Reported-by: syzbot+0bfe9054ab0e70ab02e6@syzkaller.appspotmail.com
Reported-by: syzbot+f2c5459483e60dd2c877@syzkaller.appspotmail.com
Reported-by: syzbot+d932ddf0ec7e30784ca8@syzkaller.appspotmail.com
Note: The evidence from
https://syzkaller.appspot.com/bug?id=19e1c8779bb0e020188ca80a586e470b59d7525d
suggests in the stack trace that the syscall was 16, which is chown.
This is not accurate; it happens because the x86 syscall logic sets
rax in the trapframe to the return value (in this case, 16 is EBUSY)
_before_ calling userret which does the lockdebug checks, and ddb
uses the trapframe's rax to show what the syscall number was when
printing its stack trace:
[ 104.0605877] Mutex error: lwp_exit,1084: sleep lock held
[ 104.0605877] lock address : 0xffffd9801269e050 type : sleep/adaptive
...
[ 104.5005727] syscall() at netbsd:syscall+0x323 sys/arch/x86/x86/syscall.c:92
[ 104.5115909] --- syscall (number 16) ---
XXX Maybe we should record the syscall number elsewhere so this is
not so confusing -- second time in 24h I've been bitten by this, and
in a different way.
to avoid a circular dependency as noted in kern/56772. Retain minimal
modules of the original names to accomodate auto-loading upon access
to the /dev/xxx nodes.
- Sort includes.
- Nix trailing whitespace.
- No parens for return.
- Blank line between declarations and statements.
- Note MP bug with unit allocation.
No functional change intended.
interfaces, make sure that initialization and destruction
follow the proper sequence. This is triggered by the recent
changes to the devsw stuff; per riastradh@ the required call
sequence is:
devsw_attach()
config_init_component() or config_cf*_attach()
...
config_fini_component() or config_cf*_detach()
devsw_detach()
While here, add a few missing calls to some of the detach
routines.
Testing of these changes has been limited to:
1. compile without build break
2. no related test failures from atf
3. modload/modunload work as well as
before.
No functional device testing done, since I don't have any
of these devices. Let me know of any damage I might cause
here!
XXX Some of the modules affected by this commit are already
XXX broken; see kern/56772. This commit does not break
any additional modules (as far as I know).
define a flag FILTEROP_ISFD that has the meaning of the prior f_isfd.
Field and flag name aligned with OpenBSD.
This does not constitute a functional or ABI change, as the field location
and size, and the value placed in that field, are the same as the previous
code, but we're bumping __NetBSD_Version__ so 3rd-party module source code
can adapt, as needed.
NetBSD 9.99.89
Apparently this breaks compiling some kernels, although how they ever
managed to link if midi_cd is not declared in ioconf.h, and therefore
presumably not defined in ioconf.c, is beyond me.
Maybe someone who knows how sequencer is supposed to work, and/or
someone who knows how arm kernels are linked, can figure this out...
This broke the module build, because it needs midi_cd which is defined
in another module and not declared by the ioconf.h generated from
sequencer.ioconf.
But... It also needs sequencer_cd, which is _also_ not declared by
the ioconf.h generated from sequencer.ioconf, nor defined in the
ioconf.c generated from sequencer.ioconf. Did this ever work???
kmem_alloc() with KM_SLEEP
kmem_zalloc() with KM_SLEEP
percpu_alloc()
pserialize_create()
psref_class_create()
all of these paths include an assertion that the allocation has not failed,
so callers should not assert that again.
devices.
- minor comment/debug clean ups.
fixes problems attempting to read or write from the right midi(4)
device using the sequencer(4) device when one or more of the
non-final devices fails to open with midiseq_open().
midi specific:
- add reference counting for midi operations, and ensure that
detach waits for other threads to complete before tearing
down the device completely.
- in detach, halt midi callouts before destroying them
- re-check sc->dying after sleeping in midiread()
- in real_writebytes(), make sure we're open and not dying
- make sure we drop the interrupt lock before calling any code
that may want to check thread locks. this is now safe due to
the above changes.
sequencer specific:
- avoid caching the midi softc in the sequencer softc. instead,
every time we want to use it, look it up again and make sure
it still exists.
this fixes various crashes i've seen in the usb midi code when
detaching the umidi while it is active.
designated initializers.
I have not built every extant kernel so I have probably broken at
least one build; however I've also found and fixed some wrong
cdevsw/bdevsw entries so even if so I think we come out ahead.
- change midi_attach() to omit the 'parent' arg (there are
only two callers of this and it is not used)
- change midisyn_attach() to midisyn_init(), so not needing a midi_softc,
and fix the midi_pcppi driver to set hw_if and hw_hdl directly in
its midi_softc before calling midi_attach()
- add a device_t to opl_softc structure, change opl drivers to store
the device 'self' in opl_softc and fix opl_attach() to use this
opl_softc->dev field directly rather than a field in an otherwise
unused midi_softc
- remove unnecessary midi_softc from opl and cms drivers (child device
provides that)
reviewed by mrg
the original ad-audiomp branch notes:
Add MP locking to the audio drivers.
Making the audio drivers MP safe is necessary before efforts
can be made to make the VM system MP safe.
The are two locks per device instance, an ISR lock and
a character device lock. The ISR lock replaces calls to
splaudio()/splx(), and will be held across calls to device
methods which were called at splaudio() before (e.g.
trigger_output). The character device lock is held across
calls to nearly all of the methods, excluding some only
used for initialization, e.g. get_locks.
Welcome to 5.99.57.
proclist_mutex and proclist_lock into a single adaptive mutex (proc_lock).
Implications:
- Inspecting process state requires thread context, so signals can no longer
be sent from a hardware interrupt handler. Signal activity must be
deferred to a soft interrupt or kthread.
- As the proc state locking is simplified, it's now safe to take exit()
and wait() out from under kernel_lock.
- The system spends less time at IPL_SCHED, and there is less lock activity.
- Add a lot of missing selinit() and seldestroy() calls.
- Merge selwakeup() and selnotify() calls into a single selnotify().
- Add an additional 'events' argument to selnotify() call. It will
indicate which event (POLL_IN, POLL_OUT, etc) happen. If unknown,
zero may be used.
Note: please pass appropriate value of 'events' where possible.
Proposed on: <tech-kern>
riastradh