From nobody Thu Oct 05 15:10:16 2023
X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4S1Zk11V74z4vjjv;
	Thu,  5 Oct 2023 15:10:17 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4S1Zk1141Zz4XBn;
	Thu,  5 Oct 2023 15:10:17 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1696518617;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=7x8som8QDy264UGe78DPPZQPuEh/YWY8q7fyX5Hz8nI=;
	b=ZZ4bHuACU9dYn2G4wwoduPNGvoXL9+bfV7yQqPKPvLP5DUR480DfGCNkfqA29dWxfAx8ki
	YapWSHoemDK7Pp0SN54ZTa6JTTrK363NKlQuAvY/1b7zY2JJMZDPG0O0/JAFcb3XlBhWbi
	33fm2SHU7FmYkzDg6wwggKxQR5BHQN7pKAg7YR2aMQQ/qH2RqVEvflSOSKYTcsWdMAS+8j
	KwSdQmljZNgAWIvDlXT1fZ+2CoVMEPHfPK9bYJjEqDfQluGEKdICtigtp4urw0vHQ/A/gB
	3HH2hNru/tHQ97niLJAyhZCTyuVN1tsZJ6JIGvZJ5ctZxrfAYFfxOE3EmZ2g7Q==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1696518617; a=rsa-sha256; cv=none;
	b=ZQ7ZeY/bC5VU6zdLcPgeIOzf2cJTSNUwq7Wk3KkdCdUGbSPkn2bn2AwKgrbMjU8doU7iRn
	5nFAWodXAgJHIJB7KSQmmoKOlq1xAr/QvPuMU3pqq+g3+fbYFBWiIHGIijIsxV7Ty4Kzjt
	fkX+BJwjwQdn5WYte9pwr1dzE18spWNPrTd4cTbo8r5iWqRZdmHV86QFVos5UpgbsmMOnm
	lf3J+s5EHfr+hSPTdiXoyCoFjkumLgfk6byw4R7cYA4iE1AsxvWSnP+aFnu/n7pY1vXkBO
	PJzvRsE1yBOtjVSPEfD+GHpBe7PSqUVAqi22jCCQAPSnL55oCPPNaLlCo8Dy3g==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1696518617;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=7x8som8QDy264UGe78DPPZQPuEh/YWY8q7fyX5Hz8nI=;
	b=c94AyCipsOegrU4NZ55StJE3POfkIEcHVkSRpDeOKekeLMAT1+hXkRT4Mn5RHgkxcZmy2o
	SA1NSfrsZYI/lMJs2W5bnvK184PU+fgoZSxcv94r+5n7m/VtAk9lsy4tTr72JBL2hr0Y1K
	dlpXfaT8Q1mthF+1tw/o98GwHw74Dy9SdoxGorSRkuXVVshj0rbJ5zfHgv2Oi4hvak2bFH
	5nMeadodFWRX2b/muTYjVPmiXUrGwC9hDDiE41peQH6MHTp3uZe7NhrC1T3bn735oh+mbh
	bgxvdZum+TzMsYbgvBVg1tiqJiGLDfuMFWciSSwYPrNmCGAGDVSWC2qNI7yuVg==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4S1Zk106dDz1PWx;
	Thu,  5 Oct 2023 15:10:17 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 395FAGWL070775;
	Thu, 5 Oct 2023 15:10:16 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 395FAGg9070770;
	Thu, 5 Oct 2023 15:10:16 GMT
	(envelope-from git)
Date: Thu, 5 Oct 2023 15:10:16 GMT
Message-Id: <202310051510.395FAGg9070770@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Mark Johnston <markj@FreeBSD.org>
Subject: git: e1105ded372d - releng/14.0 - unix: Fix a lock order
  reveral
List-Id: Commit messages for all branches of the src repository <dev-commits-src-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all
List-Help: <mailto:dev-commits-src-all+help@freebsd.org>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@freebsd.org>
Sender: owner-dev-commits-src-all@freebsd.org
X-BeenThere: dev-commits-src-all@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: markj
X-Git-Repository: src
X-Git-Refname: refs/heads/releng/14.0
X-Git-Reftype: branch
X-Git-Commit: e1105ded372d6993cd8c14721a33c01fbe355111
Auto-Submitted: auto-generated

The branch releng/14.0 has been updated by markj:

URL: https://cgit.FreeBSD.org/src/commit/?id=e1105ded372d6993cd8c14721a33c01fbe355111

commit e1105ded372d6993cd8c14721a33c01fbe355111
Author:     Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2023-09-27 12:24:11 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2023-10-05 14:01:14 +0000

    unix: Fix a lock order reveral
    
    Running the test suite yields:
    
    lock order reversal:
     1st 0xfffff80004bc6700 unp (unp, sleep mutex) @ sys/kern/uipc_usrreq.c:390
     2nd 0xffffffff81a94b30 unp_link_rwlock (unp_link_rwlock, rw) @ sys/kern/uipc_usrreq.c:2934
    lock order unp -> unp_link_rwlock attempted at:
    0xffffffff80bc216e at witness_checkorder+0xbbe
    0xffffffff80b493a5 at _rw_wlock_cookie+0x65
    0xffffffff80c0a8e2 at unp_discard+0x22
    0xffffffff80c0a888 at unp_freerights+0x38
    0xffffffff80c09fdd at unp_scan+0x9d
    0xffffffff80c0f9a7 at uipc_sosend_dgram+0x727
    0xffffffff80c00a79 at sousrsend+0x79
    0xffffffff80c072d0 at kern_sendit+0x1c0
    0xffffffff80c074d7 at sendit+0xb7
    0xffffffff80c076f3 at sys_sendmsg+0x63
    0xffffffff8104d957 at amd64_syscall+0x6b7
    0xffffffff8101f9eb at fast_syscall_common+0xf8
    
    This happens when uipc_sosend_dgram() discards a control message because
    the receive socket buffer is full.  The overflow handling frees
    internalized file references in the socket buffer before freeing mbufs.
    It does this with socket PCBs locked, leading to the LOR.  Defer
    handling of file references until the PCBs are unlocked.
    
    Approved by:    re (gjb)
    Reviewed by:    glebius
    MFC after:      1 week
    Differential Revision:  https://reviews.freebsd.org/D41884
    
    (cherry picked from commit 61a14ddfe012ca7b57a101725e5c654269f200ca)
    (cherry picked from commit 20c494a9d3f20e2942c99ca517d0e983a0ac73e8)
---
 sys/kern/uipc_usrreq.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/sys/kern/uipc_usrreq.c b/sys/kern/uipc_usrreq.c
index 291ff7cf8cae..f12693f3982a 100644
--- a/sys/kern/uipc_usrreq.c
+++ b/sys/kern/uipc_usrreq.c
@@ -1332,8 +1332,10 @@ uipc_sosend_dgram(struct socket *so, struct sockaddr *addr, struct uio *uio,
 	} else {
 		soroverflow_locked(so2);
 		error = ENOBUFS;
-		if (f->m_next->m_type == MT_CONTROL)
-			unp_scan(f->m_next, unp_freerights);
+		if (f->m_next->m_type == MT_CONTROL) {
+			c = f->m_next;
+			f->m_next = NULL;
+		}
 	}
 
 	if (addr != NULL)