witness: Record the first acquired file and line for recursable locks
ClosedPublic
Actions

Authored by zlei on Sep 12 2025, 8:09 AM.

Details

Reviewers

jhb
bz
markj
kib

Commits

rG8583840cfb92: witness: Record the first acquired file and line for recursable locks
rG7838ad85fb1a: witness: Record the first acquired file and line for recursable locks
rG3dc9f96a489c: witness: Record the first acquired file and line for recursable locks
rG2d85bc89294b: witness: Record the first acquired file and line for recursable locks

Summary

and the last acquired file and line to witness object.

For recursable locks, unfortunately current implementation records only
the recurse count and the last acquired file and line, but does not
restore the previous acquired file and line on unlock. Hence it is
possible to report false acquired file and line, and that may mislead
developers and make the report by users harder to analyse.

Since subsequent recurse locks do not affect how witness order check,
record the first acquired file and line so that the logic is much clear.

Reported by: bz
See also: https://lists.freebsd.org/archives/freebsd-current/2025-June/007944.html
MFC after: 2 weeks

Test Plan

Test with hand crafted kernel module.

The Makefile and source file,

PACKAGE=witness
SRCS	= witness.c
KMOD	= witness

.include <bsd.kmod.mk>

#include <sys/types.h>
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/module.h>
#include <sys/sysctl.h>
#include <sys/kernel.h>

#include <sys/lock.h>
#include <sys/sx.h>

static struct sx wit_sxlock;
SX_SYSINIT_FLAGS(wit_sx, &wit_sxlock, "witness_sx", SX_RECURSE);

static void f1(void);
static void f2(void);
static void f3(void);

static __noinline void
f1(void)
{
	sx_xlock(&wit_sxlock); /* line 21 */
	f2();
	sx_xunlock(&wit_sxlock);
}

static __noinline void
f2(void)
{
	sx_xlock(&wit_sxlock); /* line 29 */
	f3();
	sx_xunlock(&wit_sxlock);

	/* XXX trigger witness assert panic */
	sx_slock(&wit_sxlock); /* line 34 */
	sx_sunlock(&wit_sxlock);
}

static __noinline void
f3(void)
{
	sx_xlock(&wit_sxlock); /* line 41 */
	sx_xunlock(&wit_sxlock);
}



static int
module_load(module_t mod, int cmd, void *arg)
{
	int error;

	error = 0;
	switch (cmd) {
	case MOD_LOAD:
		f1();
		break;
	case MOD_UNLOAD:
		break;
	default:
		error = EOPNOTSUPP;
		break;
	}
	return (error);
}

static moduledata_t mod_data = {
	"witness",
	module_load,
	0
};

DECLARE_MODULE(witness, mod_data, SI_SUB_EXEC, SI_ORDER_ANY);

Before the fix, witness report

shared lock of (sx) witness_sx @ witness.c:34
while exclusively locked from witness.c:41
panic: excl->share

After the fix,

shared lock of (sx) witness_sx @ witness.c:34
while exclusively locked from witness.c:21
panic: excl->share

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

zlei created this revision.Sep 12 2025, 8:09 AM

Herald added subscribers: olce, imp. · View Herald TranscriptSep 12 2025, 8:09 AM

In the mailing list, @bz suggested to list the chain of the recursive lock. I think that is useful but requires some extra effort. I'm still working on it, will publish when ready.

zlei edited the test plan for this revision. (Show Details)Sep 12 2025, 8:56 AM

kib accepted this revision.Sep 12 2025, 11:36 AM

This revision is now accepted and ready to land.Sep 12 2025, 11:36 AM

markj added inline comments.Sep 15 2025, 1:14 PM