Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/sys/kern ksyms(4): Fix ksymsread synchronization.



details:   https://anonhg.NetBSD.org/src/rev/991ef41f9a7a
branches:  trunk
changeset: 1021491:991ef41f9a7a
user:      riastradh <riastradh%NetBSD.org@localhost>
date:      Tue Jun 01 21:10:23 2021 +0000

description:
ksyms(4): Fix ksymsread synchronization.

Fixes crash on concurrent update and read of /dev/ksyms.

XXX Unclear why we have to skip sd_gone entries here -- it seems like
they should be preserved until ksymsclose.

diffstat:

 sys/kern/kern_ksyms.c |  62 +++++++++++++++++++++++++++++++++-----------------
 1 files changed, 41 insertions(+), 21 deletions(-)

diffs (185 lines):

diff -r 08bd48a6441a -r 991ef41f9a7a sys/kern/kern_ksyms.c
--- a/sys/kern/kern_ksyms.c     Tue Jun 01 21:08:48 2021 +0000
+++ b/sys/kern/kern_ksyms.c     Tue Jun 01 21:10:23 2021 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: kern_ksyms.c,v 1.89 2020/09/23 09:52:02 simonb Exp $   */
+/*     $NetBSD: kern_ksyms.c,v 1.90 2021/06/01 21:10:23 riastradh Exp $        */
 
 /*-
  * Copyright (c) 2008 The NetBSD Foundation, Inc.
@@ -73,7 +73,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_ksyms.c,v 1.89 2020/09/23 09:52:02 simonb Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_ksyms.c,v 1.90 2021/06/01 21:10:23 riastradh Exp $");
 
 #if defined(_KERNEL) && defined(_KERNEL_OPT)
 #include "opt_copy_symtab.h"
@@ -92,6 +92,7 @@
 #include <sys/proc.h>
 #include <sys/atomic.h>
 #include <sys/ksyms.h>
+#include <sys/kernel.h>
 
 #ifdef DDB
 #include <ddb/db_output.h>
@@ -111,6 +112,7 @@
 
 static int ksyms_maxlen;
 static bool ksyms_isopen;
+static struct ksyms_symtab *ksyms_last_snapshot;
 static bool ksyms_initted;
 static bool ksyms_loaded;
 static kmutex_t ksyms_lock __cacheline_aligned;
@@ -140,7 +142,7 @@
 int ksyms_symsz;
 int ksyms_strsz;
 int ksyms_ctfsz;       /* this is not currently used by savecore(8) */
-TAILQ_HEAD(, ksyms_symtab) ksyms_symtabs =
+TAILQ_HEAD(ksyms_symtab_queue, ksyms_symtab) ksyms_symtabs =
     TAILQ_HEAD_INITIALIZER(ksyms_symtabs);
 
 static int
@@ -429,7 +431,7 @@
                for (new = 0; new < n; new++) {
                        uint32_t orig = nsym[new].st_size - 1;
                        uint32_t size = nmap[orig];
-       
+
                        nmap[orig] = new + 1;
 
                        /* restore the size */
@@ -438,9 +440,11 @@
        }
 #endif
 
-       /* ksymsread() is unlocked, so membar. */
-       membar_producer();
+       KASSERT(strcmp(name, "netbsd") == 0 || mutex_owned(&ksyms_lock));
+       KASSERT(cold || mutex_owned(&ksyms_lock));
+
        TAILQ_INSERT_TAIL(&ksyms_symtabs, tab, sd_queue);
+
        ksyms_sizes_calc();
        ksyms_loaded = true;
 }
@@ -767,6 +771,7 @@
 ksyms_modunload(const char *name)
 {
        struct ksyms_symtab *st;
+       bool do_free = false;
 
        mutex_enter(&ksyms_lock);
        TAILQ_FOREACH(st, &ksyms_symtabs, sd_queue) {
@@ -778,14 +783,17 @@
                ksyms_sizes_calc();
                if (!ksyms_isopen) {
                        TAILQ_REMOVE(&ksyms_symtabs, st, sd_queue);
-                       kmem_free(st->sd_nmap,
-                                 st->sd_nmapsize * sizeof(uint32_t));
-                       kmem_free(st, sizeof(*st));
+                       do_free = true;
                }
                break;
        }
        mutex_exit(&ksyms_lock);
        KASSERT(st != NULL);
+
+       if (do_free) {
+               kmem_free(st->sd_nmap, st->sd_nmapsize * sizeof(uint32_t));
+               kmem_free(st, sizeof(*st));
+       }
 }
 
 #ifdef DDB
@@ -864,6 +872,8 @@
        struct ksyms_symtab *st;
        int i, delta;
 
+       KASSERT(cold || mutex_owned(&ksyms_lock));
+
        ksyms_symsz = ksyms_strsz = 0;
        TAILQ_FOREACH(st, &ksyms_symtabs, sd_queue) {
                if (__predict_false(st->sd_gone))
@@ -981,6 +991,10 @@
         * ksyms_isopen will prevent symbol tables from being freed.
         */
        mutex_enter(&ksyms_lock);
+       if (ksyms_isopen) {
+               mutex_exit(&ksyms_lock);
+               return EBUSY;
+       }
        ksyms_hdr.kh_shdr[SYMTAB].sh_size = ksyms_symsz;
        ksyms_hdr.kh_shdr[SYMTAB].sh_info = ksyms_symsz / sizeof(Elf_Sym);
        ksyms_hdr.kh_shdr[STRTAB].sh_offset = ksyms_symsz +
@@ -990,6 +1004,7 @@
            ksyms_hdr.kh_shdr[STRTAB].sh_offset;
        ksyms_hdr.kh_shdr[SHCTF].sh_size = ksyms_ctfsz;
        ksyms_isopen = true;
+       ksyms_last_snapshot = TAILQ_LAST(&ksyms_symtabs, ksyms_symtab_queue);
        mutex_exit(&ksyms_lock);
 
        return 0;
@@ -999,26 +1014,27 @@
 ksymsclose(dev_t dev, int oflags, int devtype, struct lwp *l)
 {
        struct ksyms_symtab *st, *next;
-       bool resize;
+       TAILQ_HEAD(, ksyms_symtab) to_free = TAILQ_HEAD_INITIALIZER(to_free);
 
        /* Discard references to symbol tables. */
        mutex_enter(&ksyms_lock);
        ksyms_isopen = false;
-       resize = false;
-       for (st = TAILQ_FIRST(&ksyms_symtabs); st != NULL; st = next) {
-               next = TAILQ_NEXT(st, sd_queue);
+       ksyms_last_snapshot = NULL;
+       TAILQ_FOREACH_SAFE(st, &ksyms_symtabs, sd_queue, next) {
                if (st->sd_gone) {
                        TAILQ_REMOVE(&ksyms_symtabs, st, sd_queue);
-                       kmem_free(st->sd_nmap,
-                                 st->sd_nmapsize * sizeof(uint32_t));
-                       kmem_free(st, sizeof(*st));
-                       resize = true;
+                       TAILQ_INSERT_TAIL(&to_free, st, sd_queue);
                }
        }
-       if (resize)
+       if (!TAILQ_EMPTY(&to_free))
                ksyms_sizes_calc();
        mutex_exit(&ksyms_lock);
 
+       TAILQ_FOREACH_SAFE(st, &to_free, sd_queue, next) {
+               kmem_free(st->sd_nmap, st->sd_nmapsize * sizeof(uint32_t));
+               kmem_free(st, sizeof(*st));
+       }
+
        return 0;
 }
 
@@ -1045,7 +1061,9 @@
         * Copy out the symbol table.
         */
        filepos = sizeof(struct ksyms_hdr);
-       TAILQ_FOREACH(st, &ksyms_symtabs, sd_queue) {
+       for (st = TAILQ_FIRST(&ksyms_symtabs);
+            st != ksyms_last_snapshot;
+            st = TAILQ_NEXT(st, sd_queue)) {
                if (__predict_false(st->sd_gone))
                        continue;
                if (uio->uio_resid == 0)
@@ -1063,9 +1081,11 @@
        /*
         * Copy out the string table
         */
-       KASSERT(filepos == sizeof(struct ksyms_hdr) +
+       KASSERT(filepos <= sizeof(struct ksyms_hdr) +
            ksyms_hdr.kh_shdr[SYMTAB].sh_size);
-       TAILQ_FOREACH(st, &ksyms_symtabs, sd_queue) {
+       for (st = TAILQ_FIRST(&ksyms_symtabs);
+            st != ksyms_last_snapshot;
+            st = TAILQ_NEXT(st, sd_queue)) {
                if (__predict_false(st->sd_gone))
                        continue;
                if (uio->uio_resid == 0)



Home | Main Index | Thread Index | Old Index