From nobody Sat Dec 25 09:10:54 2021 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 761631907B84; Sat, 25 Dec 2021 09:10:55 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4JLdSv18b4z4RfW; Sat, 25 Dec 2021 09:10:55 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 07AE0149A7; Sat, 25 Dec 2021 09:10:55 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 1BP9AsOV087012; Sat, 25 Dec 2021 09:10:54 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 1BP9AsQV087011; Sat, 25 Dec 2021 09:10:54 GMT (envelope-from git) Date: Sat, 25 Dec 2021 09:10:54 GMT Message-Id: <202112250910.1BP9AsQV087011@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Andriy Gapon Subject: git: a8915e46ee12 - stable/13 - mmc_sim: fix setting of the mutex name List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-branches@freebsd.org X-BeenThere: dev-commits-src-branches@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: avg X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: a8915e46ee12413ac05c08e4f327488c641c7f01 Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1640423455; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=eHheGq0WxOcOH3odimBg1nPFSyfcdewAXJxh/DsXJ1k=; b=dV2O8T0FK4MaH5A/RQ6/HldkdGt6u+1fiK2OB5nIPSvRyMEvSt+Vs1Sc6trZcKS74QRe+A 7Xt/1qwmO3R6iK/20wzKA+5NIM4b74kEJ2kjA1XpJMRgdD+rjxIarUhRlwv8VrDf3EzYUl Ubw5UzsNO+KkbD4sAfvys3DZA1J79lnYNxcHFrjELuyJdP+wEA6tjZ1HAbFnDZZw788VDL HW/b5Ad19U9t6FMoRfrYIdflZ4Vvsf6P49MgKxhLpdXhH61leOK2bPndaRHtTuTTM4R6HV lgP2sUSkCNLngYXZROIf7cu+gRtQ0JoxUqDRin10pa5yHPgP8oCiMoBygBSjgw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1640423455; a=rsa-sha256; cv=none; b=E2Gu+d+byy4WR394YhbalUnKMu/rpY8SgJpgZplmO8UokgGE/N6sxWeqBZbYEYrYH4EQ3o SxpiIUrs2hjV5iA1GGWvqMF9O+UFmHTJNaINK+4zi8pZobpi1eA+1M+8wgPEmZk2w54Dyz ZGj58UsPdjGO9yMaahAXEFnEY1Z2GptWJFnEpZ4Ek3+cmqK4kJb11wZeSmodJjU8OXA4bD Q6wP3EDgd7bD8bTNjjrVXitme+5DsTD15A/46xb7AWFI8OBEX53kLdj+3S6eC4IVF1YiW6 8lFZG8ZR/7/VOkv+hTwPuNvA8L9nO+hYcJ2CFBSCVpctdJqX5avUQknO15a3aA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch stable/13 has been updated by avg: URL: https://cgit.FreeBSD.org/src/commit/?id=a8915e46ee12413ac05c08e4f327488c641c7f01 commit a8915e46ee12413ac05c08e4f327488c641c7f01 Author: Andriy Gapon AuthorDate: 2021-12-15 11:37:59 +0000 Commit: Andriy Gapon CommitDate: 2021-12-25 09:04:29 +0000 mmc_sim: fix setting of the mutex name To quote the manual: The pointer passed in as name and type is saved rather than the data it points to. The data pointed to must remain stable until the mutex is destroyed. It seems that the type is actually copied, but the name is stored as a pointer indeed. mmc_cam_sim_alloc used a name stored on stack. So, a corrupt mutex name would be reported. For example: lock order reversal: (sleepable after non-sleepable) 1st 0xd7285b20 <8A>P@P@^D^A (aw_mmc_sim, sleep mutex) @ sys/cam/cam_xpt.c:2804 This change moves the name to struct mmc_sim. Also, that name is used as the sim name as well. Unused mtx_name variable is removed too. The name buffer is reduced to 16 characters. (cherry picked from commit 18679ab1c06575517df9df2509564dbf038d4720) (cherry picked from commit 8eca341d9bb678f08065edd8f24c2ab32dcf8e56) --- sys/cam/mmc/mmc_sim.c | 9 +++------ sys/cam/mmc/mmc_sim.h | 1 + 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/sys/cam/mmc/mmc_sim.c b/sys/cam/mmc/mmc_sim.c index 022a1569cc59..461cb7625a1f 100644 --- a/sys/cam/mmc/mmc_sim.c +++ b/sys/cam/mmc/mmc_sim.c @@ -191,7 +191,6 @@ mmc_cam_sim_default_action(struct cam_sim *sim, union ccb *ccb) int mmc_cam_sim_alloc(device_t dev, const char *name, struct mmc_sim *mmc_sim) { - char sim_name[64], mtx_name[64]; mmc_sim->dev = dev; @@ -199,13 +198,11 @@ mmc_cam_sim_alloc(device_t dev, const char *name, struct mmc_sim *mmc_sim) goto fail; } - snprintf(sim_name, sizeof(sim_name), "%s_sim", name); - snprintf(mtx_name, sizeof(mtx_name), "%s_mtx", name); - - mtx_init(&mmc_sim->mtx, sim_name, NULL, MTX_DEF); + snprintf(mmc_sim->name, sizeof(mmc_sim->name), "%s_sim", name); + mtx_init(&mmc_sim->mtx, mmc_sim->name, NULL, MTX_DEF); mmc_sim->sim = cam_sim_alloc_dev(mmc_cam_sim_default_action, mmc_cam_default_poll, - name, mmc_sim, dev, + mmc_sim->name, mmc_sim, dev, &mmc_sim->mtx, 1, 1, mmc_sim->devq); if (mmc_sim->sim == NULL) { diff --git a/sys/cam/mmc/mmc_sim.h b/sys/cam/mmc/mmc_sim.h index 2b1159a9758e..18c49b3f57e8 100644 --- a/sys/cam/mmc/mmc_sim.h +++ b/sys/cam/mmc/mmc_sim.h @@ -33,6 +33,7 @@ struct mmc_sim { struct mmc_cam_sim_softc *sc; struct mtx mtx; + char name[16]; struct cam_devq *devq; struct cam_sim *sim; device_t dev;