From nobody Thu Sep 21 16:51:24 2023 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Rs1d852wHz4thLP; Thu, 21 Sep 2023 16:51:24 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Rs1d84c8Gz4ZR6; Thu, 21 Sep 2023 16:51:24 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1695315084; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=L8Dn9xSndywZrazHNKwIj5YH07bQFp6Dkc/ZhLM1uNY=; b=SurRqkt87MVwHRvtBc9f9spx0ICMrUjd6OBuQJUQcE/UaZb8ltv7QEETMz2GgnPcO0liEA Vk5FzJXg3SizkF97ZsNc4WwScI6LcZVfov9pOEvW8mi2iM8sM6OaXTNffP0ajibDbzvXmh sanvP2VcTqojd1C/7RLcJDofMv+1dO8uKHksyrExBRmW4LTHIOu8KOAtTZ37ByBPMYJ9hF MyhXXiI9dgecwFg8xCyz5A9mnGxWg8vRmvzmy+u64JIhj/XxZLbhJTM/gfH8yDK8h8VAfD aR97QH9dSVXYzTJj9Zh69OPIybOP3wVGcnBFtOo/7qjiotPSAutzarDBft25hQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1695315084; a=rsa-sha256; cv=none; b=OGhEsILMv6LEUdzoA2Lw5OGaaM7ZIywoYXq90OJbV0vfiirzWcbG9JK90qzJLdDXLf/nhU IfCl/cQYA4fqW5FrKt11B85ee/dD8+SJ1Fy/k2hlAzQYYJNbYRziFJEhwgDkSf+R+/ZTn+ DhFGm4MV43531q2bkDtgEWCSCj5swFmuGvy1a77PHcZ/eRVbml6nZbLdAEc5Cwm7FMZ2cx xOHJl0axKP2XjPDAB/g6Lf9qxXkvHjDYSz57K7eD19sxL9Q0e67cTYz0vL+mYLmIQ3W3qC zyGzYcG2nc16vH7/1yvu3gYDxdQF5tAqlXXSGKOT29aroVG4PAP8PGtcn08V3A== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1695315084; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=L8Dn9xSndywZrazHNKwIj5YH07bQFp6Dkc/ZhLM1uNY=; b=c/M2nCvNp/cZb5MjOJi02VPISUX3GnxEuqX9WbCPwJOhMcexqMwTNVLFGYefAv465Lrpjt 1sCVcrmVTUWBKbhGem+QuPHotyBQ4CQLL+hy+J+QYh/OCSNSb3H4P3eeWJG/RH2hgEtSVN R1NV4/wwDXTIYGxKFV6xEDNgn9Rr68Vxl3J2w5/FysUNzxdhXs4AGZHa9nOH+cN9ExzMMQ orGyRNDqyrHywpO4L7HlrGs876OkV5dLWuLJB2UcaLJ0FHrHysME+Qa4KDQ8fA2C4vEZrK WAavOC++QCgFIH/9rIR4eNAycIqCWd4HykQwn6L0bBzMxSYzZfnDjWtA4t/i5w== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Rs1d83gVxzmf4; Thu, 21 Sep 2023 16:51:24 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 38LGpOSc036343; Thu, 21 Sep 2023 16:51:24 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 38LGpOKm036340; Thu, 21 Sep 2023 16:51:24 GMT (envelope-from git) Date: Thu, 21 Sep 2023 16:51:24 GMT Message-Id: <202309211651.38LGpOKm036340@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: "Jason A. Harmening" Subject: git: 67864268da53 - main - devfs: add integrity asserts for cdevp_list List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: jah X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 67864268da53b792836f13be10299de8cd62997e Auto-Submitted: auto-generated The branch main has been updated by jah: URL: https://cgit.FreeBSD.org/src/commit/?id=67864268da53b792836f13be10299de8cd62997e commit 67864268da53b792836f13be10299de8cd62997e Author: Jason A. Harmening AuthorDate: 2023-09-19 13:44:34 +0000 Commit: Jason A. Harmening CommitDate: 2023-09-21 16:51:12 +0000 devfs: add integrity asserts for cdevp_list It's possible for misuse of cdev KPIs or for bugs in devfs itself to result in e.g. a cdev object's container being freed while still on the global list used to populate each devfs mount; see PR 273418 for a recent example. Since a node may be marked inactive well before it is reaped from the list, add a new flag solely to track list membership, and employ it in some basic list integrity assertions to catch bad actors. Discussed with: kib, mjg MFC after: 1 week --- sys/fs/devfs/devfs_devs.c | 12 +++++++++++- sys/fs/devfs/devfs_int.h | 1 + sys/fs/devfs/devfs_vnops.c | 4 ++++ sys/kern/kern_conf.c | 2 ++ 4 files changed, 18 insertions(+), 1 deletion(-) diff --git a/sys/fs/devfs/devfs_devs.c b/sys/fs/devfs/devfs_devs.c index c6efd0d421b1..db879efe803a 100644 --- a/sys/fs/devfs/devfs_devs.c +++ b/sys/fs/devfs/devfs_devs.c @@ -175,6 +175,9 @@ devfs_free(struct cdev *cdev) struct cdev_priv *cdp; cdp = cdev2priv(cdev); + KASSERT((cdp->cdp_flags & (CDP_ACTIVE | CDP_ON_ACTIVE_LIST)) == 0, + ("%s: cdp %p (%s) still on active list", + __func__, cdp, cdev->si_name)); if (cdev->si_cred != NULL) crfree(cdev->si_cred); devfs_free_cdp_inode(cdp->cdp_inode); @@ -516,6 +519,9 @@ devfs_populate_loop(struct devfs_mount *dm, int cleanup) dev_lock(); TAILQ_FOREACH(cdp, &cdevp_list, cdp_list) { KASSERT(cdp->cdp_dirents != NULL, ("NULL cdp_dirents")); + KASSERT((cdp->cdp_flags & CDP_ON_ACTIVE_LIST) != 0, + ("%s: cdp %p (%s) should not be on active list", + __func__, cdp, cdp->cdp_c.si_name)); /* * If we are unmounting, or the device has been destroyed, @@ -547,6 +553,7 @@ devfs_populate_loop(struct devfs_mount *dm, int cleanup) if (!(cdp->cdp_flags & CDP_ACTIVE)) { if (cdp->cdp_inuse > 0) continue; + cdp->cdp_flags &= ~CDP_ON_ACTIVE_LIST; TAILQ_REMOVE(&cdevp_list, cdp, cdp_list); dev_unlock(); dev_rel(&cdp->cdp_c); @@ -698,7 +705,10 @@ devfs_create(struct cdev *dev) dev_lock_assert_locked(); cdp = cdev2priv(dev); - cdp->cdp_flags |= CDP_ACTIVE; + KASSERT((cdp->cdp_flags & CDP_ON_ACTIVE_LIST) == 0, + ("%s: cdp %p (%s) already on active list", + __func__, cdp, dev->si_name)); + cdp->cdp_flags |= (CDP_ACTIVE | CDP_ON_ACTIVE_LIST); cdp->cdp_inode = alloc_unrl(devfs_inos); dev_refl(dev); TAILQ_INSERT_TAIL(&cdevp_list, cdp, cdp_list); diff --git a/sys/fs/devfs/devfs_int.h b/sys/fs/devfs/devfs_int.h index 32c6fb414250..916297425b53 100644 --- a/sys/fs/devfs/devfs_int.h +++ b/sys/fs/devfs/devfs_int.h @@ -55,6 +55,7 @@ struct cdev_priv { #define CDP_ACTIVE (1 << 0) #define CDP_SCHED_DTR (1 << 1) #define CDP_UNREF_DTR (1 << 2) +#define CDP_ON_ACTIVE_LIST (1 << 3) u_int cdp_inuse; u_int cdp_maxdirent; diff --git a/sys/fs/devfs/devfs_vnops.c b/sys/fs/devfs/devfs_vnops.c index 2f700f9dad25..1df7d13be919 100644 --- a/sys/fs/devfs/devfs_vnops.c +++ b/sys/fs/devfs/devfs_vnops.c @@ -1664,6 +1664,10 @@ devfs_revoke(struct vop_revoke_args *ap) dev_lock(); cdp->cdp_inuse--; if (!(cdp->cdp_flags & CDP_ACTIVE) && cdp->cdp_inuse == 0) { + KASSERT((cdp->cdp_flags & CDP_ON_ACTIVE_LIST) != 0, + ("%s: cdp %p (%s) not on active list", + __func__, cdp, dev->si_name)); + cdp->cdp_flags &= ~CDP_ON_ACTIVE_LIST; TAILQ_REMOVE(&cdevp_list, cdp, cdp_list); dev_unlock(); dev_rel(&cdp->cdp_c); diff --git a/sys/kern/kern_conf.c b/sys/kern/kern_conf.c index d6063696c85b..a7c22b7d118a 100644 --- a/sys/kern/kern_conf.c +++ b/sys/kern/kern_conf.c @@ -119,6 +119,8 @@ dev_free_devlocked(struct cdev *cdev) cdp = cdev2priv(cdev); KASSERT((cdp->cdp_flags & CDP_UNREF_DTR) == 0, ("destroy_dev() was not called after delist_dev(%p)", cdev)); + KASSERT((cdp->cdp_flags & CDP_ON_ACTIVE_LIST) == 0, + ("%s: cdp %p (%s) on active list", __func__, cdp, cdev->si_name)); TAILQ_INSERT_HEAD(&cdevp_free_list, cdp, cdp_list); }