From nobody Tue Apr 29 18:30:42 2025 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Zn85G6VXwz5vMvp; Tue, 29 Apr 2025 18:30:42 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Zn85G2b0pz4Hjh; Tue, 29 Apr 2025 18:30:42 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1745951442; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=lQIzibU/+P6/IqWAsqY7ycfXs3prHM8rPpWpCmITk6Q=; b=P3ItA54xPyRl6maNNO5bqpW89urNvj5X3Ph5scnp9ZZEJ7h368Sg+D2rF2UOGzORoXcIo0 ZdDCM1PLcFHq/XWSVEtds19hjR4FKH8wFkY+VcVw1Sk+UcADyTEVQ+Oi2n+UQK6qXAjWPq tK/lQB0K+AwAIfg0/ykMQV7dZ7azi7rjxX2XDap2jBshU9iFMWjpiUnXY1PygkV30pPXOn F6J3OR0fTjwqjwwgI7QW7mZwjMKsf4XZu6XU0wnVm0oxuMl6+isfKNaIluZ4O03XXvfgKt oJcd6fkwgtUZA+q6wuxH/jvUAoWElYSCeDwDgVGZ4nAm/IlpuG36WGtiPT1GkA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1745951442; a=rsa-sha256; cv=none; b=bgY1JST1NsFR/uCWz/qNDTJ7QGqztEiKbtlEV88/+DNo1Jxu5Xr7hs3eFQyAgsVN7OdzSn vAz0JZDeGhTGr439H6khsySD95iHv76x+gdM2eTORNWXy1z+ig+yWVILoI5+v8Hh+eg5Uj WL/NaeW1MgyRcLSpDCxhUJBslbWPo2PByWAiVL5B3XkR5e1+JAs9OQH8jfg9HYaj0aEIeC 0NDVhulPjte5lir1aAUiONx3xCJvRfv2+ePHvvPxXbXIT76xTxaa87AogYw/TLlt7IO9EQ Vi76yqdhm+qwmN7goK+JO4BRDuZDznxj7VxrgGfR+F+f/9egOI7i4TfVAGOj9A== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1745951442; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=lQIzibU/+P6/IqWAsqY7ycfXs3prHM8rPpWpCmITk6Q=; b=aiXD9ZzBhRuF4GqtOexz5trQ/N94//YIWRG9k8Z1EpXHp5N5pmYmwyMVBjgYXGmXDIGviU ehnbP9en6kdBacqh+Z+v0tYv4EWQuNdXLuZLMSLPs+KeFEHqUobXkFuLOFz/0u+S9f2R/R oXeXuQWEzGXhD2R4N07DgUu0DhEWh9qmpS8m/ZC5IxJy/1KcfZHKKAGTIffKaVHkftIEGR JcVXZxg+cv/84z98GMvrN+ljaEVzkpBykXs56tgbbASikLp1d/LZIDn5JqB0U/nBmHu7Ad NJWBwZy6RPQr+kQ9sy0VVBQ+KsRbWQCuSCuPwu9GTkIP+LSEpeZ0E9KFOiFZQw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Zn85G16tQzXqW; Tue, 29 Apr 2025 18:30:42 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 53TIUgnD022699; Tue, 29 Apr 2025 18:30:42 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 53TIUgwv022696; Tue, 29 Apr 2025 18:30:42 GMT (envelope-from git) Date: Tue, 29 Apr 2025 18:30:42 GMT Message-Id: <202504291830.53TIUgwv022696@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: John Baldwin Subject: git: 27fb895f9e81 - stable/14 - mtx: Avoid nested panics on lock class mismatch assertions List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: jhb X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 27fb895f9e81c57378f39d705e8a34caffaa9e93 Auto-Submitted: auto-generated The branch stable/14 has been updated by jhb: URL: https://cgit.FreeBSD.org/src/commit/?id=27fb895f9e81c57378f39d705e8a34caffaa9e93 commit 27fb895f9e81c57378f39d705e8a34caffaa9e93 Author: John Baldwin AuthorDate: 2025-03-12 14:24:35 +0000 Commit: John Baldwin CommitDate: 2025-04-29 14:43:36 +0000 mtx: Avoid nested panics on lock class mismatch assertions It is only (somewhat) safe to dereference lo_name if we know the mutex has a specific lock class that is incorrect, not if just has "some" incorrect lock class. In particular, in the case of memory overwritten with 0xdeadc0de, the lock class won't match either mutex type. However, trying to dereference lo_name via a 0xdeadc0de pointer triggers a nested panic building the panicstr which then prevents a crash dump. Reviewed by: olce, kib, markj Sponsored by: AFRL, DARPA Differential Revision: https://reviews.freebsd.org/D49313 (cherry picked from commit dba45599c498deed01e1c98acef74e183c1bbf8d) --- sys/kern/kern_mutex.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/sys/kern/kern_mutex.c b/sys/kern/kern_mutex.c index 7f348530ed31..11ff7e1cacc4 100644 --- a/sys/kern/kern_mutex.c +++ b/sys/kern/kern_mutex.c @@ -270,7 +270,7 @@ __mtx_lock_flags(volatile uintptr_t *c, int opts, const char *file, int line) curthread, m->lock_object.lo_name, file, line)); KASSERT(m->mtx_lock != MTX_DESTROYED, ("mtx_lock() of destroyed mutex @ %s:%d", file, line)); - KASSERT(LOCK_CLASS(&m->lock_object) == &lock_class_mtx_sleep, + KASSERT(LOCK_CLASS(&m->lock_object) != &lock_class_mtx_spin, ("mtx_lock() of spin mutex %s @ %s:%d", m->lock_object.lo_name, file, line)); WITNESS_CHECKORDER(&m->lock_object, (opts & ~MTX_RECURSE) | @@ -299,7 +299,7 @@ __mtx_unlock_flags(volatile uintptr_t *c, int opts, const char *file, int line) KASSERT(m->mtx_lock != MTX_DESTROYED, ("mtx_unlock() of destroyed mutex @ %s:%d", file, line)); - KASSERT(LOCK_CLASS(&m->lock_object) == &lock_class_mtx_sleep, + KASSERT(LOCK_CLASS(&m->lock_object) != &lock_class_mtx_spin, ("mtx_unlock() of spin mutex %s @ %s:%d", m->lock_object.lo_name, file, line)); WITNESS_UNLOCK(&m->lock_object, opts | LOP_EXCLUSIVE, file, line); @@ -328,7 +328,7 @@ __mtx_lock_spin_flags(volatile uintptr_t *c, int opts, const char *file, KASSERT(m->mtx_lock != MTX_DESTROYED, ("mtx_lock_spin() of destroyed mutex @ %s:%d", file, line)); - KASSERT(LOCK_CLASS(&m->lock_object) == &lock_class_mtx_spin, + KASSERT(LOCK_CLASS(&m->lock_object) != &lock_class_mtx_sleep, ("mtx_lock_spin() of sleep mutex %s @ %s:%d", m->lock_object.lo_name, file, line)); if (mtx_owned(m)) @@ -369,7 +369,7 @@ __mtx_trylock_spin_flags(volatile uintptr_t *c, int opts, const char *file, KASSERT(m->mtx_lock != MTX_DESTROYED, ("mtx_trylock_spin() of destroyed mutex @ %s:%d", file, line)); - KASSERT(LOCK_CLASS(&m->lock_object) == &lock_class_mtx_spin, + KASSERT(LOCK_CLASS(&m->lock_object) != &lock_class_mtx_sleep, ("mtx_trylock_spin() of sleep mutex %s @ %s:%d", m->lock_object.lo_name, file, line)); KASSERT((opts & MTX_RECURSE) == 0, @@ -394,7 +394,7 @@ __mtx_unlock_spin_flags(volatile uintptr_t *c, int opts, const char *file, KASSERT(m->mtx_lock != MTX_DESTROYED, ("mtx_unlock_spin() of destroyed mutex @ %s:%d", file, line)); - KASSERT(LOCK_CLASS(&m->lock_object) == &lock_class_mtx_spin, + KASSERT(LOCK_CLASS(&m->lock_object) != &lock_class_mtx_sleep, ("mtx_unlock_spin() of sleep mutex %s @ %s:%d", m->lock_object.lo_name, file, line)); WITNESS_UNLOCK(&m->lock_object, opts | LOP_EXCLUSIVE, file, line); @@ -432,7 +432,7 @@ _mtx_trylock_flags_int(struct mtx *m, int opts LOCK_FILE_LINE_ARG_DEF) curthread, m->lock_object.lo_name, file, line)); KASSERT(m->mtx_lock != MTX_DESTROYED, ("mtx_trylock() of destroyed mutex @ %s:%d", file, line)); - KASSERT(LOCK_CLASS(&m->lock_object) == &lock_class_mtx_sleep, + KASSERT(LOCK_CLASS(&m->lock_object) != &lock_class_mtx_spin, ("mtx_trylock() of spin mutex %s @ %s:%d", m->lock_object.lo_name, file, line)); @@ -806,7 +806,7 @@ thread_lock_validate(struct mtx *m, int opts, const char *file, int line) KASSERT(m->mtx_lock != MTX_DESTROYED, ("thread_lock() of destroyed mutex @ %s:%d", file, line)); - KASSERT(LOCK_CLASS(&m->lock_object) == &lock_class_mtx_spin, + KASSERT(LOCK_CLASS(&m->lock_object) != &lock_class_mtx_sleep, ("thread_lock() of sleep mutex %s @ %s:%d", m->lock_object.lo_name, file, line)); KASSERT((m->lock_object.lo_flags & LO_RECURSABLE) == 0, @@ -1263,7 +1263,7 @@ mtx_spin_wait_unlocked(struct mtx *m) KASSERT(m->mtx_lock != MTX_DESTROYED, ("%s() of destroyed mutex %p", __func__, m)); - KASSERT(LOCK_CLASS(&m->lock_object) == &lock_class_mtx_spin, + KASSERT(LOCK_CLASS(&m->lock_object) != &lock_class_mtx_sleep, ("%s() of sleep mutex %p (%s)", __func__, m, m->lock_object.lo_name)); KASSERT(!mtx_owned(m), ("%s() waiting on myself on lock %p (%s)", __func__, m, @@ -1289,8 +1289,8 @@ mtx_wait_unlocked(struct mtx *m) KASSERT(m->mtx_lock != MTX_DESTROYED, ("%s() of destroyed mutex %p", __func__, m)); - KASSERT(LOCK_CLASS(&m->lock_object) == &lock_class_mtx_sleep, - ("%s() not a sleep mutex %p (%s)", __func__, m, + KASSERT(LOCK_CLASS(&m->lock_object) != &lock_class_mtx_spin, + ("%s() of spin mutex %p (%s)", __func__, m, m->lock_object.lo_name)); KASSERT(!mtx_owned(m), ("%s() waiting on myself on lock %p (%s)", __func__, m, m->lock_object.lo_name));