From owner-freebsd-bugs@FreeBSD.ORG Sun Jan 29 20:20:14 2012 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 787E91065672 for ; Sun, 29 Jan 2012 20:20:14 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 624548FC08 for ; Sun, 29 Jan 2012 20:20:14 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id q0TKKE57047643 for ; Sun, 29 Jan 2012 20:20:14 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.5/8.14.5/Submit) id q0TKKEUk047642; Sun, 29 Jan 2012 20:20:14 GMT (envelope-from gnats) Date: Sun, 29 Jan 2012 20:20:14 GMT Message-Id: <201201292020.q0TKKEUk047642@freefall.freebsd.org> To: freebsd-bugs@FreeBSD.org From: Patrick Lamaiziere Cc: Subject: Re: misc/164565: kernel crash when kldunload'ing padlock X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Patrick Lamaiziere List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Jan 2012 20:20:14 -0000 The following reply was made to PR kern/164565; it has been noted by GNATS. From: Patrick Lamaiziere To: bug-followup@freebsd.org Cc: Stefan Krueger , pjd@freebsd.org Subject: Re: misc/164565: kernel crash when kldunload'ing padlock Date: Sun, 29 Jan 2012 21:17:02 +0100 --MP_/G4rR5p6WaSeS.e5_cqECYO. Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Content-Disposition: inline Le Sun, 29 Jan 2012 19:30:15 GMT, Stefan Krueger a écrit : > The following reply was made to PR kern/164565; it has been noted by > GNATS. > > From: Stefan Krueger > To: bug-followup@FreeBSD.org > Cc: Patrick Lamaiziere > Subject: Re: misc/164565: kernel crash when kldunload'ing padlock > Date: Sun, 29 Jan 2012 20:23:20 +0100 > > > > Unloading the padlock kernel module makes the kernel crash. > I get a backtrace indeed: > > # kldunload padlock > panic: rw lock 0xfffffe00019a2698 not unlocked > cpuid = 0 > KDB: stack backtrace: > #0 0xffffffff8049822e at kdb_backtrace+0x5e > #1 0xffffffff80460d57 at panic+0x187 > #2 0xffffffff8045fa84 at rw_destroy+0x34 > #3 0xffffffff80baa848 at padlock_detach+0x108 > #4 0xffffffff804919e4 at device_detach+0x94 > #5 0xffffffff80491c80 at devclass_driver_deleted+0x70 > #6 0xffffffff80491da1 at devclass_delete_driver+0x51 > #7 0xffffffff80491fad at driver_module_handler+0x14d > #8 0xffffffff8044fc05 at module_unload+0x35 > #9 0xffffffff8044592b at linker_file_unload+0x16b > #10 0xffffffff80446513 at kern_kldunload+0xf3 > #11 0xffffffff8063eea3 at amd64_syscall+0x313 > #12 0xffffffff80629f07 at Xfast_syscall+0xf7 > Uptime: 31s > Automatic reboot in 15 seconds - press a key on the console to abort > > Padlock is not in use (i.e. I netbooted a freebsd 9.0 kernel into > single-user, so no IPSEC, no GELI, no nothing at that point) Please try the attached patch. The rw_wlock at the beginning of padlock_detach() is not unlocked before it is destroyed. I think I've spotted this but forget to report when I did glxsb(4) (it is ok in glxsb_detach() and it detachs properly). I put Pawel Jakub Dawidek in copy. Thanks, regards. --MP_/G4rR5p6WaSeS.e5_cqECYO. Content-Type: text/plain Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=patch.txt --- /usr/src/sys/crypto/via/padlock.c~ 2011-09-23 02:51:37.000000000 +0200 +++ /usr/src/sys/crypto/via/padlock.c 2012-01-29 20:56:05.238878471 +0100 @@ -158,6 +158,7 @@ padlock_detach(device_t dev) TAILQ_REMOVE(&sc->sc_sessions, ses, ses_next); free(ses, M_PADLOCK); } + rw_wunlock(&sc->sc_sessions_lock); rw_destroy(&sc->sc_sessions_lock); crypto_unregister_all(sc->sc_cid); return (0); --MP_/G4rR5p6WaSeS.e5_cqECYO.--