[OpenAFS-devel] Solaris fixes for 1.4.x / AFS_SUN510_ENV

[Frank Batschulat (Home)]

On Wed, 30 Jan 2008 20:44:34 +0100, Jeffrey Hutzelman <jhutz@cmu.edu> wrote:

> --On Wednesday, January 30, 2008 06:14:02 PM +1100 Mike Battersby
> <mib@unimelb.edu.au> wrote:
>
>> 1. SSYS process exiting considered harmful
>>
>>   The first problem is that setting process flag SSYS on a process that
>>   exits, as the afs_osi_Invisible routine on Solaris 10 does, causes the
>>   system not to clean up the contract state of the process.  This leaves
>>   a dangling kernel-memory pointer in the contract table which used to
>>   point to the process struct.
>>
>>   Any user can corrupt kernel memory and cause a panic with the 'ctstat'
>>   command and the system cannot shut down without either panicing or
>>   going into an infinite loop as svc.startd repeatedly tries to kill the
>>   non-existent process.
>>
>> I really don't know why the code would set SSYS on a userland process
>> that's about to exit in the first place.  Can anyone shed any light?
>
> Threads that call afs_osi_Invisible are not about to exit; they're about to
> become long-lived AFS kernel threads.  Setting SSYS is correct; we just

Actually it is not appropriate for an arbitrary thread/proc to set SSYS.

Only system processes [they exist only in kernel, i,e p_as is set to kas]
created with newproc() are eligible for SSYS, and that happens automatically in newproc().

---
frankB