Process pointer PID panics

christopher@0x90.org christopher at 0x90.org
Sat Jun 10 08:08:52 CEST 2006


It seems a simple patch for such a harrowing journey through kernel
internals trying to pinpoint this.

If a client application (ie: not arlad) opens the /dev/nnpfs0 device
before daemon-ifying itself, the (chan->proc) pointer will point into
the process struct from the starting shell.

This leads to terrifying lockmgr panics where the culprit appears to be
commands run from the shell such as 'tail' since the first process
struct seen by nnpfs is cached and passed all over the place.  Another
such artifact is the 'deadlock avoided' message from nnpfs_message_rpc.

This will not affect arlad, since it does daemon() before open(), but
other applications using the nnpfs interface may be affected.

Hope this helps
--chris

(Patch is against the 0.42 source)
--- nnpfs/bsd/nnpfs_dev-common.c.orig	Sat Jun 10 01:38:23 2006
+++ nnpfs/bsd/nnpfs_dev-common.c	Sat Jun 10 01:39:34 2006
@@ -281,8 +281,11 @@
 		     (unsigned long)chan->messageq.prev,
 		     (unsigned long)chan->messageq.next));
 
-
-    if (chan->proc == NULL)
+    /*
+     * The process ID of the client may change after open.  Since only one open
+     * is permitted, this must be our client.
+     */
+    if (chan->proc == NULL || chan->proc != nnpfs_get_proc(uiop))
 	chan->proc = nnpfs_get_proc(uiop);
 
  again:


More information about the Arla-drinkers mailing list