kern/42020: Calling ioctl(RNDADDDATA) causes panic: lock error

To: kern-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: kern/42020: Calling ioctl(RNDADDDATA) causes panic: lock error
From: jmosalmi%cc.hut.fi@localhost
Date: Tue, 8 Sep 2009 18:15:04 +0000 (UTC)

>Number:         42020
>Category:       kern
>Synopsis:       Calling ioctl(RNDADDDATA) causes panic: lock error
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Sep 08 18:15:04 +0000 2009
>Originator:     Juho Salminen
>Release:        NetBSD 5.99.16
>Organization:
Home
>Environment:
NetBSD raato 5.99.16 NetBSD 5.99.16 (MONOLITHIC) #2: Tue Sep  8 20:14:09 EEST 
2009  
fijusal%siniara.jmos.iki.fi@localhost:/r/netbsd-current-092009/obj/sys/arch/i386/compile/MONOLITHIC
 i386
>Description:
Calling ioctl(RNDADDDATA) on /dev/random causes lock error and kernel panic 
along with the following error message:

Mutex error: mutex_vector_enter: locking against myself

This occurs in sys/dev/rnd.c when rnd_wakeup_readers() is called while the 
mutex rndpool_mtx is already being held. rnd_wakeup_reader() then attempts to 
acquire the mutex again.

In function rndioctl():

        case RNDADDDATA:
                rnddata = (rnddata_t *)addr;

                mutex_enter(&rndpool_mtx);
                rndpool_add_data(&rnd_pool, rnddata->data, rnddata->len,
                    rnddata->entropy);

                rnd_wakeup_readers();
                mutex_exit(&rndpool_mtx);

                break;

In the beginning of function rnd_wakeup_readers():

        mutex_enter(&rndpool_mtx);


>How-To-Repeat:
-bash-3.2# cat koe.c
#include <sys/fcntl.h>
#include <sys/rnd.h>
#include <sys/ioctl.h>

int main()
{
  int fd;
  rnddata_t rd = { 0 };

  fd = open("/dev/random", O_RDWR, 0);
  rd.entropy = 1;
  rd.len = 1;

  ioctl(fd, RNDADDDATA, &rd);

}

-bash-3.2# gcc -okoe koe.c
-bash-3.2# ./koe
Mutex error: mutex_vector_enter: locking against myself

lock address : 0x00000000c0b248ec
current cpu  :                  0
current lwp  : 0x00000000cb27eac0 wait/spin                 0/0

panic: lock error
fatal breakpoint trap in supervisor mode
trap type 1 code 0 eip c053d50c cs 8 eflags 246 cr2 bbbe8150 ilevel 0
Stopped in pid 443.1 (koe) at   netbsd:breakpoint+0x4:  popl    %ebp
db{0}> 
>Fix:
Index: sys/dev/rnd.c
===================================================================
RCS file: /cvsroot/src/sys/dev/rnd.c,v
retrieving revision 1.72
diff -u -r1.72 rnd.c
--- sys/dev/rnd.c       5 May 2009 21:03:29 -0000       1.72
+++ sys/dev/rnd.c       8 Sep 2009 18:06:04 -0000
@@ -653,9 +653,9 @@
                mutex_enter(&rndpool_mtx);
                rndpool_add_data(&rnd_pool, rnddata->data, rnddata->len,
                    rnddata->entropy);
+               mutex_exit(&rndpool_mtx);
 
                rnd_wakeup_readers();
-               mutex_exit(&rndpool_mtx);
 
                break;

Prev by Date: bin/42018: nbmake hangs using -j on Solaris
Next by Date: port-i386/42021: NetBSD can't boot on LENOVO 3000 N100 (0768FPG) laptop
Previous by Thread: bin/42018: nbmake hangs using -j on Solaris
Next by Thread: port-i386/42021: NetBSD can't boot on LENOVO 3000 N100 (0768FPG) laptop
Indexes:

Home | Main Index | Thread Index | Old Index