git: 3379d9b5de4c - main - umtx: Check for errors from suword32()
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 26 Dec 2023 02:04:27 UTC
The branch main has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=3379d9b5de4c4876a317d25ca008e66b1111b701 commit 3379d9b5de4c4876a317d25ca008e66b1111b701 Author: Mark Johnston <markj@FreeBSD.org> AuthorDate: 2023-12-26 01:42:17 +0000 Commit: Mark Johnston <markj@FreeBSD.org> CommitDate: 2023-12-26 02:04:01 +0000 umtx: Check for errors from suword32() This is in preparation for annotating copyin() and related functions with __result_use_check. Reviewed by: kib MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D43144 --- sys/kern/kern_umtx.c | 33 +++++++++++++++++++++++++-------- 1 file changed, 25 insertions(+), 8 deletions(-) diff --git a/sys/kern/kern_umtx.c b/sys/kern/kern_umtx.c index ff9505b8e31d..57ff74f5421e 100644 --- a/sys/kern/kern_umtx.c +++ b/sys/kern/kern_umtx.c @@ -2960,7 +2960,14 @@ do_cv_wait(struct thread *td, struct ucond *cv, struct umutex *m, */ error = fueword32(&cv->c_has_waiters, &hasw); if (error == 0 && hasw == 0) - suword32(&cv->c_has_waiters, 1); + error = suword32(&cv->c_has_waiters, 1); + if (error != 0) { + umtxq_lock(&uq->uq_key); + umtxq_remove(uq); + umtxq_unbusy(&uq->uq_key); + error = EFAULT; + goto out; + } umtxq_unbusy_unlocked(&uq->uq_key); @@ -2990,7 +2997,9 @@ do_cv_wait(struct thread *td, struct ucond *cv, struct umutex *m, umtxq_remove(uq); if (oldlen == 1) { umtxq_unlock(&uq->uq_key); - suword32(&cv->c_has_waiters, 0); + if (suword32(&cv->c_has_waiters, 0) != 0 && + error == 0) + error = EFAULT; umtxq_lock(&uq->uq_key); } } @@ -2998,7 +3007,7 @@ do_cv_wait(struct thread *td, struct ucond *cv, struct umutex *m, if (error == ERESTART) error = EINTR; } - +out: umtxq_unlock(&uq->uq_key); umtx_key_release(&uq->uq_key); return (error); @@ -3176,12 +3185,14 @@ sleep: */ rv = fueword32(&rwlock->rw_blocked_readers, &blocked_readers); + if (rv == 0) + rv = suword32(&rwlock->rw_blocked_readers, + blocked_readers + 1); if (rv == -1) { umtxq_unbusy_unlocked(&uq->uq_key); error = EFAULT; break; } - suword32(&rwlock->rw_blocked_readers, blocked_readers+1); while (state & wrflags) { umtxq_lock(&uq->uq_key); @@ -3206,12 +3217,14 @@ sleep: /* decrease read waiter count, and may clear read contention bit */ rv = fueword32(&rwlock->rw_blocked_readers, &blocked_readers); + if (rv == 0) + rv = suword32(&rwlock->rw_blocked_readers, + blocked_readers - 1); if (rv == -1) { umtxq_unbusy_unlocked(&uq->uq_key); error = EFAULT; break; } - suword32(&rwlock->rw_blocked_readers, blocked_readers-1); if (blocked_readers == 1) { rv = fueword32(&rwlock->rw_state, &state); if (rv == -1) { @@ -3360,12 +3373,14 @@ do_rw_wrlock(struct thread *td, struct urwlock *rwlock, struct _umtx_time *timeo sleep: rv = fueword32(&rwlock->rw_blocked_writers, &blocked_writers); + if (rv == 0) + rv = suword32(&rwlock->rw_blocked_writers, + blocked_writers + 1); if (rv == -1) { umtxq_unbusy_unlocked(&uq->uq_key); error = EFAULT; break; } - suword32(&rwlock->rw_blocked_writers, blocked_writers + 1); while ((state & URWLOCK_WRITE_OWNER) || URWLOCK_READER_COUNT(state) != 0) { @@ -3390,12 +3405,14 @@ sleep: rv = fueword32(&rwlock->rw_blocked_writers, &blocked_writers); + if (rv == 0) + rv = suword32(&rwlock->rw_blocked_writers, + blocked_writers - 1); if (rv == -1) { umtxq_unbusy_unlocked(&uq->uq_key); error = EFAULT; break; } - suword32(&rwlock->rw_blocked_writers, blocked_writers-1); if (blocked_writers == 1) { rv = fueword32(&rwlock->rw_state, &state); if (rv == -1) { @@ -3574,7 +3591,7 @@ again: rv1 = fueword32(&sem->_count, &count); if (rv == -1 || rv1 == -1 || count != 0 || (rv == 1 && count1 == 0)) { if (rv == 0) - suword32(&sem->_has_waiters, 0); + rv = suword32(&sem->_has_waiters, 0); umtxq_lock(&uq->uq_key); umtxq_unbusy(&uq->uq_key); umtxq_remove(uq);