Subject: kern/32631: Bad concurrency checking can cause a crash in sys/kern/subr_pool.c
To: None <firstname.lastname@example.org, email@example.com,>
From: None <firstname.lastname@example.org>
Date: 01/25/2006 16:05:02
>Synopsis: Bad concurrency checking can cause a crash in sys/kern/subr_pool.c
>Arrival-Date: Wed Jan 25 16:05:01 +0000 2006
>Originator: Yves-Emmanuel JUTARD
custom environment : recompiled from /src, only some parts of NetBSD are used (TCP/IP stack and some parts of the kernel)
in file sys/kern/subr_pool.c,v 220.127.116.11,
in function 'pool_get' (l. 796)
line 1038, pool_get can call "pool_catchup' on a 'entered' pool (pp, locked by 'pr_enter' at line 818)
now, under specific conditions, pool_catchup(pp) can call pool_allocator_alloc(pp), which can call 'pool_reclaim(pp)' which call 'pr_enter(pp)', which fail and crash, since 'pp' is already entered !
I have experienced crashes because of that, on our custom board with limited memory.
Use NetBSD on a low mem system.
The solution is to call 'pr_leave(pp)' just before calling 'pool_catchup(pp)' in pool_get.
pr_leave(pp) is normally called AFTER the call to pool_catchup, line 1046.
I suggest moving it BEFORE, line 1034.
This is valid because we have finished manipulating the pool, so we can "leave" it peacefully.
It works for me.