[Bug 238707] [PATCH][LOR] Lock order reversal: rtentry vs "nd6 list"
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Wed Jun 19 15:05:51 UTC 2019
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=238707
Bug ID: 238707
Summary: [PATCH][LOR] Lock order reversal: rtentry vs "nd6
list"
Product: Base System
Version: CURRENT
Hardware: Any
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: kern
Assignee: bugs at FreeBSD.org
Reporter: arnaud.ysmal at stormshield.eu
Created attachment 205221
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=205221&action=edit
Patch to move the unlock of the rtentry just before the call of rt_notifydelete
Hi,
I encounter the following lor in the function rtrequest1_fib (in the RTM_DELETE
case of the switch).
When deleting a rtentry, it is returned locked by rt_unlinkrte then during the
call to rt_notifydelete the "nd6 list" lock is locked.
In the RTM_ADD switch case, the old_rt in unlink by rt_unlinkrte then unlocked
and passed to the rt_notifydelete, with this I assume there is no issue to call
rt_notifydelete with a rtentry unlocked.
The patch enclosed move the unlock of the rtentry just before the call of
rt_notifydelete.
The witness trace is the following:
[2019-05-01 23:21:12] lock order reversal:
[2019-05-01 23:21:12] 1st 0xfffff80036683998 rtentry (rtentry) @
net/route.c:1230
[2019-05-01 23:21:12] 2nd 0xffffffff8147fe68 nd6 list (nd6 list) @
netinet6/nd6_rtr.c:545
[2019-05-01 23:21:12] stack backtrace:
[2019-05-01 23:21:12] #0 0xffffffff80544e10 at witness_debugger+0x70
[2019-05-01 23:21:12] #1 0xffffffff80544d10 at witness_checkorder+0xc90
[2019-05-01 23:21:12] #2 0xffffffff804ecfda at __rw_rlock+0x3a
[2019-05-01 23:21:12] #3 0xffffffff8068f798 at defrouter_lookup+0x28
[2019-05-01 23:21:12] #4 0xffffffff80689b40 at nd6_rtrequest+0x50
[2019-05-01 23:21:12] #5 0xffffffff805f4a66 at rtrequest1_fib+0x286
[2019-05-01 23:21:12] #6 0xffffffff805f89ff at route_output+0x77f
[2019-05-01 23:21:12] #7 0xffffffff8056ef7f at sosend_generic+0x43f
[2019-05-01 23:21:12] #8 0xffffffff8054f90d at soo_write+0x2d
[2019-05-01 23:21:12] #9 0xffffffff80548b0a at dofilewrite+0x8a
[2019-05-01 23:21:12] #10 0xffffffff805487e8 at kern_writev+0x68
[2019-05-01 23:21:12] #11 0xffffffff80548776 at sys_write+0x86
[2019-05-01 23:21:12] #12 0xffffffff80753bf9 at amd64_syscall+0x299
[2019-05-01 23:21:12] #13 0xffffffff80734bed at fast_syscall_common+0x101
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list