1
0
mirror of https://git.FreeBSD.org/src.git synced 2025-01-06 13:09:50 +00:00
freebsd/sys/kern
Konstantin Belousov 90a017ba64 It seems that there are at least three issues with IPC_RMID operation
on SysV semaphores.

  The squeeze of the semaphore array in the kern_semctl() modifies
  sem_base for the semaphores with sem_base greater then sem_base of
  the removed semaphore, as well as the values of the semaphores,
  without locking their mutex. This can lead to (killable) hangs or
  unexpected behaviour of the processes performing any sem operations
  while other process does IPC_RMID.

  The semexit_myhook() eventhandler unlocks SEMUNDO_LOCK() while
  accessing *suptr. This allows for IPC_RMID for the sem id to be
  performed in parallel with undo hook referenced by the current undo
  structure. This leads to the panic("semexit - semid not allocated") [1].

  The semaphore creation is protected by Giant, while IPC_RMID is done
  while only semaphore mutex is held. This seems to result in invalid
  values for semtot, causing random ENOSPC error returns [2].

Redo the locking of the semaphores lifetime cycle. Delegate the
sem_mtx to the sole purpose of protecting semget() and
semctl(IPC_RMID). Introduce new sem_undo_mtx to protect SEM_UNDO
handling. Remove the Giant remnants from the code.
Note that  mac_sysvsem_check_semget() and mac_sysvsem_create() are
now called while sem_mtx is held, as well as mac_sysvsem_cleanup() [3].

When semaphore is removed, acquire semaphore locks for all semaphores
with sem_base that is going to be changed by squeeze of the sema
array. The lock order is not important there, because the region is
protected by sem_mtx.

Organize both used and free sem_undo structures into the lists,
protected by sem_undo_mtx. In semexit_myhook(), remove sem_undo
structure that is being processed, from used list, without putting it
onto the free to prevent modifications by other threads. This allows
for sem_undo_lock to be dropped to acquire individial semaphore locks
without violating lock order. Since IPC_RMID may no longer find this
sem_undo, do tolerate references to unallocated semaphores in undo
structure, and check sequential number to not undo unrelated semaphore
with the same id.

While there, convert functions definitions to ANSI C and fix small
style(9) glitches.

Reported by:	Omer Faruk Sen <omerfsen gmail com> [1], pho [2]
Reviewed by:	rwatson [3]
Tested by:	pho
MFC after:	1 month
2009-01-14 15:20:13 +00:00
..
bus_if.m Allow device hints to wire the unit numbers of devices. 2008-11-18 21:01:54 +00:00
clock_if.m
cpufreq_if.m
device_if.m
genassym.sh refactor code so it can run in a chroot without having to have /dev/mounted 2008-01-18 17:02:14 +00:00
imgact_aout.c Add sv_flags field to struct sysentvec with intention to provide description 2008-11-22 12:36:15 +00:00
imgact_elf32.c
imgact_elf64.c
imgact_elf.c Remove sysctl debug.elf_trace and the trace field in auxargs. They go 2008-12-17 16:54:29 +00:00
imgact_gzip.c VOP_LOCK1() (and so VOP_LOCK()) and VOP_UNLOCK() are only used in 2008-01-13 14:44:15 +00:00
imgact_shell.c Decontextualize the couplet VOP_GETATTR / VOP_SETATTR as the passed thread 2008-08-28 15:23:18 +00:00
inflate.c
init_main.c Rename three MAC entry points from _proc_ to _cred_ to reflect the fact 2008-10-28 11:33:06 +00:00
init_sysent.c Regenerate system call tables for r184789. 2008-11-09 10:48:06 +00:00
kern_acct.c Properly lock proctree_lock before locking the process while accounting. 2008-08-21 15:02:17 +00:00
kern_alq.c Use msleep_spin() instead of unlock/tsleep/lock. This was 2008-07-02 20:44:33 +00:00
kern_clock.c Implement per-cpu callout threads, wheels, and locks. 2008-04-02 11:20:30 +00:00
kern_condvar.c - Don't do a WITNESS_SAVE() on the interlock if it is Giant in the condition 2008-09-25 13:42:19 +00:00
kern_conf.c Explicitely note that destroy_dev() sleeps. 2008-11-27 16:47:25 +00:00
kern_cons.c Reimplement the /dev/console device node. 2008-11-01 08:35:28 +00:00
kern_context.c
kern_cpu.c If possible, try to obtain max_mhz on cpufreq attach instead of first request. 2008-12-16 01:24:05 +00:00
kern_cpuset.c MFp4: 2008-11-29 14:32:14 +00:00
kern_ctf.c Add the CTF source file which gets shared with link_elf.c and link_elf_obj.c. 2008-05-23 03:04:27 +00:00
kern_descrip.c Clear the pointers to the file in the struct filedesc before file is closed 2008-12-30 12:51:56 +00:00
kern_dtrace.c Remove code that isn't required. It actually breaks the case where KDTRACE_HOOKS 2008-06-16 04:44:29 +00:00
kern_environment.c Implement the following macros for completeness: 2008-07-21 15:05:25 +00:00
kern_event.c Fix a number of style issues in the MALLOC / FREE commit. I've tried to 2008-10-23 20:26:15 +00:00
kern_exec.c Several threads in a process may do vfork() simultaneously. Then, all 2008-12-05 20:50:24 +00:00
kern_exit.c Several threads in a process may do vfork() simultaneously. Then, all 2008-12-05 20:50:24 +00:00
kern_fork.c Several threads in a process may do vfork() simultaneously. Then, all 2008-12-05 20:50:24 +00:00
kern_idle.c In keeping with style(9)'s recommendations on macros, use a ';' 2008-03-16 10:58:09 +00:00
kern_intr.c style(9) 2008-09-23 14:25:56 +00:00
kern_jail.c Back out r186615; the sanitizing of the pointers in the error case 2009-01-04 12:18:18 +00:00
kern_kthread.c Kill a dead variable 2008-08-03 21:07:19 +00:00
kern_ktr.c
kern_ktrace.c Fix a credential reference leak. [1] 2008-12-03 15:54:35 +00:00
kern_linker.c Conditionally compile out V_ globals while instantiating the appropriate 2008-12-10 23:12:39 +00:00
kern_lock.c Teach WITNESS about the interlocks used with lockmgr. This removes a bunch 2008-09-10 19:13:30 +00:00
kern_lockf.c Remove unused variable. 2008-11-27 04:40:37 +00:00
kern_malloc.c Enable the creation of a kmem map larger than 4GB. 2008-07-05 19:34:33 +00:00
kern_mbuf.c Temporary workaround for the limitations of the mbuf flowid field: zero 2009-01-01 20:03:01 +00:00
kern_mib.c Step 1.5 of importing the network stack virtualization infrastructure 2008-10-02 15:37:58 +00:00
kern_module.c When the SYSINIT() to load a module invokes the MOD_LOAD event successfully, 2008-12-05 16:47:30 +00:00
kern_mtxpool.c Fix a number of style issues in the MALLOC / FREE commit. I've tried to 2008-10-23 20:26:15 +00:00
kern_mutex.c Teach WITNESS about the interlocks used with lockmgr. This removes a bunch 2008-09-10 19:13:30 +00:00
kern_ntptime.c In keeping with style(9)'s recommendations on macros, use a ';' 2008-03-16 10:58:09 +00:00
kern_osd.c Update ZFS from version 6 to 13 and bring some FreeBSD-specific changes. 2008-11-17 20:49:29 +00:00
kern_physio.c
kern_pmc.c Support sparsely numbered CPUs. 2008-09-22 10:37:02 +00:00
kern_poll.c Order #includes - also to reduce diffs with vimage branches in p4. 2008-12-11 16:09:31 +00:00
kern_priv.c Remove the suser(9) interface from the kernel. It has been replaced from 2008-09-17 15:49:44 +00:00
kern_proc.c vm_map_lock_read() does not increment map->timestamp, so we should 2008-12-29 12:45:11 +00:00
kern_prot.c The userland_sysctl() function retries sysctl_root() until returned 2008-12-12 12:06:28 +00:00
kern_resource.c Don't rearm callout if the process is exiting, it may leak a callout 2008-10-24 01:09:24 +00:00
kern_rmlock.c Teach WITNESS about the interlocks used with lockmgr. This removes a bunch 2008-09-10 19:13:30 +00:00
kern_rwlock.c add RW_SYSINIT_FLAGS macro and rw_sysinit_flags initialization function 2008-12-08 21:46:55 +00:00
kern_sdt.c Add kernel support for the Statically Defined Trace provider. 2008-05-18 19:32:36 +00:00
kern_sema.c
kern_shutdown.c It's possible that the dump device has gone away after it was 2008-11-23 21:05:22 +00:00
kern_sig.c Revert rev 184216 and 184199, due to the way the thread_lock works, 2008-11-05 03:01:23 +00:00
kern_subr.c Make ureadc() warn when holding any locks, just like uiomove(). 2008-08-28 19:34:58 +00:00
kern_switch.c fix typo in runz_fuzz 2008-05-12 06:42:06 +00:00
kern_sx.c Teach WITNESS about the interlocks used with lockmgr. This removes a bunch 2008-09-10 19:13:30 +00:00
kern_synch.c - Forward port flush of page table updates on context switch or userret 2008-10-19 01:35:27 +00:00
kern_syscalls.c Various style fixes. 7 space indent is just odd. 2008-09-18 20:10:11 +00:00
kern_sysctl.c Don't clobber sysctl_root()'s error number. 2009-01-01 00:19:51 +00:00
kern_tc.c In keeping with style(9)'s recommendations on macros, use a ';' 2008-03-16 10:58:09 +00:00
kern_thr.c Add sv_flags field to struct sysentvec with intention to provide description 2008-11-22 12:36:15 +00:00
kern_thread.c Update ZFS from version 6 to 13 and bring some FreeBSD-specific changes. 2008-11-17 20:49:29 +00:00
kern_time.c In realtimer_delete(), clear timer's value and interval to tell 2008-10-20 02:37:53 +00:00
kern_timeout.c Add a new KTR tracepoint in the KTR_CALLOUT class to note when a callout 2009-01-13 15:56:53 +00:00
kern_umtx.c Add two commands to _umtx_op system call to allow a simple mutex to be 2008-06-24 07:32:12 +00:00
kern_uuid.c Rather than using hidden includes (with cicular dependencies), 2008-12-02 21:37:28 +00:00
kern_vimage.c Conditionally compile out V_ globals while instantiating the appropriate 2008-12-10 23:12:39 +00:00
kern_xxx.c Fix compilation. Also move ogetkerninfo() to kern_xxx.c. 2008-12-29 19:24:00 +00:00
ksched.c
link_elf_obj.c Calling linker_load_dependencies() while holding the module' 2008-08-03 13:33:45 +00:00
link_elf.c Calling linker_load_dependencies() while holding the module' 2008-08-03 13:33:45 +00:00
linker_if.m Add the ctf_get method. 2008-05-23 04:06:49 +00:00
Make.tags.inc Catch up with the disappearance of sys/dev/hfa. 2008-12-01 14:34:42 +00:00
Makefile style.Makefile(5) 2007-12-14 21:30:51 +00:00
makesyscalls.sh Tidy up a few things with syscall generation: 2008-09-25 20:07:42 +00:00
md4c.c
md5c.c
p1003_1b.c Remove kernel support for M:N threading. 2008-03-12 10:12:01 +00:00
posix4_mib.c
sched_4bsd.c When choosing a CPU for a thread in a cpuset, prefer the last CPU that the 2008-07-28 20:39:21 +00:00
sched_ule.c Add missing newlines to flags tags of CPU topology, for prettier 2008-12-23 16:19:59 +00:00
serdev_if.m
stack_protector.c Fix a chicken-and-egg problem: this files implements SSP support, 2008-06-26 07:52:45 +00:00
subr_acl_posix1e.c Rename a variable missed in previous accmode_t-related commits. 2008-10-28 21:58:48 +00:00
subr_autoconf.c If run_interrupt_driven_config_hooks() waits 360 seconds and INVARIANTS 2008-07-21 20:50:49 +00:00
subr_blist.c Retire the MALLOC and FREE macros. They are an abomination unto style(9). 2008-10-23 15:53:51 +00:00
subr_bufring.c - bump __FreeBSD version to reflect added buf_ring, memory barriers, 2008-11-22 05:55:56 +00:00
subr_bus.c Allow device hints to wire the unit numbers of devices. 2008-11-18 21:01:54 +00:00
subr_clist.c Now that the number of clist consumers have dropped massively, trim down 2008-09-21 18:12:18 +00:00
subr_clock.c Now that all platforms use genclock, shuffle things around slightly 2008-04-22 19:38:30 +00:00
subr_devstat.c
subr_disk.c
subr_eventhandler.c In keeping with style(9)'s recommendations on macros, use a ';' 2008-03-16 10:58:09 +00:00
subr_fattime.c
subr_firmware.c Avoid scheduling firmware taskqs when cold. 2008-11-11 12:25:08 +00:00
subr_hints.c
subr_kdb.c Expand kdb_alt_break a little, most commonly used with the option 2008-05-04 23:29:38 +00:00
subr_kobj.c Modularize the Open Firmware client interface to allow run-time switching 2008-12-20 00:33:10 +00:00
subr_lock.c - track maximum wait time 2008-07-27 21:45:20 +00:00
subr_log.c In keeping with style(9)'s recommendations on macros, use a ';' 2008-03-16 10:58:09 +00:00
subr_mbpool.c
subr_mchain.c Replaced the misleading uses of a historical artefact M_TRYWAIT with M_WAIT. 2008-03-25 09:39:02 +00:00
subr_module.c
subr_msgbuf.c
subr_param.c Document the relationship between enum VM_GUEST and the vm_guest_sysctl_names 2008-12-30 23:49:54 +00:00
subr_pcpu.c Make ddb command registration dynamic so modules can extend 2008-09-15 22:45:14 +00:00
subr_power.c
subr_prf.c Revert r185891. 2008-12-21 21:54:01 +00:00
subr_prof.c In keeping with style(9)'s recommendations on macros, use a ';' 2008-03-16 10:58:09 +00:00
subr_rman.c Trivially avoid a null pointer dereference when drivers 2008-10-22 18:20:45 +00:00
subr_rtc.c Now that all platforms use genclock, shuffle things around slightly 2008-04-22 19:38:30 +00:00
subr_sbuf.c Switch to simplified BSD license (with phk's approval), plus whitespace 2008-08-09 10:26:21 +00:00
subr_scanf.c
subr_sleepqueue.c Revision 184199 had not been fully reverted, add missing piece. 2008-12-01 01:54:55 +00:00
subr_smp.c Adjust the license statement to more closely match a standard 3-clause BSD 2008-11-03 21:17:02 +00:00
subr_stack.c Make it possible to compile kernel with KTR but without DDB. 2008-10-30 21:48:28 +00:00
subr_taskqueue.c revert local change 2008-07-18 07:10:33 +00:00
subr_trap.c - Bug fix: prevent a thread from migrating between CPUs between the 2008-12-13 13:07:12 +00:00
subr_turnstile.c Make ddb command registration dynamic so modules can extend 2008-09-15 22:45:14 +00:00
subr_unit.c Since cdev mutex is after system map mutex in global lock order, free() 2007-07-04 06:56:58 +00:00
subr_witness.c - convert radix node head lock from mutex to rwlock 2008-12-07 21:15:43 +00:00
sys_generic.c Reverse if() logic to improve readability. 2008-09-23 14:25:38 +00:00
sys_pipe.c Several cleanups related to pipe(2). 2008-11-11 14:55:59 +00:00
sys_process.c Revert rev 184216 and 184199, due to the way the thread_lock works, 2008-11-05 03:01:23 +00:00
sys_socket.c Lock receive socket buffer in soo_stat() rather than commenting that we 2008-10-07 07:10:28 +00:00
syscalls.c Regenerate system call tables for r184789. 2008-11-09 10:48:06 +00:00
syscalls.master Mark uname(), getdomainname() and setdomainname() with COMPAT_FREEBSD4. 2008-11-09 10:45:13 +00:00
systrace_args.c Regenerate system call tables for r184789. 2008-11-09 10:48:06 +00:00
sysv_ipc.c Eliminate now-unused SUSER_ALLOWJAIL arguments to priv_check_cred(); in 2007-06-12 00:12:01 +00:00
sysv_msg.c Merge first in a series of TrustedBSD MAC Framework KPI changes 2007-10-24 19:04:04 +00:00
sysv_sem.c It seems that there are at least three issues with IPC_RMID operation 2009-01-14 15:20:13 +00:00
sysv_shm.c Make sure we restrict Linux only IPC calls from being executed 2008-02-12 20:55:03 +00:00
tty_compat.c Fix an awful bug inside our COMPAT_43TTY code. 2008-09-04 16:30:53 +00:00
tty_info.c Integrate the new MPSAFE TTY layer to the FreeBSD operating system. 2008-08-20 08:31:58 +00:00
tty_inq.c Fix some edge cases in the TTY queues: 2008-08-30 09:18:27 +00:00
tty_outq.c Fix some edge cases in the TTY queues: 2008-08-30 09:18:27 +00:00
tty_pts.c Set PTS_FINISHED before waking up any threads. 2008-12-21 21:16:57 +00:00
tty_pty.c Allow the user to suppress the rate-limited pty(4) warning. 2008-08-23 16:03:00 +00:00
tty_tty.c Remove unneeded Giant locking of /dev/tty. 2008-06-03 12:38:00 +00:00
tty_ttydisc.c Don't forget to relock the TTY after uiomove() returns an error. 2008-11-12 09:04:44 +00:00
tty.c Fix a corner case in my previous commit. 2009-01-02 23:39:29 +00:00
uipc_accf.c Retire the MALLOC and FREE macros. They are an abomination unto style(9). 2008-10-23 15:53:51 +00:00
uipc_cow.c Extend the struct vm_page wire_count to u_int to avoid the overflow 2009-01-03 13:24:08 +00:00
uipc_debug.c Remove two further uses (debugging and NULLing) of pr_ousrreq, missed due 2009-01-04 19:16:36 +00:00
uipc_domain.c Remove Giant locking from domains list. 2009-01-04 19:22:53 +00:00
uipc_mbuf2.c Merge first in a series of TrustedBSD MAC Framework KPI changes 2007-10-24 19:04:04 +00:00
uipc_mbuf.c Remove the alignment of the align parameter. This is up to the caller to pass 2008-09-05 04:05:31 +00:00
uipc_mqueue.c Fix matching of message queues by name. 2008-11-28 14:53:18 +00:00
uipc_sem.c Rework the lifetime management of the kernel implementation of POSIX 2008-06-27 05:39:04 +00:00
uipc_shm.c Shared memory objects that have size which is not necessarily equal to 2008-12-01 22:33:50 +00:00
uipc_sockbuf.c Rewrite sbreserve_locked()'s comment on NULL thread pointers, eliminating 2008-10-07 09:51:39 +00:00
uipc_socket.c Make sure nmbclusters are initialized before maxsockets 2008-12-10 22:17:09 +00:00
uipc_syscalls.c Retire the MALLOC and FREE macros. They are an abomination unto style(9). 2008-10-23 15:53:51 +00:00
uipc_usrreq.c White space and comment tweaks. 2009-01-01 20:03:22 +00:00
vfs_acl.c Add the support for the AT_FDCWD and fd-relative name lookups to the 2008-03-31 12:01:21 +00:00
vfs_aio.c - Add 32-bit compat system calls for VFS_AIO. The system calls live in the 2008-12-10 20:56:19 +00:00
vfs_bio.c Remove the struct thread unuseful argument from bufobj interface. 2008-10-10 21:23:50 +00:00
vfs_cache.c In r185557, the check for existing negative entry for the given name 2008-12-30 12:51:14 +00:00
vfs_cluster.c - Complete part of the unfinished bufobj work by consistently using 2008-03-22 09:15:16 +00:00
vfs_default.c Add a new VOP, VOP_VPTOCNP, which translates a vnode to its component name 2008-12-12 00:57:38 +00:00
vfs_export.c drop rnh lock before destroying it 2008-12-28 14:32:27 +00:00
vfs_extattr.c Do not call namei() while having another user-controlled vnode 2009-01-08 12:47:30 +00:00
vfs_hash.c In keeping with style(9)'s recommendations on macros, use a ';' 2008-03-16 10:58:09 +00:00
vfs_init.c
vfs_lookup.c Do not return success and doomed vnode from lookup. LK_UPGRADE allows 2008-12-18 11:58:12 +00:00
vfs_mount.c 1) Fix a deadlock in the VFS: 2008-12-16 23:16:10 +00:00
vfs_subr.c 1) Fix a deadlock in the VFS: 2008-12-16 23:16:10 +00:00
vfs_syscalls.c Prevent overflow of uio_resid. 2008-12-27 10:13:43 +00:00
vfs_vnops.c Improve KASSERT() call a bit: 2008-11-29 12:40:14 +00:00
vnode_if.src Add a new VOP, VOP_VPTOCNP, which translates a vnode to its component name 2008-12-12 00:57:38 +00:00