NetBSD Problem Report #42020

From www@NetBSD.org  Tue Sep  8 18:14:19 2009
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
	by www.NetBSD.org (Postfix) with ESMTP id 1DA0C63BD2E
	for <gnats-bugs@gnats.netbsd.org>; Tue,  8 Sep 2009 18:14:19 +0000 (UTC)
Message-Id: <20090908181418.E5DF163BC1D@www.NetBSD.org>
Date: Tue,  8 Sep 2009 18:14:18 +0000 (UTC)
From: jmosalmi@cc.hut.fi
Reply-To: jmosalmi@cc.hut.fi
To: gnats-bugs@NetBSD.org
Subject: Calling ioctl(RNDADDDATA) causes panic: lock error
X-Send-Pr-Version: www-1.0

>Number:         42020
>Category:       kern
>Synopsis:       Calling ioctl(RNDADDDATA) causes panic: lock error
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          closed
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Sep 08 18:15:04 +0000 2009
>Closed-Date:    Tue Sep 08 20:58:50 +0000 2009
>Last-Modified:  Wed Sep 16 04:05:05 +0000 2009
>Originator:     Juho Salminen
>Release:        NetBSD 5.99.16
>Organization:
Home
>Environment:
NetBSD raato 5.99.16 NetBSD 5.99.16 (MONOLITHIC) #2: Tue Sep  8 20:14:09 EEST 2009  fijusal@siniara.jmos.iki.fi:/r/netbsd-current-092009/obj/sys/arch/i386/compile/MONOLITHIC i386
>Description:
Calling ioctl(RNDADDDATA) on /dev/random causes lock error and kernel panic along with the following error message:

Mutex error: mutex_vector_enter: locking against myself

This occurs in sys/dev/rnd.c when rnd_wakeup_readers() is called while the mutex rndpool_mtx is already being held. rnd_wakeup_reader() then attempts to acquire the mutex again.

In function rndioctl():

	case RNDADDDATA:
		rnddata = (rnddata_t *)addr;

		mutex_enter(&rndpool_mtx);
		rndpool_add_data(&rnd_pool, rnddata->data, rnddata->len,
		    rnddata->entropy);

		rnd_wakeup_readers();
		mutex_exit(&rndpool_mtx);

		break;

In the beginning of function rnd_wakeup_readers():

	mutex_enter(&rndpool_mtx);


>How-To-Repeat:
-bash-3.2# cat koe.c
#include <sys/fcntl.h>
#include <sys/rnd.h>
#include <sys/ioctl.h>

int main()
{
  int fd;
  rnddata_t rd = { 0 };

  fd = open("/dev/random", O_RDWR, 0);
  rd.entropy = 1;
  rd.len = 1;

  ioctl(fd, RNDADDDATA, &rd);

}

-bash-3.2# gcc -okoe koe.c
-bash-3.2# ./koe
Mutex error: mutex_vector_enter: locking against myself

lock address : 0x00000000c0b248ec
current cpu  :                  0
current lwp  : 0x00000000cb27eac0 wait/spin                 0/0

panic: lock error
fatal breakpoint trap in supervisor mode
trap type 1 code 0 eip c053d50c cs 8 eflags 246 cr2 bbbe8150 ilevel 0
Stopped in pid 443.1 (koe) at   netbsd:breakpoint+0x4:  popl    %ebp
db{0}> 
>Fix:
Index: sys/dev/rnd.c
===================================================================
RCS file: /cvsroot/src/sys/dev/rnd.c,v
retrieving revision 1.72
diff -u -r1.72 rnd.c
--- sys/dev/rnd.c       5 May 2009 21:03:29 -0000       1.72
+++ sys/dev/rnd.c       8 Sep 2009 18:06:04 -0000
@@ -653,9 +653,9 @@
                mutex_enter(&rndpool_mtx);
                rndpool_add_data(&rnd_pool, rnddata->data, rnddata->len,
                    rnddata->entropy);
+               mutex_exit(&rndpool_mtx);

                rnd_wakeup_readers();
-               mutex_exit(&rndpool_mtx);

                break;


>Release-Note:

>Audit-Trail:
From: Antti Kantee <pooka@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/42020 CVS commit: src
Date: Tue, 8 Sep 2009 20:37:46 +0000

 Module Name:	src
 Committed By:	pooka
 Date:		Tue Sep  8 20:37:46 UTC 2009

 Modified Files:
 	src/distrib/sets/lists/tests: mi
 	src/tests/kernel: Makefile
 Added Files:
 	src/tests/kernel: t_rnd.c

 Log Message:
 Add test case for PR kern/42020:

 t_rnd (1/1): 1 test cases
     RNDADDDATA: Failed: Test case did not exit cleanly: Abort trap (core dumped)

 Failed test cases:
     t_rnd:RNDADDDATA


 To generate a diff of this commit:
 cvs rdiff -u -r1.47 -r1.48 src/distrib/sets/lists/tests/mi
 cvs rdiff -u -r1.1 -r1.2 src/tests/kernel/Makefile
 cvs rdiff -u -r0 -r1.1 src/tests/kernel/t_rnd.c

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

State-Changed-From-To: open->closed
State-Changed-By: pooka@NetBSD.org
State-Changed-When: Tue, 08 Sep 2009 23:58:50 +0300
State-Changed-Why:
committed, thanks!


From: Antti Kantee <pooka@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/42020 CVS commit: src/sys/dev
Date: Tue, 8 Sep 2009 20:57:59 +0000

 Module Name:	src
 Committed By:	pooka
 Date:		Tue Sep  8 20:57:59 UTC 2009

 Modified Files:
 	src/sys/dev: rnd.c

 Log Message:
 rnd_wakeup_readers() uses rndpool_mtx for its own consistency
 management, so it cannot be called with the mutex held.  There is
 no consistency requirement to synchronize over the whole add-and-wakeup
 operation, as if data is consumed in the window the mutex is locked,
 wakeups will simply be skipped.

 fix from Juho Salminen in PR kern/42020.


 To generate a diff of this commit:
 cvs rdiff -u -r1.73 -r1.74 src/sys/dev/rnd.c

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

From: Soren Jacobsen <snj@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/42020 CVS commit: [netbsd-5] src/sys/dev
Date: Wed, 16 Sep 2009 04:01:55 +0000

 Module Name:	src
 Committed By:	snj
 Date:		Wed Sep 16 04:01:55 UTC 2009

 Modified Files:
 	src/sys/dev [netbsd-5]: rnd.c

 Log Message:
 Pull up following revision(s) (requested by pooka in ticket #948):
 	sys/dev/rnd.c: revision 1.74
 rnd_wakeup_readers() uses rndpool_mtx for its own consistency
 management, so it cannot be called with the mutex held.  There is
 no consistency requirement to synchronize over the whole add-and-wakeup
 operation, as if data is consumed in the window the mutex is locked,
 wakeups will simply be skipped.
 fix from Juho Salminen in PR kern/42020.


 To generate a diff of this commit:
 cvs rdiff -u -r1.71 -r1.71.4.1 src/sys/dev/rnd.c

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

From: Soren Jacobsen <snj@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/42020 CVS commit: [netbsd-5-0] src/sys/dev
Date: Wed, 16 Sep 2009 04:04:40 +0000

 Module Name:	src
 Committed By:	snj
 Date:		Wed Sep 16 04:04:40 UTC 2009

 Modified Files:
 	src/sys/dev [netbsd-5-0]: rnd.c

 Log Message:
 Pull up following revision(s) (requested by pooka in ticket #948):
 	sys/dev/rnd.c: revision 1.74
 rnd_wakeup_readers() uses rndpool_mtx for its own consistency
 management, so it cannot be called with the mutex held.  There is
 no consistency requirement to synchronize over the whole add-and-wakeup
 operation, as if data is consumed in the window the mutex is locked,
 wakeups will simply be skipped.
 fix from Juho Salminen in PR kern/42020.


 To generate a diff of this commit:
 cvs rdiff -u -r1.71 -r1.71.10.1 src/sys/dev/rnd.c

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

>Unformatted:
NetBSD Home
NetBSD PR Database Search
(Contact us) $NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.