NetBSD Problem Report #39155

From ws@tools.de  Wed Jul 16 17:02:13 2008
Return-Path: <ws@tools.de>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
	by narn.NetBSD.org (Postfix) with ESMTP id 3AC9963B89E
	for <gnats-bugs@gnats.NetBSD.org>; Wed, 16 Jul 2008 17:02:13 +0000 (UTC)
Message-Id: <20080716170203.5752F19F0D@fred.tools.de>
Date: Wed, 16 Jul 2008 19:02:03 +0200 (MEST)
From: ws@tools.de
Reply-To: ws@tools.de
To: gnats-bugs@gnats.NetBSD.org
Subject: Invalid parameter to turnstile_exit in rw_downgrade
X-Send-Pr-Version: 3.95

>Number:         39155
>Category:       kern
>Synopsis:       Invalid parameter to turnstile_exit in rw_downgrade
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    kern-bug-people
>State:          closed
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Jul 16 17:05:00 +0000 2008
>Closed-Date:    Thu Jul 17 23:02:00 +0000 2008
>Last-Modified:  Thu Jul 17 23:05:01 +0000 2008
>Originator:     Wolfgang Solfrank
>Release:        NetBSD 4.99.62
>Organization:
Tools GmbH
>Environment:
System: NetBSD sdsl.tools.de 4.99.62 NetBSD 4.99.62 (sdsl1) #2: Wed Jul 16 17:42:32 MEST 2008 ws@sdsl.tools.de:/src/obj/sys/arch/i386/compile/sdsl1 i386
Architecture: i386
Machine: i386
>Description:

The two calls to turnstile_exit in rw_downgrade in file kern_rwlock.c
supply invalid parameters to that routine.

>How-To-Repeat:

As rw_downgrade is used rather rarely in the current kernel,
you can provoke the fault by applying the patches in PR 38456.
Once in a while you'll suffer from a panic like this:

panic: LOCKDEBUG
Begin traceback...
lockdebug_abort1(c0d43700,c0d46620,c0a15513,c0a15525,1) at netbsd:lockdebug_abort1+0x8d
lockdebug_abort(c0d3c200,c0c84d64,c0a15513,c0a15525,0) at netbsd:lockdebug_abort+0x4b
mutex_abort(c0d3c200,c0a15513,c0a15525,0,0) at netbsd:mutex_abort+0x42
mutex_vector_exit(c0d3c200,cf81026f,1b,cf810260,cf661928) at netbsd:mutex_vector_exit+0x58
turnstile_exit(cf661928,cf81026f,1b,0,0) at netbsd:turnstile_exit+0x25
rw_downgrade(c0d2ecc0,c0c84ae0,1,18,bfbfe47c) at netbsd:rw_downgrade+0x252
ipf_findtoken(5,64,cf810260,c034725c,5) at netbsd:ipf_findtoken+0x148
fr_state_ioctl(cf873c34,c034725c,1,64,cf810260) at netbsd:fr_state_ioctl+0x43f
fr_ioctlswitch(2,cf873c34,c034725c,1,64) at netbsd:fr_ioctlswitch+0xc8
iplioctl(2c02,c034725c,cf873c34,1,cf810260) at netbsd:iplioctl+0x141
cdev_ioctl(2c02,c034725c,cf873c34,1,cf810260) at netbsd:cdev_ioctl+0x6d
spec_ioctl(cf873adc,cf810260,c0a222c0,cf30c250,c034725c) at netbsd:spec_ioctl+0xc1
VOP_IOCTL(cf30c250,c034725c,cf873c34,1,cf601180) at netbsd:VOP_IOCTL+0x6d
vn_ioctl(cf6e1bc0,c034725c,cf873c34,34,0) at netbsd:vn_ioctl+0x234
sys_ioctl(cf810260,cf873d04,cf873cfc,cf873d00,c0561d90) at netbsd:sys_ioctl+0x32e
syscall(cf873d48,b3,ab,1f,bfbf001f) at netbsd:syscall+0x16a
End traceback...

>Fix:
Index: kern_rwlock.c
===================================================================
RCS file: /cvsroot/src/sys/kern/kern_rwlock.c,v
retrieving revision 1.22
diff -u -r1.22 kern_rwlock.c
--- kern_rwlock.c       28 Apr 2008 20:24:03 -0000      1.22
+++ kern_rwlock.c       16 Jul 2008 16:19:11 -0000
@@ -638,7 +638,7 @@

                        new = RW_READ_INCR | RW_HAS_WAITERS | RW_WRITE_WANTED;
                        next = rw_cas(rw, owner, new);
-                       turnstile_exit(ts);
+                       turnstile_exit(rw);
                        if (__predict_true(next == owner))
                                break;
                } else {
@@ -658,7 +658,7 @@
                                turnstile_wakeup(ts, TS_READER_Q, rcnt, NULL);
                                break;
                        }
-                       turnstile_exit(ts);
+                       turnstile_exit(rw);
                }
        }


>Release-Note:

>Audit-Trail:

State-Changed-From-To: open->closed
State-Changed-By: rmind@NetBSD.org
State-Changed-When: Thu, 17 Jul 2008 23:02:00 +0000
State-Changed-Why:
Fixed, thanks!


From: Mindaugas Rasiukevicius <rmind@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/39155 CVS commit: src/sys/kern
Date: Thu, 17 Jul 2008 23:00:01 +0000 (UTC)

 Module Name:	src
 Committed By:	rmind
 Date:		Thu Jul 17 23:00:01 UTC 2008

 Modified Files:
 	src/sys/kern: kern_rwlock.c

 Log Message:
 PR/39155: Wolfgang Solfrank: Invalid parameter to turnstile_exit in rw_downgrade.


 To generate a diff of this commit:
 cvs rdiff -r1.26 -r1.27 src/sys/kern/kern_rwlock.c

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

>Unformatted:
Home
PR Database Search
(Contact us) $NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.