On Mon, 16 Nov 2015, Masao Uebayashi wrote:
Sure, that sounds prudent. It is difficult to fix properly. One way to do this would be to mark all lwps that have used compat syscalls with a bit depending on the module they have used, and refuse to unload the module until the lwp is gone. - when load a module that has compat syscalls, assign to it a bit. - mark a flags field of all syscalls that were loaded with that module with that bit. - or the lwp flags with the syscall flags on each syscall. - when it is time to unload check that no lwp has that bit in the flags set. - instead of keeping l_sysent, keep l_sysmodflags or something.What happens if signal handler does longjmp(3) and interrupted syscall never returns?
Whether or not the interrupted syscall returns, as long as the lwp is still alive it will prevent the syscall from being disestablished. In effect, it is a "false positive" but it allows us to err on the side of caution. I'd rather have the module remain loaded even if nothing is currently referencing its resources, rather than have it get unloaded and then the kernel crashes. +------------------+--------------------------+-------------------------+ | Paul Goyette | PGP Key fingerprint: | E-mail addresses: | | (Retired) | FA29 0E3B 35AF E8AE 6651 | paul at whooppee.com | | Kernel Developer | 0786 F758 55DE 53BA 7731 | pgoyette at netbsd.org | +------------------+--------------------------+-------------------------+