site_archiver@lists.apple.com Delivered-To: darwin-kernel@lists.apple.com Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=f8AkBGV3zI8Q8ANo4wQBJGhkMUjfeuo8mDwZIveVRDpY/TF615e3xmtM4mLjsK5YyGAQeuMH0ZXSXbP6igQ1sNYsYuOFv2S6g6TkkM4U9+CqRYi5X6yK1MXe/ZhSoRJO1mR6U1dplUCpRV+YoTA7O2xp9G3Jy7zMZnthhuL+FSg= I reported the bug in bugreporter. Thanks for the suggestion. Thanks, Lakshmipathy On 7/27/05, Terry Lambert <tlambert@apple.com> wrote:
Thanks for investigating the bug.
You should file a bug report (http://bugreporter.apple.com). As Justin usually points out, this list isn't an official (or even an unofficial) channel for reporting bugs to Apple.
-- Terry
On Jul 26, 2005, at 10:46 AM, B. S. N. Lakshmipathy wrote:
Hi all, The kernel released with 10.4.* (Tiger) has a serious bug. The following user program causes kernel panic.
/* @@@@@@@@@@@@@@@@@@@*/ #include <stdio.h> #include <stdlib.h> #include <sys/types.h> #include <sys/event.h>
int main (int argc, char **argv) { int kq; struct kevent ke;
if (argc < 1) return -1;
if ((kq = kqueue ()) < 0) { fprintf (stderr, "kqueue creation error\n"); return -1; }
EV_SET (&ke, atoi (argv[1]), EVFILT_PROC, EV_ADD, NOTE_FORK | NOTE_TRACK, 0, NULL);
if (kevent(kq, &ke, 1, NULL, 0, NULL) < 0) { fprintf (stderr, "kevent set error\n"); return -1; }
while (1) { memset(&ke, 0, sizeof(struct kevent));
if (kevent(kq, NULL, 0, &ke, 1, NULL) < 0) { fprintf (stderr, "kevent get error\n"); return -1; }
if (ke.fflags & NOTE_FORK) printf("%d forked\n", ke.ident);
if (ke.fflags & NOTE_CHILD) printf("child of %d is %d\n", ke.data, ke.ident);
if (ke.fflags & NOTE_TRACKERR) printf("NOTE_TRACK error\n"); }
return 0; } /* @@@@@@@@@@@@@@@@@@@*/
LOCATION OF BUG:
The problem is with the NULL pointer reference in fp_lookup() in bsd/kern/kern_descrip.c. The function call sequence is fork() -> fork1 () -> knote () -> filt_proc () -> kevent_register () -> fp_lookup (). filt_proc () calls kevent_register () with NULL as third argument. (kern_event.c:501), which is referenced in fp_lookup () without check for NULL.
Whoever re-organized the kqueue/kevent code, please fix it.
Thanks, Lakshmipathy
_______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-kernel mailing list (Darwin-kernel@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-kernel/tlambert% 40apple.com
This email sent to tlambert@apple.com
-- Thanks, Lakshmipathy _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-kernel mailing list (Darwin-kernel@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-kernel/site_archiver%40lists.a... This email sent to site_archiver@lists.apple.com