[9fans] drawterm sigsegv on linux 2.6.18

[9fans] drawterm sigsegv on linux 2.6.18

[onyx.peridot]

Hi 9fans,

When I do a "du -a /" on a plan9 cpu server via drawterm,  drawterm
gets a sigsegv after a while.  Gdb  reports that the sigsegv arrived
when tas.c:9 (inline assembler code to do test and set) is called.  I
cannot see anything wrong with the tas code though.

The following is what gdb reports:

(gdb) run
Starting program: /home/mbc/bin/drawterm -u mbc -a bootes -c bootes
Failed to read a valid object file image from memory.
[Thread debugging using libthread_db enabled]
[New Thread -1211438592 (LWP 14554)]
[New Thread -1216996432 (LWP 14557)]
[New Thread -1225864272 (LWP 14558)]
[New Thread -1236272208 (LWP 14559)]
[New Thread -1244660816 (LWP 14560)]
[New Thread -1253049424 (LWP 14561)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1211438592 (LWP 14554)]
0x08091dae in tas (x=0x0) at tas.c:9
9               __asm__(        "movl   $1, %%eax\n\t"
(gdb) bt
#0  0x08091dae in tas (x=0x0) at tas.c:9
#1  0x0808c741 in canlock (lk=0x0) at lock.c:7
#2  0x0808c764 in lock (lk=0x0) at lock.c:16
#3  0x0804f007 in incref (r=0x0) at chan.c:100
#4  0x080645b6 in fswalk (c=0x812b078, nc=0x812af68, name=0x8124ce8,
nname=1) at devfs-posix.c:152
#5  0x0804fa13 in walk (cp=0xbffe3850, names=0x8124ca8, nnames=17,
nomount=0, nerror=0xbffe3854) at chan.c:798
#6  0x08050367 in namec (
    aname=0x81262d8 "./sys/block/sdb/sdb1/subsystem/sdb/sdb1/subsystem/
sdb/sdb1/subsystem/sdb/sdb1/subsystem/sdb/queue/iosched", amode=0,
omode=0, perm=0) at chan.c:1145
#7  0x08059034 in _sysstat (
    name=0x81262d8 "./sys/block/sdb/sdb1/subsystem/sdb/sdb1/subsystem/
sdb/sdb1/subsystem/sdb/sdb1/subsystem/sdb/queue/iosched",
buf=0x812aabc, n=115) at sysfile.c:614
#8  0x080590d6 in sysstat (
    name=0x81262d8 "./sys/block/sdb/sdb1/subsystem/sdb/sdb1/subsystem/
sdb/sdb1/subsystem/sdb/sdb1/subsystem/sdb/queue/iosched",
buf=0x812aabc "queue", n=115) at sysfile.c:1113
#9  0x080898ff in dirstat (
    name=0x81262d8 "./sys/block/sdb/sdb1/subsystem/sdb/sdb1/subsystem/
sdb/sdb1/subsystem/sdb/sdb1/subsystem/sdb/queue/iosched") at dirstat.c:
23
#10 0x0806d422 in file (parent=0x81268c0, name=0x80ff2a2 "iosched") at
exportfs.c:287
#11 0x0806ed28 in Xwalk (t=0x80ed8a0) at exportsrv.c:204
#12 0x0806dc9c in exportfs (fd=7, msgsz=8240) at exportfs.c:102
#13 0x0804bd34 in cpumain (argc=7, argv=0xbffe40a4) at cpu.c:208
#14 0x0804a867 in main (argc=7, argv=0xbffe40a4) at main.c:68
(gdb)

Re: [9fans] drawterm sigsegv on linux 2.6.18

[Russ Cox]

> When I do a "du -a /" on a plan9 cpu server via drawterm,  drawterm
> gets a sigsegv after a while.  Gdb  reports that the sigsegv arrived
> when tas.c:9 (inline assembler code to do test and set) is called.  I
> cannot see anything wrong with the tas code though.

The problem isn't in tas but its caller -- note that tas
is being passed a null pointer.  Thanks for the gdb 
stack trace, which was very helpful.

The fix this change to kern/devfs-posix.c (a similar
change applies to kern/devfs-win32.c too):

 		cname = addelem(cname, name[i]);
 		wq->qid[i] = nc->qid;
 	}
-	nc->name = nil;
-	cnameclose(cname);
+	nc->name = cname;
 	if(i != nname){
 		cclose(nc);
 		wq->clone = nil;

The bug is only triggered when traversing paths 
more than 16 levels deep on the local machine.

Russ