From owner-svn-src-all@freebsd.org Mon Feb 25 13:15:35 2019 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 68F29150A70E; Mon, 25 Feb 2019 13:15:35 +0000 (UTC) (envelope-from andrew@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 0C3998C691; Mon, 25 Feb 2019 13:15:35 +0000 (UTC) (envelope-from andrew@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id F0B4E1D719; Mon, 25 Feb 2019 13:15:34 +0000 (UTC) (envelope-from andrew@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x1PDFYGC051823; Mon, 25 Feb 2019 13:15:34 GMT (envelope-from andrew@FreeBSD.org) Received: (from andrew@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id x1PDFYBx051822; Mon, 25 Feb 2019 13:15:34 GMT (envelope-from andrew@FreeBSD.org) Message-Id: <201902251315.x1PDFYBx051822@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: andrew set sender to andrew@FreeBSD.org using -f From: Andrew Turner Date: Mon, 25 Feb 2019 13:15:34 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r344517 - head/sys/kern X-SVN-Group: head X-SVN-Commit-Author: andrew X-SVN-Commit-Paths: head/sys/kern X-SVN-Commit-Revision: 344517 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 0C3998C691 X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-2.97 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_HAM_MEDIUM(-1.00)[-0.997,0]; NEURAL_HAM_SHORT(-0.97)[-0.973,0]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US]; NEURAL_HAM_LONG(-1.00)[-1.000,0] X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Feb 2019 13:15:35 -0000 Author: andrew Date: Mon Feb 25 13:15:34 2019 New Revision: 344517 URL: https://svnweb.freebsd.org/changeset/base/344517 Log: Check the index hasn't changed after writing the cmp entry. If an interrupt fires while writing the cmp entry we may have a partial entry. Work around this by using atomic_cmpset to set the new index. If it fails we need to set the previous index value and try again as the entry may be in an inconsistent state. This fixes messages similar to the following from syzkaller: bad comp 224 type 2163727253 Reviewed by: tuexen Sponsored by: DARPA, AFRL Differential Revision: https://reviews.freebsd.org/D19287 Modified: head/sys/kern/kern_kcov.c Modified: head/sys/kern/kern_kcov.c ============================================================================== --- head/sys/kern/kern_kcov.c Mon Feb 25 12:35:52 2019 (r344516) +++ head/sys/kern/kern_kcov.c Mon Feb 25 13:15:34 2019 (r344517) @@ -247,11 +247,16 @@ trace_cmp(uint64_t type, uint64_t arg1, uint64_t arg2, if (index * 4 + 4 + 1 > info->entries) return (false); - buf[index * 4 + 1] = type; - buf[index * 4 + 2] = arg1; - buf[index * 4 + 3] = arg2; - buf[index * 4 + 4] = ret; - buf[0] = index + 1; + while (1) { + buf[index * 4 + 1] = type; + buf[index * 4 + 2] = arg1; + buf[index * 4 + 3] = arg2; + buf[index * 4 + 4] = ret; + + if (atomic_cmpset_64(&buf[0], index, index + 1)) + break; + buf[0] = index; + } return (true); }