kern/42685: waiting a kqueue concurrently may cause kernel panic

[baiyang%gmail.com@localhost]

>Number:         42685
>Category:       kern
>Synopsis:       waiting a kqueue concurrently may cause kernel panic
>Confidential:   no
>Severity:       critical
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Jan 28 16:40:00 +0000 2010
>Originator:     BaiYang
>Release:        5.0.1 / i386
>Organization:
>Environment:
>Description:
If we are using the kevent api to waiting a kqueue on multi-threads 
concurrently like this: 

// ...
int r = kevent(sg_kqfd, NULL, 0, &evt, 1, &m_tspTMOUT);
// ...

Two situations may be ocurred:
1. When an event is raised, more than one kevent will return the same (which 
was just raised) event.
2. When an event is raised, a kernel panic may occured with the "fatal page 
fault" error.

On the other hand, the same code works very well on FreeBSD. 

We can simply accept the situation 1 as a different behaviour from FreeBSD and 
other systems. But the situation 2 is obviously a system bug because in any 
case, a user mode process should not cause a kernel panic.
>How-To-Repeat:
Just wait a kqueue concurrently in a thread pool.
>Fix:
Include the code segment with a critical section could resolve the problem:

// ...
pthread_mutex_lock(&mutex);
int r = kevent(sg_kqfd, NULL, 0, &evt, 1, &m_tspTMOUT);
pthread_mutex_unlock(&mutex);
// ...