kern/56592: sys: dev: sysmon: possible ABBA deadlock in sme_events_worker() and sme_events_check()

[baijiaju1990%gmail.com@localhost]

>Number:         56592
>Category:       kern
>Synopsis:       sys: dev: sysmon: possible ABBA deadlock in sme_events_worker() and sme_events_check()
>Confidential:   no
>Severity:       critical
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Fri Dec 31 02:10:00 +0000 2021
>Originator:     Jia-Ju Bai
>Release:        9.2
>Organization:
Tsinghua University
>Environment:
NetBSD localhost 9.2 NetBSD 9.2 (GENERIC) #0: Wed May 12 13:15:55 UTC 2021  mkrepro%mkrepro.NetBSD.org@localhost:/usr/src/sys/arch/amd64/compile/GENERIC amd64
>Description:
Hello,

My static analysis tool reports a possible ABBA deadlock in the sysmon module in NetBSD-9.2:

sme_events_worker()
  mutex_enter(&sme->sme_mtx); --> Line 775 (Lock A)
  mutex_enter(&sme->sme_work_mtx); --> Line 833 (Lock B)

sme_events_check()
  mutex_enter(&sme->sme_work_mtx); --> Line 739 (Lock B)
  mutex_enter(&sme->sme_mtx); --> Line 746 (Lock A)

When sme_events_worker() and sme_events_check() are concurrently executed, the deadlocks can occur.

I am not quite sure whether this possible deadlock is real and how to fix it if it is real.
Any feedback would be appreciated, thanks :)

Reported-by: TOTE Robot <oslab%tsinghua.edu.cn@localhost>


Best wishes,
Jia-Ju Bai 
>How-To-Repeat:
I think we could execute sme_events_worker() and sme_events_check() concurrently to trigger this possible deadlock.
>Fix:
A possible way is to exchange mutex_enter(&sme->sme_work_mtx) and mutex_enter(&sme->sme_mtx) in sme_events_check().