[src/trunk]: src/sys sleepq(9): Pass syncobj through to sleepq_block.

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/trunk]: src/sys sleepq(9): Pass syncobj through to sleepq_block.
From: riastradh <riastradh%NetBSD.org@localhost>
Date: Thu, 30 Jun 2022 01:16:50 +0000
details:   https://anonhg.NetBSD.org/src/rev/9eafe7d90ba2
branches:  trunk
changeset: 368225:9eafe7d90ba2
user:      riastradh <riastradh%NetBSD.org@localhost>
date:      Wed Jun 29 22:27:01 2022 +0000

description:
sleepq(9): Pass syncobj through to sleepq_block.

Previously the usage pattern was:

sleepq_enter(sq, l, lock);              // locks l
...
sleepq_enqueue(sq, ..., sobj, ...);     // assumes l locked, sets l_syncobj
... (*)
sleepq_block(...);                      // unlocks l

As long as l remains locked from sleepq_enter to sleepq_block,
l_syncobj is stable, and sleepq_block uses it via ktrcsw to determine
whether the sleep is on a mutex in order to avoid creating ktrace
context-switch records (which involves allocation which is forbidden
in softint context, while taking and even sleeping for a mutex is
allowed).

However, in turnstile_block, the logic at (*) also involves
turnstile_lendpri, which sometimes unlocks and relocks l.  At that
point, another thread can swoop in and sleepq_remove l, which sets
l_syncobj to sched_syncobj.  If that happens, ktrcsw does what is
forbidden -- tries to allocate a ktrace record for the context
switch.

As an optimization, sleepq_block or turnstile_block could stop early
if it detects that l_syncobj doesn't match -- we've already been
requested to wake up at this point so there's no need to mi_switch.
(And then it would be unnecessary to pass the syncobj through
sleepq_block, because l_syncobj would remain stable.)  But I'll leave
that to another change.

Reported-by: syzbot+8b9d7b066c32dbcdc63b%syzkaller.appspotmail.com@localhost

diffstat:

 sys/kern/kern_condvar.c   |  12 ++++++------
 sys/kern/kern_sleepq.c    |   7 +++----
 sys/kern/kern_synch.c     |  10 +++++-----
 sys/kern/kern_timeout.c   |   6 +++---
 sys/kern/kern_turnstile.c |   6 +++---
 sys/kern/sys_lwp.c        |   6 +++---
 sys/kern/sys_select.c     |   6 +++---
 sys/sys/sleepq.h          |   4 ++--
 8 files changed, 28 insertions(+), 29 deletions(-)

diffs (259 lines):

diff -r ec2c470c8452 -r 9eafe7d90ba2 sys/kern/kern_condvar.c
--- a/sys/kern/kern_condvar.c   Wed Jun 29 22:10:43 2022 +0000
+++ b/sys/kern/kern_condvar.c   Wed Jun 29 22:27:01 2022 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: kern_condvar.c,v 1.53 2020/11/01 20:55:15 christos Exp $       */
+/*     $NetBSD: kern_condvar.c,v 1.54 2022/06/29 22:27:01 riastradh Exp $      */
 
 /*-
  * Copyright (c) 2006, 2007, 2008, 2019, 2020 The NetBSD Foundation, Inc.
@@ -34,7 +34,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_condvar.c,v 1.53 2020/11/01 20:55:15 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_condvar.c,v 1.54 2022/06/29 22:27:01 riastradh Exp $");
 
 #include <sys/param.h>
 #include <sys/systm.h>
@@ -171,7 +171,7 @@
        KASSERT(mutex_owned(mtx));
 
        cv_enter(cv, mtx, l, false);
-       (void)sleepq_block(0, false);
+       (void)sleepq_block(0, false, &cv_syncobj);
        mutex_enter(mtx);
 }
 
@@ -192,7 +192,7 @@
        KASSERT(mutex_owned(mtx));
 
        cv_enter(cv, mtx, l, true);
-       error = sleepq_block(0, true);
+       error = sleepq_block(0, true, &cv_syncobj);
        mutex_enter(mtx);
        return error;
 }
@@ -215,7 +215,7 @@
        KASSERT(mutex_owned(mtx));
 
        cv_enter(cv, mtx, l, false);
-       error = sleepq_block(timo, false);
+       error = sleepq_block(timo, false, &cv_syncobj);
        mutex_enter(mtx);
        return error;
 }
@@ -240,7 +240,7 @@
        KASSERT(mutex_owned(mtx));
 
        cv_enter(cv, mtx, l, true);
-       error = sleepq_block(timo, true);
+       error = sleepq_block(timo, true, &cv_syncobj);
        mutex_enter(mtx);
        return error;
 }
diff -r ec2c470c8452 -r 9eafe7d90ba2 sys/kern/kern_sleepq.c
--- a/sys/kern/kern_sleepq.c    Wed Jun 29 22:10:43 2022 +0000
+++ b/sys/kern/kern_sleepq.c    Wed Jun 29 22:27:01 2022 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: kern_sleepq.c,v 1.72 2022/06/29 22:10:43 riastradh Exp $       */
+/*     $NetBSD: kern_sleepq.c,v 1.73 2022/06/29 22:27:01 riastradh Exp $       */
 
 /*-
  * Copyright (c) 2006, 2007, 2008, 2009, 2019, 2020 The NetBSD Foundation, Inc.
@@ -35,7 +35,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_sleepq.c,v 1.72 2022/06/29 22:10:43 riastradh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_sleepq.c,v 1.73 2022/06/29 22:27:01 riastradh Exp $");
 
 #include <sys/param.h>
 #include <sys/kernel.h>
@@ -302,14 +302,13 @@
  *     timo is a timeout in ticks.  timo = 0 specifies an infinite timeout.
  */
 int
-sleepq_block(int timo, bool catch_p)
+sleepq_block(int timo, bool catch_p, struct syncobj *syncobj)
 {
        int error = 0, sig;
        struct proc *p;
        lwp_t *l = curlwp;
        bool early = false;
        int biglocks = l->l_biglocks;
-       struct syncobj *syncobj = l->l_syncobj;
 
        ktrcsw(1, 0, syncobj);
 
diff -r ec2c470c8452 -r 9eafe7d90ba2 sys/kern/kern_synch.c
--- a/sys/kern/kern_synch.c     Wed Jun 29 22:10:43 2022 +0000
+++ b/sys/kern/kern_synch.c     Wed Jun 29 22:27:01 2022 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: kern_synch.c,v 1.350 2022/03/10 12:21:25 riastradh Exp $       */
+/*     $NetBSD: kern_synch.c,v 1.351 2022/06/29 22:27:01 riastradh Exp $       */
 
 /*-
  * Copyright (c) 1999, 2000, 2004, 2006, 2007, 2008, 2009, 2019, 2020
@@ -69,7 +69,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_synch.c,v 1.350 2022/03/10 12:21:25 riastradh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_synch.c,v 1.351 2022/06/29 22:27:01 riastradh Exp $");
 
 #include "opt_kstack.h"
 #include "opt_dtrace.h"
@@ -188,7 +188,7 @@
        sq = sleeptab_lookup(&sleeptab, ident, &mp);
        sleepq_enter(sq, l, mp);
        sleepq_enqueue(sq, ident, wmesg, &sleep_syncobj, catch_p);
-       return sleepq_block(timo, catch_p);
+       return sleepq_block(timo, catch_p, &sleep_syncobj);
 }
 
 int
@@ -215,7 +215,7 @@
        sleepq_enter(sq, l, mp);
        sleepq_enqueue(sq, ident, wmesg, &sleep_syncobj, catch_p);
        mutex_exit(mtx);
-       error = sleepq_block(timo, catch_p);
+       error = sleepq_block(timo, catch_p, &sleep_syncobj);
 
        if ((priority & PNORELOCK) == 0)
                mutex_enter(mtx);
@@ -243,7 +243,7 @@
        lwp_lock(l);
        KERNEL_UNLOCK_ALL(NULL, &l->l_biglocks);
        sleepq_enqueue(NULL, l, wmesg, &kpause_syncobj, intr);
-       error = sleepq_block(timo, intr);
+       error = sleepq_block(timo, intr, &kpause_syncobj);
        if (mtx != NULL)
                mutex_enter(mtx);
 
diff -r ec2c470c8452 -r 9eafe7d90ba2 sys/kern/kern_timeout.c
--- a/sys/kern/kern_timeout.c   Wed Jun 29 22:10:43 2022 +0000
+++ b/sys/kern/kern_timeout.c   Wed Jun 29 22:27:01 2022 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: kern_timeout.c,v 1.69 2022/03/30 17:02:02 riastradh Exp $      */
+/*     $NetBSD: kern_timeout.c,v 1.70 2022/06/29 22:27:01 riastradh Exp $      */
 
 /*-
  * Copyright (c) 2003, 2006, 2007, 2008, 2009, 2019 The NetBSD Foundation, Inc.
@@ -59,7 +59,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_timeout.c,v 1.69 2022/03/30 17:02:02 riastradh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_timeout.c,v 1.70 2022/06/29 22:27:01 riastradh Exp $");
 
 /*
  * Timeouts are kept in a hierarchical timing wheel.  The c_time is the
@@ -543,7 +543,7 @@
                        sleepq_enter(&cc->cc_sleepq, l, cc->cc_lock);
                        sleepq_enqueue(&cc->cc_sleepq, cc, "callout",
                            &sleep_syncobj, false);
-                       sleepq_block(0, false);
+                       sleepq_block(0, false, &sleep_syncobj);
                }
 
                /*
diff -r ec2c470c8452 -r 9eafe7d90ba2 sys/kern/kern_turnstile.c
--- a/sys/kern/kern_turnstile.c Wed Jun 29 22:10:43 2022 +0000
+++ b/sys/kern/kern_turnstile.c Wed Jun 29 22:27:01 2022 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: kern_turnstile.c,v 1.43 2022/05/28 22:08:46 andvar Exp $       */
+/*     $NetBSD: kern_turnstile.c,v 1.44 2022/06/29 22:27:01 riastradh Exp $    */
 
 /*-
  * Copyright (c) 2002, 2006, 2007, 2009, 2019, 2020
@@ -61,7 +61,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_turnstile.c,v 1.43 2022/05/28 22:08:46 andvar Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_turnstile.c,v 1.44 2022/06/29 22:27:01 riastradh Exp $");
 
 #include <sys/param.h>
 #include <sys/lockdebug.h>
@@ -435,7 +435,7 @@
        KPREEMPT_DISABLE(l);
        KASSERT(lock == l->l_mutex);
        turnstile_lendpri(l);
-       sleepq_block(0, false);
+       sleepq_block(0, false, sobj);
        l->l_kpribase = obase;
        KPREEMPT_ENABLE(l);
 }
diff -r ec2c470c8452 -r 9eafe7d90ba2 sys/kern/sys_lwp.c
--- a/sys/kern/sys_lwp.c        Wed Jun 29 22:10:43 2022 +0000
+++ b/sys/kern/sys_lwp.c        Wed Jun 29 22:27:01 2022 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: sys_lwp.c,v 1.82 2020/05/23 23:42:43 ad Exp $  */
+/*     $NetBSD: sys_lwp.c,v 1.83 2022/06/29 22:27:01 riastradh Exp $   */
 
 /*-
  * Copyright (c) 2001, 2006, 2007, 2008, 2019, 2020 The NetBSD Foundation, Inc.
@@ -35,7 +35,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: sys_lwp.c,v 1.82 2020/05/23 23:42:43 ad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: sys_lwp.c,v 1.83 2022/06/29 22:27:01 riastradh Exp $");
 
 #include <sys/param.h>
 #include <sys/systm.h>
@@ -533,7 +533,7 @@
        }
        l->l_biglocks = 0;
        sleepq_enqueue(NULL, l, "parked", &lwp_park_syncobj, true);
-       error = sleepq_block(timo, true);
+       error = sleepq_block(timo, true, &lwp_park_syncobj);
        switch (error) {
        case EWOULDBLOCK:
                error = ETIMEDOUT;
diff -r ec2c470c8452 -r 9eafe7d90ba2 sys/kern/sys_select.c
--- a/sys/kern/sys_select.c     Wed Jun 29 22:10:43 2022 +0000
+++ b/sys/kern/sys_select.c     Wed Jun 29 22:27:01 2022 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: sys_select.c,v 1.59 2022/04/09 23:52:05 riastradh Exp $        */
+/*     $NetBSD: sys_select.c,v 1.60 2022/06/29 22:27:01 riastradh Exp $        */
 
 /*-
  * Copyright (c) 2007, 2008, 2009, 2010, 2019, 2020 The NetBSD Foundation, Inc.
@@ -84,7 +84,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: sys_select.c,v 1.59 2022/04/09 23:52:05 riastradh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: sys_select.c,v 1.60 2022/06/29 22:27:01 riastradh Exp $");
 
 #include <sys/param.h>
 #include <sys/systm.h>
@@ -322,7 +322,7 @@
                l->l_kpriority = true;
                sleepq_enter(&sc->sc_sleepq, l, lock);
                sleepq_enqueue(&sc->sc_sleepq, sc, opname, &select_sobj, true);
-               error = sleepq_block(timo, true);
+               error = sleepq_block(timo, true, &select_sobj);
                if (error != 0) {
                        break;
                }
diff -r ec2c470c8452 -r 9eafe7d90ba2 sys/sys/sleepq.h
--- a/sys/sys/sleepq.h  Wed Jun 29 22:10:43 2022 +0000
+++ b/sys/sys/sleepq.h  Wed Jun 29 22:27:01 2022 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: sleepq.h,v 1.34 2020/11/01 20:56:13 christos Exp $     */
+/*     $NetBSD: sleepq.h,v 1.35 2022/06/29 22:27:01 riastradh Exp $    */
 
 /*-
  * Copyright (c) 2002, 2006, 2007, 2008, 2009, 2019, 2020
@@ -60,7 +60,7 @@
 int    sleepq_abort(kmutex_t *, int);
 void   sleepq_changepri(lwp_t *, pri_t);
 void   sleepq_lendpri(lwp_t *, pri_t);
-int    sleepq_block(int, bool);
+int    sleepq_block(int, bool, struct syncobj *);
 
 #ifdef _KERNEL
 typedef union {
Prev by Date: [src/trunk]: src/sys ktrace(9): Fix mutex detection in ktrcsw.
Next by Date: [src/trunk]: src/sys/kern recvmmsg(2): More timespec validation.
Previous by Thread: [src/trunk]: src/sys ktrace(9): Fix mutex detection in ktrcsw.
Next by Thread: [src/trunk]: src/sys/kern recvmmsg(2): More timespec validation.
Indexes:
Home | Main Index | Thread Index | Old Index