From nobody@FreeBSD.org  Sun Aug 14 23:15:06 2005
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id D042E16A41F
	for <freebsd-gnats-submit@FreeBSD.org>; Sun, 14 Aug 2005 23:15:06 +0000 (GMT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [216.136.204.117])
	by mx1.FreeBSD.org (Postfix) with ESMTP id A16D043D46
	for <freebsd-gnats-submit@FreeBSD.org>; Sun, 14 Aug 2005 23:15:06 +0000 (GMT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.13.1/8.13.1) with ESMTP id j7ENF6am083079
	for <freebsd-gnats-submit@FreeBSD.org>; Sun, 14 Aug 2005 23:15:06 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.13.1/8.13.1/Submit) id j7EMlHkr055715;
	Sun, 14 Aug 2005 22:47:17 GMT
	(envelope-from nobody)
Message-Id: <200508142247.j7EMlHkr055715@www.freebsd.org>
Date: Sun, 14 Aug 2005 22:47:17 GMT
From: Antoine Pelisse <apelisse@gmail.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: [PATCH] Panic in kern_exec.c
X-Send-Pr-Version: www-2.3

>Number:         84935
>Category:       kern
>Synopsis:       [PATCH] Panic in kern_exec.c: missing lock
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    truckman
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Aug 14 23:20:14 GMT 2005
>Closed-Date:    Sat Oct 08 20:40:03 GMT 2005
>Last-Modified:  Sat Oct 08 20:40:03 GMT 2005
>Originator:     Antoine Pelisse
>Release:        7-CURRENT
>Organization:
Xloling
>Environment:
FreeBSD 7.0-CURRENT: Sun Aug 14 23:38:35 CEST 2005
>Description:
Fix for panic:        http://people.freebsd.org/~pho/stress/log/cons151.html
>How-To-Repeat:
      
>Fix:
--- kern/kern_exec.c.orig       Sun Aug 14 22:39:41 2005
+++ kern/kern_exec.c    Sun Aug 14 22:43:16 2005
@@ -667,7 +667,14 @@
 
        /* Cache arguments if they fit inside our allowance */
        if (ps_arg_cache_limit >= i + sizeof(struct pargs)) {
+               /*
+                * the lock needs to be released as begin_argv is
+                * stored in pageable memory (allocated with
+                * kmem_alloc_wait)
+                */
+               PROC_UNLOCK(p);
                bcopy(imgp->args->begin_argv, newargs->ar_args, i);
+               PROC_LOCK(p);
                p->p_args = newargs;
                newargs = NULL;
        }

Feel free to modify the comment,

Regards.
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->patched 
State-Changed-By: truckman 
State-Changed-When: Sat Oct 1 08:34:48 GMT 2005 
State-Changed-Why:  
The following patch committed in src/sys/kern/kern_exec.c 1.276: 

Index: kern_exec.c 
=================================================================== 
RCS file: /home/ncvs/src/sys/kern/kern_exec.c,v 
retrieving revision 1.275 
diff -u -r1.275 kern_exec.c 
--- kern_exec.c	30 Jun 2005 19:01:26 -0000	1.275 
+++ kern_exec.c	1 Oct 2005 06:19:48 -0000 
@@ -479,8 +479,11 @@ 
newcred = crget(); 
euip = uifind(attr.va_uid); 
i = imgp->args->begin_envv - imgp->args->begin_argv; 
-	if (ps_arg_cache_limit >= i + sizeof(struct pargs)) 
+	/* Cache arguments if they fit inside our allowance */ 
+	if (ps_arg_cache_limit >= i + sizeof(struct pargs)) { 
newargs = pargs_alloc(i); 
+		bcopy(imgp->args->begin_argv, newargs->ar_args, i); 
+	} 

/* close files on exec */ 
fdcloseexec(td); 
@@ -661,16 +664,13 @@ 
/* clear "fork but no exec" flag, as we _are_ execing */ 
p->p_acflag &= ~AFORK; 

-	/* Free any previous argument cache */ 
+	/* 
+	 * Free any previous argument cache and it with 
+	 * the new argument cache, if any. 
+	 */ 
oldargs = p->p_args; 
-	p->p_args = NULL; 
- 
-	/* Cache arguments if they fit inside our allowance */ 
-	if (ps_arg_cache_limit >= i + sizeof(struct pargs)) { 
-		bcopy(imgp->args->begin_argv, newargs->ar_args, i); 
-		p->p_args = newargs; 
-		newargs = NULL; 
-	} 
+	p->p_args = newargs; 
+	newargs = NULL; 

#ifdef	HWPMC_HOOKS 
/* 

This version of the patch has one less PROC_LOCK()/PROC_UNLOCK() pair 
and simplifies the p->p_args update logic. 


Responsible-Changed-From-To: freebsd-bugs->truckman 
Responsible-Changed-By: truckman 
Responsible-Changed-When: Sat Oct 1 08:34:48 GMT 2005 
Responsible-Changed-Why:  
Changed responsible party to patch committer. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=84935 
State-Changed-From-To: patched->closed 
State-Changed-By: truckman 
State-Changed-When: Sat Oct 8 20:35:57 GMT 2005 
State-Changed-Why:  
Patch committed to: 
kern_exec.c	1.276		(HEAD) 
kern_exec.c	1.275.2.1	(RELENG_6) 
kern_exec.c	1.249.2.6	(RELENG_5) 

http://www.freebsd.org/cgi/query-pr.cgi?pr=84935 
>Unformatted:
