From nobody Wed Mar 12 14:47:37 2025 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZCYQ208f9z5r2Pp; Wed, 12 Mar 2025 14:47:38 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4ZCYQ13GLzz42DV; Wed, 12 Mar 2025 14:47:37 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1741790857; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=7VSwYzczS5BQJr8U+Akw838wzNsAQ7k8up2U9FAvkbM=; b=jl5KW3a563f9TL7amIcTUTXDQUlKuZbLB4HJCJiXGal3j/EcUYOIkKhDXNyNjJ4mGWoAFk ++4GPQ4hylD7vhnCAScehJ7IC0y0ZPZiIuizZK/YZ6tZKHDdtdsUV7Yn/XIAqKCyD4Jh/l XO5abZdqp525TqxF2zfIRD64nXhcQDUGkcbas/nXx369Yiky9gPcxPxi3M6ae75xNib9Zh lCVsJ7k1LjsAYmkUv9sxvyLvB/MDBmLaALr/IFV2ZfmEV56rKYqcccTlwsRsEDxLvevlj7 1s5aY8iud6bJDKaG7C0gYy4fBpvAGijz8OU820IxzqYj1KdX94EOtZyRFDb8rA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1741790857; a=rsa-sha256; cv=none; b=fKG4ORpj4D2zRP+ohb24CRQlXhtJoqE1uO1mTc7iHoVmPj9Jweu+JVsuGYSl2TJ+Gh2s36 m3NyuBwQT66ee5BFTBd42EWZ9uk2d4u9lFdUCs8jErUkHXI5IVWY3HM36foidopk/KNYFw xBn+9fjD1YH9eugFQ1JeHdKjcaHg+aYR1TZrUcJrchveGSKZNzSSdnxBz+lwWy7nwE9ndR S08jTB5RYLUYK2ZaImX7IsmNP19QqCPAfC37fuFu9dAI7belH8FXP+Iyq2ZbkozmXG9YM4 hBa6aEnCIJKZfHmtjHSZh9CQA07+6lZzZ+CQ82PBbKDr51I22IVRlQVyJJR04Q== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1741790857; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=7VSwYzczS5BQJr8U+Akw838wzNsAQ7k8up2U9FAvkbM=; b=NU4AkZon8ShgFrhce2bZIL46v6xTtiV57p9JjDfc8EBMlSjlZeUyUGs3nTWXuTQIbyi+jB yQpAziisYUDHOBRVmIvozwUBbLMTyiv2wnxdg/CIYm4E2xnjDIN7LXgN8KzXBPele14rgt /tWF9jp7by0pkk8yPqbvoATQyDN+UBpbg0n86MVa606KizNmyjw+TykQRy+Ue31KPZfzg1 CGZmNtvxdrVM+rBLqxMnqGRvNfMBOlJIYicWjXJA6qZ1uYSYnr2Syn3BrfK+zWbfxraV2i L3nXwaVSHbOUW3AX9IQl0Pd0ebXsbHzl8AEMfMjbUhjBMJla72DCMTU48XhfQA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZCYQ12LLDz1Ln; Wed, 12 Mar 2025 14:47:37 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 52CElbOR096556; Wed, 12 Mar 2025 14:47:37 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 52CElb6u096553; Wed, 12 Mar 2025 14:47:37 GMT (envelope-from git) Date: Wed, 12 Mar 2025 14:47:37 GMT Message-Id: <202503121447.52CElb6u096553@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: John Baldwin Subject: git: dba45599c498 - main - mtx: Avoid nested panics on lock class mismatch assertions List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: jhb X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: dba45599c498deed01e1c98acef74e183c1bbf8d Auto-Submitted: auto-generated The branch main has been updated by jhb: URL: https://cgit.FreeBSD.org/src/commit/?id=dba45599c498deed01e1c98acef74e183c1bbf8d commit dba45599c498deed01e1c98acef74e183c1bbf8d Author: John Baldwin AuthorDate: 2025-03-12 14:24:35 +0000 Commit: John Baldwin CommitDate: 2025-03-12 14:39:26 +0000 mtx: Avoid nested panics on lock class mismatch assertions It is only (somewhat) safe to dereference lo_name if we know the mutex has a specific lock class that is incorrect, not if just has "some" incorrect lock class. In particular, in the case of memory overwritten with 0xdeadc0de, the lock class won't match either mutex type. However, trying to dereference lo_name via a 0xdeadc0de pointer triggers a nested panic building the panicstr which then prevents a crash dump. Reviewed by: olce, kib, markj Sponsored by: AFRL, DARPA Differential Revision: https://reviews.freebsd.org/D49313 --- sys/kern/kern_mutex.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/sys/kern/kern_mutex.c b/sys/kern/kern_mutex.c index c04412688979..3ada9246326f 100644 --- a/sys/kern/kern_mutex.c +++ b/sys/kern/kern_mutex.c @@ -288,7 +288,7 @@ __mtx_lock_flags(volatile uintptr_t *c, int opts, const char *file, int line) curthread, m->lock_object.lo_name, file, line)); KASSERT(m->mtx_lock != MTX_DESTROYED, ("mtx_lock() of destroyed mutex @ %s:%d", file, line)); - KASSERT(LOCK_CLASS(&m->lock_object) == &lock_class_mtx_sleep, + KASSERT(LOCK_CLASS(&m->lock_object) != &lock_class_mtx_spin, ("mtx_lock() of spin mutex %s @ %s:%d", m->lock_object.lo_name, file, line)); WITNESS_CHECKORDER(&m->lock_object, (opts & ~MTX_RECURSE) | @@ -317,7 +317,7 @@ __mtx_unlock_flags(volatile uintptr_t *c, int opts, const char *file, int line) KASSERT(m->mtx_lock != MTX_DESTROYED, ("mtx_unlock() of destroyed mutex @ %s:%d", file, line)); - KASSERT(LOCK_CLASS(&m->lock_object) == &lock_class_mtx_sleep, + KASSERT(LOCK_CLASS(&m->lock_object) != &lock_class_mtx_spin, ("mtx_unlock() of spin mutex %s @ %s:%d", m->lock_object.lo_name, file, line)); WITNESS_UNLOCK(&m->lock_object, opts | LOP_EXCLUSIVE, file, line); @@ -346,7 +346,7 @@ __mtx_lock_spin_flags(volatile uintptr_t *c, int opts, const char *file, KASSERT(m->mtx_lock != MTX_DESTROYED, ("mtx_lock_spin() of destroyed mutex @ %s:%d", file, line)); - KASSERT(LOCK_CLASS(&m->lock_object) == &lock_class_mtx_spin, + KASSERT(LOCK_CLASS(&m->lock_object) != &lock_class_mtx_sleep, ("mtx_lock_spin() of sleep mutex %s @ %s:%d", m->lock_object.lo_name, file, line)); if (mtx_owned(m)) @@ -387,7 +387,7 @@ __mtx_trylock_spin_flags(volatile uintptr_t *c, int opts, const char *file, KASSERT(m->mtx_lock != MTX_DESTROYED, ("mtx_trylock_spin() of destroyed mutex @ %s:%d", file, line)); - KASSERT(LOCK_CLASS(&m->lock_object) == &lock_class_mtx_spin, + KASSERT(LOCK_CLASS(&m->lock_object) != &lock_class_mtx_sleep, ("mtx_trylock_spin() of sleep mutex %s @ %s:%d", m->lock_object.lo_name, file, line)); KASSERT((opts & MTX_RECURSE) == 0, @@ -412,7 +412,7 @@ __mtx_unlock_spin_flags(volatile uintptr_t *c, int opts, const char *file, KASSERT(m->mtx_lock != MTX_DESTROYED, ("mtx_unlock_spin() of destroyed mutex @ %s:%d", file, line)); - KASSERT(LOCK_CLASS(&m->lock_object) == &lock_class_mtx_spin, + KASSERT(LOCK_CLASS(&m->lock_object) != &lock_class_mtx_sleep, ("mtx_unlock_spin() of sleep mutex %s @ %s:%d", m->lock_object.lo_name, file, line)); WITNESS_UNLOCK(&m->lock_object, opts | LOP_EXCLUSIVE, file, line); @@ -450,7 +450,7 @@ _mtx_trylock_flags_int(struct mtx *m, int opts LOCK_FILE_LINE_ARG_DEF) curthread, m->lock_object.lo_name, file, line)); KASSERT(m->mtx_lock != MTX_DESTROYED, ("mtx_trylock() of destroyed mutex @ %s:%d", file, line)); - KASSERT(LOCK_CLASS(&m->lock_object) == &lock_class_mtx_sleep, + KASSERT(LOCK_CLASS(&m->lock_object) != &lock_class_mtx_spin, ("mtx_trylock() of spin mutex %s @ %s:%d", m->lock_object.lo_name, file, line)); @@ -827,7 +827,7 @@ thread_lock_validate(struct mtx *m, int opts, const char *file, int line) KASSERT(m->mtx_lock != MTX_DESTROYED, ("thread_lock() of destroyed mutex @ %s:%d", file, line)); - KASSERT(LOCK_CLASS(&m->lock_object) == &lock_class_mtx_spin, + KASSERT(LOCK_CLASS(&m->lock_object) != &lock_class_mtx_sleep, ("thread_lock() of sleep mutex %s @ %s:%d", m->lock_object.lo_name, file, line)); KASSERT((m->lock_object.lo_flags & LO_RECURSABLE) == 0, @@ -1286,7 +1286,7 @@ mtx_spin_wait_unlocked(struct mtx *m) KASSERT(m->mtx_lock != MTX_DESTROYED, ("%s() of destroyed mutex %p", __func__, m)); - KASSERT(LOCK_CLASS(&m->lock_object) == &lock_class_mtx_spin, + KASSERT(LOCK_CLASS(&m->lock_object) != &lock_class_mtx_sleep, ("%s() of sleep mutex %p (%s)", __func__, m, m->lock_object.lo_name)); KASSERT(!mtx_owned(m), ("%s() waiting on myself on lock %p (%s)", __func__, m, @@ -1312,8 +1312,8 @@ mtx_wait_unlocked(struct mtx *m) KASSERT(m->mtx_lock != MTX_DESTROYED, ("%s() of destroyed mutex %p", __func__, m)); - KASSERT(LOCK_CLASS(&m->lock_object) == &lock_class_mtx_sleep, - ("%s() not a sleep mutex %p (%s)", __func__, m, + KASSERT(LOCK_CLASS(&m->lock_object) != &lock_class_mtx_spin, + ("%s() of spin mutex %p (%s)", __func__, m, m->lock_object.lo_name)); KASSERT(!mtx_owned(m), ("%s() waiting on myself on lock %p (%s)", __func__, m, m->lock_object.lo_name));