The branch stable/14 has been updated by markj:
URL:
https://cgit.FreeBSD.org/src/commit/?id=ffb4d077710ae1a61dabc362b0963fc62642f0c9
commit ffb4d077710ae1a61dabc362b0963fc62642f0c9
Author: Mark Johnston <ma...@freebsd.org>
AuthorDate: 2025-02-14 15:49:27 +0000
Commit: Mark Johnston <ma...@freebsd.org>
CommitDate: 2025-03-07 22:51:48 +0000
ktr: Use STAILQ_EMPTY_ATOMIC when checking for records in ktr_drain()
This is an unlocked check, and after commit 34740937f7a4 the debug
checks in STAILQ_EMPTY may spuriously fail here. In particular, the per
process queue is updated under the global ktrace mutex, not held in
ktr_drain(). If a record is enqueued concurrently, the recording thread
will schedule an AST to drain the queue again, so it should not be
possible for a race to leave records in the queue indefinitely.
Reviewed by: kib, olce
Reported by: syzbot+d67eddd8c4923ee28...@syzkaller.appspotmail.com
MFC after: 2 weeks
Fixes: 34740937f7a4 ("queue: New debug macros for STAILQ")
Differential Revision: https://reviews.freebsd.org/D48899
(cherry picked from commit 36631977d8c9264b7a54f039289918adea4d2a03)
---
sys/kern/kern_ktrace.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sys/kern/kern_ktrace.c b/sys/kern/kern_ktrace.c
index 2b311f2d36dc..3d3cbbd29c6f 100644
--- a/sys/kern/kern_ktrace.c
+++ b/sys/kern/kern_ktrace.c
@@ -396,7 +396,7 @@ ktr_drain(struct thread *td)
STAILQ_INIT(&local_queue);
- if (!STAILQ_EMPTY(&td->td_proc->p_ktr)) {
+ if (!STAILQ_EMPTY_ATOMIC(&td->td_proc->p_ktr)) {
mtx_lock(&ktrace_mtx);
STAILQ_CONCAT(&local_queue, &td->td_proc->p_ktr);
mtx_unlock(&ktrace_mtx);
