CVS commit: src/sys/kern

Tue, 12 May 2020 14:57:23 -0700 

Module Name:    src
Committed By:   ad
Date:           Tue May 12 21:56:17 UTC 2020

Modified Files:
        src/sys/kern: kern_mutex.c

Log Message:
PR kern/55251 (use of ZFS may trigger kernel memory corruption (KASAN error))

Previous wasn't quite right.  Redo it differently - disable preemption
earlier instead.


To generate a diff of this commit:
cvs rdiff -u -r1.91 -r1.92 src/sys/kern/kern_mutex.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/sys/kern/kern_mutex.c
diff -u src/sys/kern/kern_mutex.c:1.91 src/sys/kern/kern_mutex.c:1.92
--- src/sys/kern/kern_mutex.c:1.91	Tue May 12 21:24:29 2020
+++ src/sys/kern/kern_mutex.c	Tue May 12 21:56:17 2020
@@ -1,7 +1,7 @@
-/*	$NetBSD: kern_mutex.c,v 1.91 2020/05/12 21:24:29 ad Exp $	*/
+/*	$NetBSD: kern_mutex.c,v 1.92 2020/05/12 21:56:17 ad Exp $	*/
 
 /*-
- * Copyright (c) 2002, 2006, 2007, 2008, 2019, 2020 The NetBSD Foundation, Inc.
+ * Copyright (c) 2002, 2006, 2007, 2008, 2019 The NetBSD Foundation, Inc.
  * All rights reserved.
  *
  * This code is derived from software contributed to The NetBSD Foundation
@@ -40,7 +40,7 @@
 #define	__MUTEX_PRIVATE
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_mutex.c,v 1.91 2020/05/12 21:24:29 ad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_mutex.c,v 1.92 2020/05/12 21:56:17 ad Exp $");
 
 #include <sys/param.h>
 #include <sys/atomic.h>
@@ -456,11 +456,13 @@ mutex_vector_enter(kmutex_t *mtx)
 	/*
 	 * Handle spin mutexes.
 	 */
+	KPREEMPT_DISABLE(curlwp);
 	owner = mtx->mtx_owner;
 	if (MUTEX_SPIN_P(owner)) {
 #if defined(LOCKDEBUG) && defined(MULTIPROCESSOR)
 		u_int spins = 0;
 #endif
+		KPREEMPT_ENABLE(curlwp);
 		MUTEX_SPIN_SPLRAISE(mtx);
 		MUTEX_WANTLOCK(mtx);
 #ifdef FULL
@@ -521,7 +523,6 @@ mutex_vector_enter(kmutex_t *mtx)
 	 * determine that the owner is not running on a processor,
 	 * then we stop spinning, and sleep instead.
 	 */
-	KPREEMPT_DISABLE(curlwp);
 	for (;;) {
 		if (!MUTEX_OWNED(owner)) {
 			/*
@@ -545,12 +546,8 @@ mutex_vector_enter(kmutex_t *mtx)
 		/*
 		 * Check to see if the owner is running on a processor.
 		 * If so, then we should just spin, as the owner will
-		 * likely release the lock very soon.  Unfortunately
-		 * mtx_owner needs to be reloaded here with preemption
-		 * now disabled, otherwise the LWP could already have
-		 * been freed & destructed (see lwp_dtor()).
+		 * likely release the lock very soon.
 		 */
-		owner = mtx->mtx_owner;
 		if (mutex_oncpu(owner)) {
 			LOCKSTAT_START_TIMER(lsflag, spintime);
 			count = SPINLOCK_BACKOFF_MIN;

Reply via email to