thu, 3 Apr 1997 01:48:22 +0200 (MET DST)
Received: (from tegge@localhost)
	by ikke.idt.unit.no (8.8.5/8.8.5) id BAA02775;
	Thu, 3 Apr 1997 01:48:16 +0200 (MET DST)
Message-Id: <199704022348.BAA02775@ikke.idt.unit.no>
Date: Thu, 3 Apr 1997 01:48:16 +0200 (MET DST)
From: Tor Egge <Tor.Egge@idi.ntnu.no>
Reply-To: Tor.Egge@idi.ntnu.no
To: FreeBSD-gnats-submit@freebsd.org
Subject: mlock() causes panic: lockmgr: upgrade exclusive lock
X-Send-Pr-Version: 3.2

>Number:         3180
>Category:       kern
>Synopsis:       mlock() causes panic: lockmgr: upgrade exclusive lock
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    dyson
>State:          closed
>Quarter:
>Keywords:
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Apr  2 15:50:03 PST 1997
>Closed-Date:    Sat Aug 23 18:15:30 MEST 1997
>Last-Modified:  Sat Aug 23 18:15:51 MEST 1997
>Originator:     Tor Egge
>Release:        FreeBSD 3.0-CURRENT i386
>Organization:
Norwegian University of Science and Technology, Trondheim, Norway
>Environment:

FreeBSD ikke.idt.unit.no 3.0-CURRENT FreeBSD 3.0-CURRENT #5: Thu Apr  3 00:28:21 MET DST 1997     root@ikke.idt.unit.no:/usr/src/sys/compile/TEGGE  i386

>Description:

lockmgr is called with wrong arguments in vm_map_user_pageable.

The first call will cause a panic: lockmgr: upgrade exclusive lock,
since we already have an exclusive lock.

The second call will cause a panic: lockmgr: not holding exclusive lock, due to
the lock having been silently downgraded to a shared lock as a side effect of
the call to vm_fault_user_wire.

>How-To-Repeat:

	Use the mlock() system call with valid parameters in a program.

>Fix:
	
Index: vm_map.c
===================================================================
RCS file: /home/ncvs/src/sys/vm/vm_map.c,v
retrieving revision 1.72
diff -u -r1.72 vm_map.c
--- vm_map.c	1997/02/22 09:48:23	1.72
+++ vm_map.c	1997/04/02 22:16:53
@@ -1443,19 +1443,8 @@
 
 			/* First we need to allow map modifications */
 			vm_map_set_recursive(map);
-			if (lockmgr(&map->lock, LK_EXCLUPGRADE,
-				(void *)0, curproc)) {
-				entry->wired_count--;
-				entry->eflags &= ~MAP_ENTRY_USER_WIRED;
-
-				vm_map_clear_recursive(map);
-				vm_map_unlock(map);
+			lockmgr(&map->lock, LK_DOWNGRADE,(void *)0, curproc);
 
-				(void) vm_map_user_pageable(map, start, entry->start, TRUE);
-				return rv;
-			}
-
-				
 			rv = vm_fault_user_wire(map, entry->start, entry->end);
 			if (rv) {
 
@@ -1470,7 +1459,7 @@
 			}
 
 			vm_map_clear_recursive(map);
-			lockmgr(&map->lock, LK_DOWNGRADE, (void *)0, curproc);
+			lockmgr(&map->lock, LK_UPGRADE, (void *)0, curproc);
 
 			goto rescan;
 		}

>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->feedback 
State-Changed-By: joerg 
State-Changed-When: Sat Aug 23 16:15:49 MEST 1997 
State-Changed-Why:  

Many things happened with the lock manager lately, can you verify the 
problem still exists? 
Responsible-Changed-From-To: freebsd-bugs->dyson 
Responsible-Changed-By: joerg 
Responsible-Changed-When: Sat Aug 23 16:16:20 MEST 1997 
Responsible-Changed-Why:  
John is Mr. Lock Manager these days. 
State-Changed-From-To: feedback->closed 
State-Changed-By: joerg 
State-Changed-When: Sat Aug 23 18:15:30 MEST 1997 
State-Changed-Why:  

Originator confirms problem fixed. 
>Unformatted:
