Page MenuHomeFreeBSD
Differential D49313

mtx: Avoid nested panics on lock class mismatch assertions
ClosedPublic
Actions

Authored by jhb on Mar 11 2025, 1:38 AM.
Tags
None
Referenced Files
F133409437: D49313.id.diff
Sat, Oct 25, 2:30 PM
F133395285: D49313.id152120.diff
Sat, Oct 25, 11:29 AM
Unknown Object (File)
Mon, Oct 20, 1:24 AM
Unknown Object (File)
Sat, Oct 18, 11:36 PM
Unknown Object (File)
Sun, Oct 12, 1:50 AM
Unknown Object (File)
Aug 27 2025, 2:21 PM
Unknown Object (File)
Aug 15 2025, 12:07 AM
Unknown Object (File)
Aug 2 2025, 6:29 PM
View All 41 Files
Subscribers
imp
olce

Details

Reviewers
kib
markj
olce
Commits
rG27fb895f9e81: mtx: Avoid nested panics on lock class mismatch assertions
rGdba45599c498: mtx: Avoid nested panics on lock class mismatch assertions
Summary

It is only (somewhat) safe to dereference lo_name if we know the mutex
has a specific lock class that is incorrect, not if just has "some"
incorrect lock clas. In particular, in the case of memory overwritten
with 0xdeadc0de, the lock class won't match either mutex type.
However, trying to dereference lo_name via a 0xdeadc0de pointer
triggers a nested panic building the panicstr which then prevents a
crash dump.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

jhb created this revision.Mar 11 2025, 1:38 AM
Herald added subscribers: olce, imp. · View Herald TranscriptMar 11 2025, 1:38 AM
jhb requested review of this revision.Mar 11 2025, 1:38 AM
Harbormaster completed remote builds in B62862: Diff 152120.Mar 11 2025, 1:38 AM
jhb added a child revision: D49314: mtx: Make idle thread assertions more robust.Mar 11 2025, 1:38 AM
jhb added a comment.Mar 11 2025, 1:43 AM

I ran into this in CheriBSD where a lock was filled with 0xdeadc0de due to a type confusion bug and the value of the lo_name pointer was filled with 0xdeadc0de. Possibly we could keep the assertion as-is but avoiding printing the lock name at all, just print the pointer? OTOH, we don't require matching classes for other locks. I also think the main point of these assertions is to catch cross-threading in the API, so having them narrower but give a meaningful panic string is probably useful (and why I've chosen to fix it this way). (I've long wanted to make a separate struct spinlock or some such and have mtx only be MTX_DEF and then all these assertions would go away as they would become compile errors.)

markj accepted this revision.Mar 11 2025, 11:34 AM
This revision is now accepted and ready to land.Mar 11 2025, 11:34 AM
kib accepted this revision.Mar 11 2025, 12:53 PM

Note the 'clas' (single s) in the last word of the first sentence of the summary.

olce accepted this revision.Mar 11 2025, 12:57 PM
olce mentioned this in D49314: mtx: Make idle thread assertions more robust.Mar 11 2025, 1:25 PM
Closed by commit rGdba45599c498: mtx: Avoid nested panics on lock class mismatch assertions (authored by jhb). · Explain WhyMar 12 2025, 2:48 PM
This revision was automatically updated to reflect the committed changes.
jhb added a commit: rGdba45599c498: mtx: Avoid nested panics on lock class mismatch assertions.
jhb added a commit: rG27fb895f9e81: mtx: Avoid nested panics on lock class mismatch assertions.Apr 29 2025, 6:31 PM

Revision Contents
Changeset List

PathSize
sys/
kern/
20 lines

Diff 152177

View Options

sys/kern/kern_mutex.c

Loading...