Page MenuHomeFreeBSD
Differential D8718

Fix a kernel panic in DTrace's rw_iswriter subroutine. On FreeBSD the sense of rw_write_held() and rw_iswriter() were reversed probably due to a cut and paste error. Using rw_iswriter() would cause the kernel to panic.
ClosedPublic
Actions

Authored by gnn on Dec 6 2016, 2:00 PM.
Tags
None
Referenced Files
F135835012: D8718.id22729.diff
Thu, Nov 13, 9:00 AM
Unknown Object (File)
Sat, Nov 8, 8:17 PM
Unknown Object (File)
Sat, Nov 8, 8:17 PM
Unknown Object (File)
Sat, Nov 8, 8:17 PM
Unknown Object (File)
Sat, Nov 8, 7:48 PM
Unknown Object (File)
Sat, Nov 8, 4:16 PM
Unknown Object (File)
Sat, Oct 18, 7:28 AM
Unknown Object (File)
Fri, Oct 17, 11:05 AM
View All Files
Subscribers
imp
markj

Details

Reviewers
markj
Commits
rS309669: Fix a kernel panic in DTrace's rw_iswriter subroutine.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

gnn updated this revision to Diff 22729.Dec 6 2016, 2:00 PM
gnn retitled this revision from to Fix a kernel panic in DTrace's rw_iswriter subroutine. On FreeBSD the sense of rw_write_held() and rw_iswriter() were reversed probably due to a cut and paste error. Using rw_iswriter() would cause the kernel to panic..
gnn updated this object.
gnn edited the test plan for this revision. (Show Details)
Herald added a subscriber: imp. · View Herald TranscriptDec 6 2016, 2:00 PM
markj added a subscriber: markj.Dec 6 2016, 5:33 PM
markj added inline comments.
sys/cddl/contrib/opensolaris/uts/common/dtrace/dtrace.c
4394 ↗(On Diff #22729)

I know this isn't a new bug, but I think this is wrong: lc_owner will set lowner to some non-NULL value even if the lock is held shared. For instance, owner_sx() sets

*owner = (struct thread *)SX_OWNER(sx->sx_lock);

and if sx has shared holders this value will be non-zero.

markj added inline comments.Dec 6 2016, 5:45 PM
sys/cddl/contrib/opensolaris/uts/common/dtrace/dtrace.c
4394 ↗(On Diff #22729)

Also this is somewhat incorrect as it calls into the kernel from DTrace probe context. That is, there's nothing preventing one from putting a probe on the lc_owner() implementation for a given lock class. Probably we could just blacklist those functions when FBT creates probes.

gnn added a reviewer: markj.Dec 7 2016, 1:45 AM
gnn added inline comments.Dec 7 2016, 1:49 AM
sys/cddl/contrib/opensolaris/uts/common/dtrace/dtrace.c
4394 ↗(On Diff #22729)

It probably makes the most sense to split out the RW_WRITE_HELD case from the SX_EXCLUSIVE_HELD case and proceed to fix this from there.

I think the blacklisting mentioned in your second comment can be done as a separate change.

markj accepted this revision.Dec 7 2016, 4:49 AM
markj edited edge metadata.
markj added inline comments.
sys/cddl/contrib/opensolaris/uts/common/dtrace/dtrace.c
4394 ↗(On Diff #22729)

I'm not sure that's necessary? I think owner_sx() and owner_rw() just need to set owner to NULL (but keep the same return value as before) if the lock is held shared. That can probably be fixed separately too, so I don't see anything wrong with committing this as-is.

This revision is now accepted and ready to land.Dec 7 2016, 4:49 AM
Closed by commit rS309669: Fix a kernel panic in DTrace's rw_iswriter subroutine. (authored by gnn). · Explain WhyDec 7 2016, 7:28 AM
This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

PathSize
head/
sys/
cddl/
contrib/
opensolaris/
uts/
common/
dtrace/
8 lines

Diff 22736

View Options

head/sys/cddl/contrib/opensolaris/uts/common/dtrace/dtrace.c

Loading...