Crash with panic pagein mfind.
Damon Permezel
damonp at daemon.UUCP
Mon Aug 27 14:49:18 AEST 1984
Index: /sys/h/text.h 4.2BSD
Description:
If more than 127 instances of the same text image are in the
system, the 128th entry causes the x_count field in the text
table to become negative, resulting in addition of a duplicate
entry to the text table.
Because a duplicate entry exists in the text table, a critical
section exists in pagein() that causes the cmap[] to become
munged, resulting in panic().
Repeat-By:
fix up execl path and run as root:
/*
* try to generate pagein mfind panic
*/
#include <signal.h>
#include <stdio.h>
int kiddies = 0;
int reaper();
main(c, v)
char **v; {
int i;
if (c != 2)
exit(fprintf(stderr, "ni\n"));
switch (*v[1]) {
case 'm':
master();
break;
case 's':
slave();
}
}
master() {
signal(SIGCHLD, reaper);
for (;;) {
while (kiddies < 129) {
switch (fork()) {
case -1:
continue;
case 0:
execl("/s3g/damonp/tmp/crash", "crash", "s", 0);
exit();
default:
++kiddies;
}
}
sigblock(1 << SIGCHLD);
if (kiddies)
sigpause(0);
sigblock(0);
}
}
slave() {
sleep(40);
exit(0);
}
reaper() {
int pid;
wait(&pid);
--kiddies;
}
Fix:
Change type of x_count and x_ccount in text.h from char to short.
This allows for (2^15)-1 references to a text table entry to exist
before the problem recurrs, and I shudder to think of the system with
that many process slots.
Pstat (and maybe others) will have to be recompiled.
UUCPnet: {decvax,allegra}!tektronix!damonp
CSnet : damonp at tek
ARPAnet: damonp.tek at csnet-relay
US mail: Damon Permezel, Tektronix, Inc., Small Systems Support Group
: PO Box 500 Del.Sta. 19-333, Beaverton, OR 97077
MaBell : (503) 627-5037
More information about the Comp.bugs.4bsd.ucb-fixes
mailing list