svn commit: r344517 - head/sys/kern

[Andrew Turner]

Author: andrew
Date: Mon Feb 25 13:15:34 2019
New Revision: 344517
URL: https://svnweb.freebsd.org/changeset/base/344517

Log:
  Check the index hasn't changed after writing the cmp entry.
  
  If an interrupt fires while writing the cmp entry we may have a partial
  entry. Work around this by using atomic_cmpset to set the new index. If it
  fails we need to set the previous index value and try again as the entry
  may be in an inconsistent state.
  
  This fixes messages similar to the following from syzkaller:
  bad comp 224 type 2163727253
  
  Reviewed by:	tuexen
  Sponsored by:	DARPA, AFRL
  Differential Revision:	https://reviews.freebsd.org/D19287

Modified:
  head/sys/kern/kern_kcov.c

Modified: head/sys/kern/kern_kcov.c
==============================================================================
--- head/sys/kern/kern_kcov.c	Mon Feb 25 12:35:52 2019	(r344516)
+++ head/sys/kern/kern_kcov.c	Mon Feb 25 13:15:34 2019	(r344517)
@@ -247,11 +247,16 @@ trace_cmp(uint64_t type, uint64_t arg1, uint64_t arg2,
 	if (index * 4 + 4 + 1 > info->entries)
 		return (false);
 
-	buf[index * 4 + 1] = type;
-	buf[index * 4 + 2] = arg1;
-	buf[index * 4 + 3] = arg2;
-	buf[index * 4 + 4] = ret;
-	buf[0] = index + 1;
+	while (1) {
+		buf[index * 4 + 1] = type;
+		buf[index * 4 + 2] = arg1;
+		buf[index * 4 + 3] = arg2;
+		buf[index * 4 + 4] = ret;
+
+		if (atomic_cmpset_64(&buf[0], index, index + 1))
+			break;
+		buf[0] = index;
+	}
 
 	return (true);
 }