Page MenuHomeFreeBSD

unix: Fix a lock order reveral
ClosedPublic

Authored by markj on Sep 16 2023, 9:46 AM.
Tags
None
Referenced Files
F108456584: D41884.id127450.diff
Sat, Jan 25, 12:18 AM
Unknown Object (File)
Fri, Jan 24, 5:55 PM
Unknown Object (File)
Thu, Jan 23, 6:31 PM
Unknown Object (File)
Wed, Jan 22, 8:14 PM
Unknown Object (File)
Sat, Jan 11, 1:09 PM
Unknown Object (File)
Thu, Jan 9, 6:19 AM
Unknown Object (File)
Fri, Dec 27, 5:30 AM
Unknown Object (File)
Oct 28 2024, 11:54 AM
Subscribers

Details

Summary

Running the test suite yields:

lock order reversal:
1st 0xfffff80004bc6700 unp (unp, sleep mutex) @ /usr/home/markj/bricoler/runtask/VM/image/build/src/checkout/sys/kern/uipc_usrreq.c:390
2nd 0xffffffff81a94b30 unp_link_rwlock (unp_link_rwlock, rw) @ /usr/home/markj/bricoler/runtask/VM/image/build/src/checkout/sys/kern/uipc_usrreq.c:2934
lock order unp -> unp_link_rwlock attempted at:
0xffffffff80bc216e at witness_checkorder+0xbbe
0xffffffff80b493a5 at _rw_wlock_cookie+0x65
0xffffffff80c0a8e2 at unp_discard+0x22
0xffffffff80c0a888 at unp_freerights+0x38
0xffffffff80c09fdd at unp_scan+0x9d
0xffffffff80c0f9a7 at uipc_sosend_dgram+0x727
0xffffffff80c00a79 at sousrsend+0x79
0xffffffff80c072d0 at kern_sendit+0x1c0
0xffffffff80c074d7 at sendit+0xb7
0xffffffff80c076f3 at sys_sendmsg+0x63
0xffffffff8104d957 at amd64_syscall+0x6b7
0xffffffff8101f9eb at fast_syscall_common+0xf8

This happens when uipc_sosend_dgram() discards a control message because
the receive socket buffer is full. The overflow handling frees
internalized file references in the socket buffer before freeing mbufs.
It does this with socket PCBs locked, leading to the LOR. Defer
handling of file references until the PCBs are unlocked.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable