NetBSD Problem Report #42020
From www@NetBSD.org Tue Sep 8 18:14:19 2009
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
by www.NetBSD.org (Postfix) with ESMTP id 1DA0C63BD2E
for <gnats-bugs@gnats.netbsd.org>; Tue, 8 Sep 2009 18:14:19 +0000 (UTC)
Message-Id: <20090908181418.E5DF163BC1D@www.NetBSD.org>
Date: Tue, 8 Sep 2009 18:14:18 +0000 (UTC)
From: jmosalmi@cc.hut.fi
Reply-To: jmosalmi@cc.hut.fi
To: gnats-bugs@NetBSD.org
Subject: Calling ioctl(RNDADDDATA) causes panic: lock error
X-Send-Pr-Version: www-1.0
>Number: 42020
>Category: kern
>Synopsis: Calling ioctl(RNDADDDATA) causes panic: lock error
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: kern-bug-people
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Tue Sep 08 18:15:04 +0000 2009
>Closed-Date: Tue Sep 08 20:58:50 +0000 2009
>Last-Modified: Wed Sep 16 04:05:05 +0000 2009
>Originator: Juho Salminen
>Release: NetBSD 5.99.16
>Organization:
Home
>Environment:
NetBSD raato 5.99.16 NetBSD 5.99.16 (MONOLITHIC) #2: Tue Sep 8 20:14:09 EEST 2009 fijusal@siniara.jmos.iki.fi:/r/netbsd-current-092009/obj/sys/arch/i386/compile/MONOLITHIC i386
>Description:
Calling ioctl(RNDADDDATA) on /dev/random causes lock error and kernel panic along with the following error message:
Mutex error: mutex_vector_enter: locking against myself
This occurs in sys/dev/rnd.c when rnd_wakeup_readers() is called while the mutex rndpool_mtx is already being held. rnd_wakeup_reader() then attempts to acquire the mutex again.
In function rndioctl():
case RNDADDDATA:
rnddata = (rnddata_t *)addr;
mutex_enter(&rndpool_mtx);
rndpool_add_data(&rnd_pool, rnddata->data, rnddata->len,
rnddata->entropy);
rnd_wakeup_readers();
mutex_exit(&rndpool_mtx);
break;
In the beginning of function rnd_wakeup_readers():
mutex_enter(&rndpool_mtx);
>How-To-Repeat:
-bash-3.2# cat koe.c
#include <sys/fcntl.h>
#include <sys/rnd.h>
#include <sys/ioctl.h>
int main()
{
int fd;
rnddata_t rd = { 0 };
fd = open("/dev/random", O_RDWR, 0);
rd.entropy = 1;
rd.len = 1;
ioctl(fd, RNDADDDATA, &rd);
}
-bash-3.2# gcc -okoe koe.c
-bash-3.2# ./koe
Mutex error: mutex_vector_enter: locking against myself
lock address : 0x00000000c0b248ec
current cpu : 0
current lwp : 0x00000000cb27eac0 wait/spin 0/0
panic: lock error
fatal breakpoint trap in supervisor mode
trap type 1 code 0 eip c053d50c cs 8 eflags 246 cr2 bbbe8150 ilevel 0
Stopped in pid 443.1 (koe) at netbsd:breakpoint+0x4: popl %ebp
db{0}>
>Fix:
Index: sys/dev/rnd.c
===================================================================
RCS file: /cvsroot/src/sys/dev/rnd.c,v
retrieving revision 1.72
diff -u -r1.72 rnd.c
--- sys/dev/rnd.c 5 May 2009 21:03:29 -0000 1.72
+++ sys/dev/rnd.c 8 Sep 2009 18:06:04 -0000
@@ -653,9 +653,9 @@
mutex_enter(&rndpool_mtx);
rndpool_add_data(&rnd_pool, rnddata->data, rnddata->len,
rnddata->entropy);
+ mutex_exit(&rndpool_mtx);
rnd_wakeup_readers();
- mutex_exit(&rndpool_mtx);
break;
>Release-Note:
>Audit-Trail:
From: Antti Kantee <pooka@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/42020 CVS commit: src
Date: Tue, 8 Sep 2009 20:37:46 +0000
Module Name: src
Committed By: pooka
Date: Tue Sep 8 20:37:46 UTC 2009
Modified Files:
src/distrib/sets/lists/tests: mi
src/tests/kernel: Makefile
Added Files:
src/tests/kernel: t_rnd.c
Log Message:
Add test case for PR kern/42020:
t_rnd (1/1): 1 test cases
RNDADDDATA: Failed: Test case did not exit cleanly: Abort trap (core dumped)
Failed test cases:
t_rnd:RNDADDDATA
To generate a diff of this commit:
cvs rdiff -u -r1.47 -r1.48 src/distrib/sets/lists/tests/mi
cvs rdiff -u -r1.1 -r1.2 src/tests/kernel/Makefile
cvs rdiff -u -r0 -r1.1 src/tests/kernel/t_rnd.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
State-Changed-From-To: open->closed
State-Changed-By: pooka@NetBSD.org
State-Changed-When: Tue, 08 Sep 2009 23:58:50 +0300
State-Changed-Why:
committed, thanks!
From: Antti Kantee <pooka@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/42020 CVS commit: src/sys/dev
Date: Tue, 8 Sep 2009 20:57:59 +0000
Module Name: src
Committed By: pooka
Date: Tue Sep 8 20:57:59 UTC 2009
Modified Files:
src/sys/dev: rnd.c
Log Message:
rnd_wakeup_readers() uses rndpool_mtx for its own consistency
management, so it cannot be called with the mutex held. There is
no consistency requirement to synchronize over the whole add-and-wakeup
operation, as if data is consumed in the window the mutex is locked,
wakeups will simply be skipped.
fix from Juho Salminen in PR kern/42020.
To generate a diff of this commit:
cvs rdiff -u -r1.73 -r1.74 src/sys/dev/rnd.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: Soren Jacobsen <snj@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/42020 CVS commit: [netbsd-5] src/sys/dev
Date: Wed, 16 Sep 2009 04:01:55 +0000
Module Name: src
Committed By: snj
Date: Wed Sep 16 04:01:55 UTC 2009
Modified Files:
src/sys/dev [netbsd-5]: rnd.c
Log Message:
Pull up following revision(s) (requested by pooka in ticket #948):
sys/dev/rnd.c: revision 1.74
rnd_wakeup_readers() uses rndpool_mtx for its own consistency
management, so it cannot be called with the mutex held. There is
no consistency requirement to synchronize over the whole add-and-wakeup
operation, as if data is consumed in the window the mutex is locked,
wakeups will simply be skipped.
fix from Juho Salminen in PR kern/42020.
To generate a diff of this commit:
cvs rdiff -u -r1.71 -r1.71.4.1 src/sys/dev/rnd.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: Soren Jacobsen <snj@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/42020 CVS commit: [netbsd-5-0] src/sys/dev
Date: Wed, 16 Sep 2009 04:04:40 +0000
Module Name: src
Committed By: snj
Date: Wed Sep 16 04:04:40 UTC 2009
Modified Files:
src/sys/dev [netbsd-5-0]: rnd.c
Log Message:
Pull up following revision(s) (requested by pooka in ticket #948):
sys/dev/rnd.c: revision 1.74
rnd_wakeup_readers() uses rndpool_mtx for its own consistency
management, so it cannot be called with the mutex held. There is
no consistency requirement to synchronize over the whole add-and-wakeup
operation, as if data is consumed in the window the mutex is locked,
wakeups will simply be skipped.
fix from Juho Salminen in PR kern/42020.
To generate a diff of this commit:
cvs rdiff -u -r1.71 -r1.71.10.1 src/sys/dev/rnd.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.