Gentlemen,
Below are resolutions to some of the issues I reported in earlier emails. I have emailed a patch to Dave Grothe which addresses items 2 and 3. Item 1 is a false alarm.
1) lis_freezestr and lis_freezestr do indeed accept any queues other the stream head pair. I misread the code. All queue’s have pointers to the stream head (q_str).
2) The changed I made two years ago is still maintained in LiS-2.18 . The problem is a there are places in the code that freemsg on an M_PASSFP message. The file descriptor in a M_PASSFP message should be closed before as well as freeing the mblk. The following test program can fail if file descriptor is located on a[0] streams read put function queue (sd_rput_hd) when a[0] is closed. The failure is that the file descriptor b[0] will not be freed and LiS can not be unloaded.
#include <unistd.h>
#include <stropts.h>
main()
{
int a[2];
int b[2];
pipe(a);
pipe(b);
ioctl(a[0], I_SENDFD, b[0]);
close(b[0]);
close(a[1]);
}
3) There is a synchronization problem between pipes. One such issue resulted in an Oops. The problem is pipe disassemble queues in both directions. There is an unprotected critical area. I.e., one process is calling putmsg on one side of a pipe, while another process is closing the other side of the pipe. One process is closing one side of the pipe while another process is closing the other side of the pipe.
Below is the an oops cause by issue 3.
Agent: TERMINATED
/u<4s>r//usrsrc//sLircS-/L2.i1S-7/2.h1e7a/d/headed/h.cea #d.4c17 #0:4 1Q7oue:
uqe uemauegi mc engiumc benrum biser 0xis93 03x9903d3d90,0 sddh,ou sldho bule
d0 bx9e 330x990033dc90
dc 0
Unable to handle kernel NULL pointer dereference at virtual address 00000090
printing eip:
f8a0d9e9
*pde = 00000000
Oops: 0002
pl2303 usbserial localdrv snamux lu62mux sessmux sdlcmux streams-adpa streams-cxio
streams-copier placxp slmdrv streams bcm5700 st loop keybdev mousedev hid i
CPU: 2
EIP: 00b0:[<f8a0d9e9>] Tainted: PF
EFLAGS: 00010046
EIP is at lis_rw_write_lock_irqsave_fcn [streams] 0x11 (2.4.21-15.0.4.EL-1/i686)
eax: 00000090 ebx: 00000000 ecx: 00000058 edx: 00000090
esi: 00000058 edi: eb81b960 ebp: e4b29e40 esp: eb429e18
do: 0068 es: 0068 ss: 0068
Process stopcdm ( pid: 21360, stackpage = e4b29000 )
Stack: f89f7158 00000058 e4b29e40 f8a0ef4d 0000104b eb81b960 f8a0ef4d 0000104a
eb81b960 eb81b960 00000246 00000000 00000000 eaad2100 eae45d44 f89f73bc
eaad2100 c312c100 eae45d44 00000000 00000000 00000001 eae45d44 f89f427b
Call Trace: [<f89f7158>] check_for_wantenable [streams] 0x94 ( 0xe4b29e18 )
[<f8a0ef4d>] .rodata.str1.1 [streams] 0x2fd (0xe4b29e24 )
[<f8a0ef4d>] .rodata.str1.1 [streams] 0x2fd ( 0xe4b29e30 )
[<f89f73bc>] lis_unfreezestr [streams] 0x64 ( 0xe4b29e54 )
[<f89f427b>] lis_qdetach [streams] 0x54b ( 0xe4b29e74 )
[<f8a0ef4d>] .rodata.str1.1 [streams] 0x2fd ( 0xe4b29ea4 )
[<f89f2e21>] lis_dismantle [streams] 0x61 ( 0xe4b29ed0 )
[<f89fcfe3>] close_action [streams] 0x197 ( 0xe4b29eec )
[<f89fd5a0>] lis_doclose [streams] 0x328 ( 0xe4b29f18 )
[<f89fd7a0>] lis_strclose [streams] 0x178 ( 0xe4b29f44 )
[<c015507b>] __fput [kernel] 0xe4 ( 0xe4b29f78 )
[<c0153440>] filp_close [kernel] 0x92 ( 0xe4b29f94 )
[<c01534e2>] sys_close [kernel] 0x66 ( 0xe4b29fb0 )
Code: f0 81 28 00 00 00 01 0f 85 a8 06 00 00 b8 00 ff 21 e0
Kernel panic: Fatal exception
Jeff Goldszer
Senior Software Engineer
Alebra Technologies
9915 66th Avenue
Apartment 2C
Rego Park, NY 11374
Phone: 718-606-8535
FAX: 718-606-8536
