NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

kern/41069: CIOCNCRYPTRETM ioctl can panic kernel or cause hangs

>Number:         41069
>Category:       kern
>Synopsis:       CIOCNCRYPTRETM ioctl can panic LOCKDEBUG kernel or hang
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Mar 24 23:20:01 +0000 2009
>Originator:     Thor Lancelot Simon
>Release:        NetBSD 5.0_RC2
System: NetBSD 5.0_RC2 NetBSD 5.0_RC2 (PANIX-XEN3U-USER-pae) 
#1: Sat Feb 21 20:24:11 EST 2009
Architecture: i386
Machine: i386
        The CIOCNCRYPTRETM ioctl on /dev/crypto can cause copyout() to be
        called with the crypto mutex -- a spin mutex -- held.  This causes
        a LOCKDEBUG kernel to panic, and can cause a non-LOCKDEBUG kernel
        to hang.
        Submit a lot of requests to /dev/crypto with a test rig.  Find all
        your old dumb bugs, like this one.
        Change CIOCNCRYPTRETM to dequeue the specified number of requests
        into a temporary datastructure -- like the one that already exists
        for delayed free! -- with the lock held, then do everything else,
        including copyout(), after releasing the lock.  How did I ever miss
        this when adding the delayed-free logic?

 non-LOCKDEBUG kernel.

Home | Main Index | Thread Index | Old Index